Intelligent disposal decision method and system for violent attack events in key places based on deep learning
By using deep learning technology to generate response plans for violent attacks in key locations from a case library and a rule library, the problem of delayed response and non-standard plans in existing technologies is solved, and rapid and accurate decision support is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINESE PEOPLE'S PUBLIC SECURITY UNIVERSITY
- Filing Date
- 2026-02-02
- Publication Date
- 2026-06-23
AI Technical Summary
Existing technologies, when dealing with violent attacks in key locations, suffer from slow response times, poor process adaptability, and insufficient practicality in their solutions. They are unable to quickly generate compliant natural language solutions, resulting in low decision-making efficiency.
By employing a deep learning-based approach, the initial handling process is determined from the case library through attribute similarity. Combined with rule base correction and an improved table-to-text generation model, the structured handling process is converted into a natural language solution, realizing an integrated closed loop from event entry to solution output.
It shortens emergency response time, improves decision-making accuracy, reduces human experience bias, and generates solutions with clear logic and complete information, meeting the requirements for minute-level response.
Smart Images

Figure CN122265005A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of security management technology, and in particular to an intelligent decision-making method and system for handling violent attacks in key locations based on deep learning. Background Technology
[0002] Violent attacks on key locations can cause serious casualties and property damage, and are becoming increasingly diversified, covert, and technologically advanced. Extremist groups often target densely populated key locations or critical targets to launch attacks. Such incidents are characterized by their suddenness, rapid evolution, wide range of harm, and far-reaching social impact.
[0003] The existing decision-making model for handling violent attacks on key locations has significant limitations: First, the response process needs to be initiated within minutes after an incident to prevent the situation from escalating. However, traditional manual decision-making takes 1-2 hours from information gathering to plan formulation, which is far from meeting emergency needs. Second, different types of violent attacks on key locations (explosions, hijackings, arson, biological and chemical threats, drone interference, etc.), different levels of damage, and different scenarios require different response processes. For example, the focus, division of responsibilities, and resource requirements for handling "airport bombing incidents" and "government agency hijacking incidents" are fundamentally different, and existing methods cannot make targeted decisions for different scenarios. Summary of the Invention
[0004] The purpose of this application is to provide a method and system for intelligent handling of violent attacks in key locations based on deep learning, so as to solve or alleviate the problems existing in the above-mentioned prior art.
[0005] To achieve the above objectives, this application provides the following technical solution: This application provides a deep learning-based intelligent decision-making method for handling violent attacks in key locations, including: determining the handling steps for the current violent attack from a pre-built case library based on attribute similarity, so as to generate an initial handling process for the current violent attack; Based on a pre-built rule base, the initial handling process is modified to obtain a structured handling process for the current violent attack incident; An improved table-to-text generation model is used to convert structured handling procedures into natural language in stages, generating emergency response plans for the current violent attack incident.
[0006] Preferably, based on the attribute similarity between the current violent attack incident and each case sample in the case database, the following approach is adopted: The mechanism selects and handles cases from the case database. Each sample case serves as a candidate case for the current violent attack incident; among them, the attribute similarity between the current violent attack incident and each sample case in the case database is calculated using a semantic similarity algorithm. It is a positive integer; based on The process for handling each candidate case determines the steps to take in dealing with the current violent attack incident.
[0007] Preferably, according to the formula: Calculation and processing steps Probability of selection in the initial response process of current violent attacks In the formula, For the first Candidate cases The weight, Let be an indicator function, where the first... Candidate cases Includes processing steps ,but ,otherwise ; The steps with a selection probability greater than 60% are identified as the handling steps for the current violent attack incident, forming the initial handling procedure for the current violent attack incident.
[0008] Preferably, the event attributes of the current violent attack are matched with the rule conditions in the rule base, and the correction rules for the current violent attack are selected from the rule base based on the matching results to modify the initial handling process.
[0009] Preferably, based on the filtering correction rules, the priority score of each handling step in the initial handling process of the current violent attack is calculated according to the weight of each event attribute of the current violent attack; The initial response process is sorted according to priority scores to generate a structured response process adapted to the current violent attack incident.
[0010] Preferably, the sequence of record units of the current structured handling process for violent attacks is input into an improved table into a text generation model, and key record unit filtering, table structure perception, and descriptive text generation operations are performed sequentially to convert the structured handling process into natural language.
[0011] Preferably, the key record unit filtering operation includes: capturing the semantic association of each record unit through a BiLSTM layer and outputting the probability distribution of each record unit; Based on the probability distribution of each recording unit, the CRF layer is used to perform binary classification and labeling on each recording unit to select the key recording units for the structured processing procedure.
[0012] Preferably, the table structure awareness operation includes: fusing the content vector and position vector of each key record unit in the structured processing flow to obtain the fused vector of each key record unit; A structure-aware Transformer encoder is used to capture the semantic relationships between key recording units based on the fusion vector of each key recording unit, and output the encoded vector sequence of each key recording unit.
[0013] Preferably, the text generation operation includes: logically sorting the encoded vector sequence of each key record unit through a pointer network; Based on the logical sorting results of the encoded vector sequences of each key record unit, a natural language scheme for handling the current violent attack incident is generated based on the replication mechanism, and the generated natural language scheme is evaluated by the BLEU-4 and ROUGE-L indices.
[0014] This embodiment also provides a deep learning-based intelligent decision-making system for handling violent attacks in key locations. The system employs any of the aforementioned deep learning-based intelligent decision-making methods for handling violent attacks in key locations to address the incidents. The system includes: The initial handling unit is configured to determine the handling steps for the current violent attack incident from a pre-built handling case library through attribute similarity calculation, so as to generate the initial handling process for the current violent attack incident; The modified handling unit is configured to modify the initial handling process based on a pre-built rule base, resulting in a structured handling process for violent attack incidents; The decision-making unit is configured to use an improved table-to-text generation model to convert the structured handling process into natural language in stages, generating a response plan for the current violent attack.
[0015] Beneficial effects: The intelligent decision-making method and system for handling violent attacks in key locations based on deep learning provided in this application determines the handling steps for the current violent attack incident from a pre-built case library based on attribute similarity to generate an initial handling process for the current violent attack incident. This initial handling process is then modified based on a pre-built rule library to obtain a structured handling process for the current violent attack incident. Finally, an improved table-to-text generation model is used to convert the structured handling process into natural language in stages, generating a response plan for the current violent attack incident. Thus, by integrating case reasoning, rule reasoning, and deep learning to generate the handling process for the current violent attack incident through a constructed case library of violent attack incident handling, the system effectively solves the problems of poor adaptability and low accuracy of single reasoning mechanisms.
[0016] By implementing intelligent decision-making across the entire process of "ontology modeling - case reasoning - rule reasoning - text generation" for violent attack incidents, an integrated closed loop is achieved from event entry to solution output, shortening the emergency response time for violent attack incidents in key locations and effectively meeting the minute-level response requirements. Combining ontology modeling and hybrid reasoning improves the adaptability of the handling process to different types and scenarios of violent attack incidents in key locations, effectively increasing decision-making accuracy and reducing decision-making errors caused by human experience bias. At the same time, by optimizing the table-to-text generation model, the problems of logical confusion, terminology errors, and missing information when generating long texts in existing models are effectively solved, generating natural language solutions that conform to the handling standards for violent attack incidents in key locations. Attached Figure Description
[0017] The accompanying drawings, which form part of this application, are used to provide a further understanding of this application. The illustrative embodiments and descriptions of this application are used to explain this application and do not constitute an undue limitation of this application. Wherein: Figure 1 This is a flowchart illustrating a deep learning-based intelligent decision-making method for handling violent attacks in key locations, according to some embodiments of this application. Figure 2 A logical principle diagram of a deep learning-based intelligent decision-making method for handling violent attacks in key locations is provided according to some embodiments of this application; Figure 3 This is a schematic diagram of the hierarchical structure of a domain ontology model for violent attacks in key locations, provided according to some embodiments of this application; Figure 4 This is a schematic diagram of the operation of Seq2Seq according to an embodiment of this application; Figure 5 This is an operational flowchart of intelligent decision-making for handling violent attacks in key locations, according to an embodiment of this application; Figure 6 This is a schematic diagram of the structure of a deep learning-based intelligent decision-making system for handling violent attacks in key locations, according to some embodiments of this application. Detailed Implementation
[0018] The present application will now be described in detail with reference to the accompanying drawings and embodiments. Various examples are provided by way of explanation and not by way of limitation. In fact, those skilled in the art will understand that modifications and variations can be made to the present application without departing from the scope or spirit of the present application. For example, a feature shown or described as part of one embodiment may be used in another embodiment to produce yet another embodiment. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention should fall within the scope of protection of the embodiments of the present invention.
[0019] Currently, intelligent decision-making methods for handling violent attacks in key locations can be mainly divided into three categories: decision-making methods based on geographic modeling, decision-making methods based on natural language processing, and decision-making methods based on knowledge reasoning. However, the application of these three types of decision-making methods all have obvious limitations, specifically: First, the geographic modeling-based decision-making approach, relying on GIS systems, UAV remote sensing, and BIM technology, focuses on rescue route planning and evacuation route design. While it offers real-time advantages, it only considers geographic environmental information (such as building structure and road distribution), lacking coverage of core aspects such as the handling process, responsibility minutes, resource allocation, and evidence preservation for violent attacks in key locations. Furthermore, this method is affected by the diversity of geographic information systems, resulting in poor portability. Changing application scenarios requires rebuilding the geographic model, leading to high hardware procurement and modeling costs, and making it unsuitable for rapid adaptation across multiple scenarios.
[0020] Second, the natural language processing-based decision-making method: This method uses NLP technology to extract event attributes and handling procedures from official documents (such as emergency plans and handling procedures) to generate emergency response plans. However, it relies too heavily on historical document experience and is difficult to deal with new types of violent attacks (such as AI-generated false violent attack threat information or drone attacks carrying explosives). Moreover, the generated results are mostly fragmented text (such as isolated operation instructions), lacking structured logic and division of responsibilities. Frontline personnel need to manually integrate the information, and the interpretation takes more than 20 minutes, which seriously affects the response efficiency.
[0021] Third, the knowledge-based reasoning-based decision-making method: This method uses case-based reasoning (CBR) or rule-based reasoning (RBP) as its core, generating a response process by matching historical cases or executing preset rules. However, its performance is highly dependent on the size of the case library and the completeness of the rules. When the case library is insufficient (e.g., a newly built security site case library contains only 50 cases), the accuracy of the reasoning results is less than 75%. The rule library cannot cover complex scenarios (e.g., multiple events such as "extreme weather + violent attack + crowding"), and it does not incorporate deep learning technology to optimize the reasoning weights. This leads to the underestimation of the impact of key attributes such as "event damage level" and "occurrence area" on the process, thus limiting the accuracy of the decision.
[0022] Furthermore, existing decision-making methods cannot effectively address the key issue of "connecting structured response processes with natural language text": the tabular processes generated by knowledge reasoning (including step numbers and response stages) have poor readability, requiring frontline personnel to spend more than 10 minutes interpreting the logical relationships and operational details; while text generation models mostly focus on short texts (such as single-sentence descriptions), and when generating long emergency response plans (more than 2,000 words), they are prone to logical confusion (such as reversing the order of "first evacuate personnel, then seal off the site"), missing key information (such as not specifying the execution time limit and the amount of resources), and errors in professional terminology (such as mistakenly writing "chemical cleaning" instead of "chemical decontamination"), which greatly reduces their practicality.
[0023] To address the issues of slow response, poor process adaptability, insufficient practicality, and low collaborative efficiency in existing intelligent decision-making technologies for handling violent attacks, this embodiment proposes a deep learning-based intelligent decision-making method for handling violent attacks in key locations. By constructing a full-process intelligent decision-making framework covering "event attribute input - structured handling process generation - natural language solution text generation - post-event evaluation - case update," the emergency response time for handling violent attacks in key locations is reduced from the traditional 1-2 hours to 5 minutes, fully meeting the "minute-level response" requirement for handling violent attacks. Through the integration of ontology modeling and hybrid reasoning techniques, the conceptual definitions and attribute constraints of violent attacks in key locations, handling processes, responsible departments, and resource types are unified, improving the adaptability of the handling process to different types and scenarios of violent attacks in key locations, increasing the decision accuracy rate to over 88%, and reducing decision-making errors caused by human experience bias. By optimizing the table-to-text generation model, the problems of logical confusion, terminology errors, and missing information when generating long texts in existing models are effectively solved, generating natural language solutions that conform to the handling specifications for violent attacks in key locations, reducing the time required for frontline personnel to understand the solutions by more than 60%. Furthermore, by designing an intelligent response and decision-making system, a visual and interactive user interface is provided, supporting dynamic updates of case libraries, rule libraries, and model parameters, as well as cross-departmental data collaboration. It is adaptable to the needs of handling violent attack incidents in key locations of different sizes and types, and has high scalability and practicality.
[0024] like Figures 1 to 5 As shown, the intelligent decision-making method and system for handling violent attacks in key locations based on deep learning includes: Step S101: Determine the handling steps for the current violent attack incident from the pre-built handling case library based on attribute similarity, so as to generate the initial handling process for the current violent attack incident.
[0025] In this embodiment, based on the official release documents of violent attacks on key locations, typical cases of handling violent attacks on key locations are collected (covering categories such as bomb attacks, armed hijackings, arson and sabotage, biological and chemical threats, drone interference, and knife killings). The model focuses on two major areas: violent attacks on key locations and the handling process of violent attacks on key locations. The model covers various types of violent attacks on key locations and key targets with dense populations.
[0026] During the modeling process, ontology editing tools (such as Protege 5.5.0) can be used to build the model. Four top-level classes are established: "Event Class," "Handling Process Class," "Responsible Department Class," and "Resource Type Class." The "Event Class" describes the attributes and characteristics of the event itself, while the "Handling Process Class," "Responsible Department Class," and "Resource Type Class" define the operational procedures, implementing entities, and material support for responding to the event.
[0027] Specifically, "Event Category" includes: bomb attacks (which can be further subdivided into suicide bombings, car bomb explosions, and package bomb explosions), armed hijackings (personnel hijackings and facility hijackings), arson and sabotage, biological and chemical threats, drone interference, and knife attacks. "Handling Process Category" includes: initial response, emergency response, on-site control, evidence collection, chemical and biological decontamination, medical care, and post-incident recovery, with each subcategory corresponding to a unique number for easy subsequent reasoning and retrieval. "Responsible Department Category" includes: public security departments (including special police and local police stations), fire and rescue departments, medical rescue departments, emergency management departments, and security service agencies. "Resource Type Category" includes: security resources (bomb disposal robots, riot shields, tactical assault equipment), firefighting resources (fire trucks, thermal imagers, fire extinguishers), medical resources (ambulances, first aid equipment, medicines), and communication resources (emergency communication vehicles, walkie-talkies, satellite phones), etc.
[0028] Here, core attributes are defined for "Event Category" to avoid confusion in attribute values. These include, but are not limited to: Event Scenario Name (e.g., "Knife Attack in a Large Shopping Mall"), Location (Densely Populated Key Location / Key Target), Specific Location (e.g., "Clothing Section on the 3rd Floor of the Shopping Mall"), Damage Level (Minor / General / Significant / Major / Extremely Major), Evolution Stage (Latent Stage / Occurrence Stage / Spread Stage / Cease Stage), On-Site Situation Characteristics (Personnel Density, Risk of Secondary Disasters, Suspect Escape), and Estimated Number of People Involved. Each attribute has a defined value range. For example, the "Damage Level" can be set as "Minor (No Casualties, Property Loss < 100,000 RMB), General (Slight Injuries ≤ 5 People, Property Loss 100,000-500,000 RMB), Significant (Seriously Injured ≤ 10 People or Deaths ≤ 3 People, Property Loss 500,000-2,000,000 RMB), Major (Seriously Injured > 10 People or Deaths 3-10 People, Property Loss 2,000,000-10,000,000 RMB), and Extremely Major (Deaths > 10 People, Property Loss > 10,000,000 RMB)".
[0029] Establish the "need to be executed" relationship of "incident-response process" (e.g., "the on-site control and personnel evacuation process needs to be executed in the event of an explosion attack"), the "subordination" relationship of "responsibility process-responsible department" (e.g., "the on-site control process is subordinate to the public security department"), and the "dependence" relationship of "responsible department-resources" (e.g., "the public security department depends on bomb disposal robots and riot shields").
[0030] Finally, instances are populated into the model to verify its practicality. For example, the "knife attack incident in a large shopping mall" instance has the following attribute configuration: "Area of occurrence = densely populated key location, specific location = clothing area on the 3rd floor of the mall, damage level = relatively large, evolution stage = occurrence stage, on-site situation characteristics = high population density, no risk of secondary disasters, suspect at large". At the same time, corresponding instances are populated into the "handling process" category. For example, the handling details of the "initial handling A01" instance are "the security agency immediately sealed off the floor where the incident occurred, and the public security department arrived at the scene within 5 minutes" and the "medical rescue A07" instance is "the medical department dispatched 2 ambulances and 4 emergency personnel to the scene to treat the injured". After the model is populated, the built-in HermiT inference engine in Protege is used to detect conceptual conflicts (such as the contradiction between "minor damage level event" and "need to activate level 1 emergency response") and attribute conflicts (such as "occurrence area = densely populated key location" while "specific location = military base"), output a verification report and manually correct them to ensure that the model's logical consistency is ≥98%; finally, the ontology model is encoded and stored in OWL2.0 language, which supports subsequent import, export and secondary editing.
[0031] In this embodiment, while constructing the ontology model for the field of violent attacks in key locations, a case library for handling violent attacks in key locations is constructed by collecting case sample data such as records of handling violent attacks in key locations (including but not limited to digitized scans of paper documents, electronic ledgers, etc.), emergency response reports, and emergency response drill data for violent attacks in key locations.
[0032] The collected case samples were screened based on the following criteria: complete event information (attribute missing rate <30%), traceable handling process (including implementing department, time limit, resource input, and operational details), and clear post-event evaluation (including compliance, resource utilization rate, and improvement suggestions).
[0033] Next, the selected case samples were preprocessed. Specifically, the Jieba word segmentation tool was used to segment the case texts, and the word segmentation effect was optimized by combining the key location violent attack incident handling terminology library (containing 500+ professional terms such as "anti-hijacking tactics", "chemical decontamination", "tactical containment area", "bomb disposal robot operation" etc.) to ensure that professional terms were not split, and the semantic similarity of event attributes between cases was calculated, and duplicate cases were removed based on the set similarity threshold (0.9).
[0034] The semantic similarity of event attributes between cases is calculated using an improved cosine similarity algorithm, specifically according to the formula: Determine the semantic similarity of event attributes between different cases; where, For the first The initial weights of each event attribute, This represents the total number of event attributes. Case studies Case Studies The A semantic vector of an event attribute.
[0035] Then, the abnormal data in the case (such as handling time limits marked as "none" or property losses being negative) are calibrated, and contradictory data are corrected using a weighted average method. Specifically, according to the formula: Correcting abnormal data; among which, For the first One abnormal data Corrected data, For the first One abnormal data Credibility weight, This represents the number of abnormal data.
[0036] After screening, preprocessing, and anomaly correction, the collected case samples are structured according to the ontology model as "Case Number - Event Attribute Set - Handling Measures Set - Handling Result Set - Post-Evaluation". The event attribute set extracts attribute information such as event type, occurrence, location, and damage level from the case samples according to the "Event Class" attribute of the ontology model, and stores it in a standardized table format. The handling measures set corresponds to the "Handling Process Class" in the ontology model, recording the handling steps at each stage according to the event sequence, including step number, handling link, implementing department, execution time limit, resource input details (resource type, quantity, and allocation source), and operating procedures (e.g., "On-site lockdown requires setting up a 50-meter warning zone, prohibiting unauthorized personnel from entering"). The handling result set records the event resolution time, casualty control status (number of minor injuries / serious injuries / deaths), property loss recovery rate, suspect apprehension status, and secondary disaster prevention effectiveness. Post-event assessment includes compliance of the handling (whether it complies with relevant regulations), resource utilization rate (actual resources invested / required resources), efficiency of multi-departmental collaboration (information transmission time, deviation rate of step execution), and improvement suggestions (such as "strengthening real-time communication between the site and the command center" and "increasing reserves of chemical defense equipment").
[0037] Furthermore, the structured case samples are stored in a SQL Server 2022 database, a composite index of "event type-occurrence area-damage level" is constructed, and an efficient index structure is used to optimize retrieval efficiency. The index retrieval efficiency satisfies the following: In the formula, Index retrieval time; To manage the total number of case samples in the case library, a version management mechanism is implemented to ensure that the response time for a single case retrieval is ≤1 second. This mechanism records the modification history of case samples (e.g., who modified it, the modification event, and the modified content), retaining a maximum of 10 historical versions and supporting rollback to any version to prevent accidental modification of case information. The case library also supports multi-condition combined queries and fuzzy searches to facilitate users' quick location of reference cases.
[0038] After constructing a case library of violent attack incidents, the attribute text of the current violent attack incident (such as "A knife attack occurred in the clothing section on the 3rd floor of a large shopping mall, the level of damage is relatively large, the density of people at the scene is high, and the suspect is at large") is encoded with the attribute text of the case samples in the case library to generate a high-dimensional semantic vector. This vector captures the semantic relationship between the current violent attack incident and the case samples, so as to measure the attribute similarity between the current violent attack incident and the case samples and avoid misjudgment due to low similarity caused by keyword differences.
[0039] In a specific example, a semantic similarity algorithm is used to calculate the attribute similarity between the current violent attack incident and each case sample in the case database, and then... The mechanism selects and handles cases from the case database. ( (A positive integer) number of case samples are considered as candidate cases for the current violent attack incident. For example, "A knife attack in a shopping mall in a certain year" with an attribute similarity of 0.92, "A violent attack in a shopping mall in a certain year" with an attribute similarity of 0.85, and "A knife attack at a train station in a certain year" with an attribute similarity of 0.78.
[0040] Then, based on The process for handling each candidate case determines the steps to take in dealing with the current violent attack incident. Specifically, it follows the formula: Calculation and processing steps Probability of selection in the initial response process of current violent attacks Steps with a selection probability greater than 60% are included in the handling process. The executing department, time limit, resource requirements, and operational procedures for each step are retained to generate the initial handling process for the current violent attack incident, enabling case-based reasoning for this incident. In the formula, For the first Candidate cases The weights are determined by using... The mechanism selects and handles cases from the case database. The first case sample Candidate cases The normalized probability, Let be an indicator function, where the first... Candidate cases Includes processing steps ,but ,otherwise .
[0041] In a specific application scenario, the improved cosine similarity algorithm in this application is used to calculate the current violent attack event. Case samples in the case handling case library Attribute semantic similarity And the calculated current violent attack events After sorting the semantic similarity of the case samples with the attributes in descending order with all case samples in the case database, the top [cases] are selected. Case samples corresponding to the semantic similarity of each attribute are used as candidate case sets. ,in, Next, the candidate case set was analyzed. In Candidate cases and current violent attacks The semantic similarity of the attributes is normalized. Specifically, the Softmax function is used to normalize the similarity. Candidate cases and current violent attacks The semantic similarity of attributes is converted into normalized weights. Here, according to the formula: Determine the first Candidate cases weight In the formula, For candidate case set The first in One candidate case.
[0042] Finally, calculate the processing steps. Probability of selection in the initial response process of current violent attacks and will The initial response procedure for the current violent attack incident is generated by incorporating the handling steps into the response process, while retaining the implementing departments, time limits, resource requirements, and operating procedures for each step. ,Right now Step S102: Modify the initial handling process based on the pre-built rule base to obtain the structured handling process for the current violent attack incident.
[0043] After completing the case reasoning for the current violent attack incident and generating the initial handling procedure, the initial handling procedure is modified according to the rules based on the constructed rule base, thus realizing rule-based reasoning for the current violent attack incident. First, a rule base for violent attack incidents is constructed. Specifically, the core rules in the violent attack incident rule base include, but are not limited to: emergency response classification rules, on-site control rules, resource allocation rules, evidence preservation rules, and procedure modification rules.
[0044] The emergency response grading rules are defined as follows: "If the level of damage caused by the incident is major / particularly major, a Level I emergency response will be activated, and the public security, fire, medical, and emergency response departments will be notified to arrive at the scene within 5 minutes; if the level of damage caused by the incident is relatively large, a Level II emergency response will be activated, and the public security, fire, medical, and emergency response departments will be notified to arrive at the scene within 10 minutes."
[0045] The on-site control rules are defined as follows: "If the incident occurs in a densely populated key area and the suspect is at large, the area will be completely closed off and controlled, with multiple layers of security zones set up. The special police will be responsible for the pursuit, and security agencies will assist in maintaining order at the scene."
[0046] The resource allocation rules are defined as follows: "If the incident involves casualties, at least two ambulances and one medical rescue team must be deployed, and a temporary aid station must be set up within 500 meters of the incident site." The evidence preservation rules are defined as follows: "If the incident type is an explosion attack / knife attack, evidence preservation must be initiated within 10 minutes after the scene is sealed off, using professional equipment to extract fingerprints, DNA samples, and weapon residue to avoid destroying evidence."
[0047] The process is defined as follows: matching the event attributes of the current violent attack with the rule conditions in the rule base, and then selecting corrective rules for the current violent attack from the rule base based on the matching results to modify the initial handling process. Specifically, the initial handling process is validated for compliance using the selected rules applicable to the current violent attack. If a step required by the rule is missing from the initial handling process (e.g., "evidence fixation" is not included), that step is added. If the initial handling process conflicts with the rule (e.g., the evacuation time exceeds the rule's requirement of 10 minutes), the initial handling process is adjusted according to the rule requirements. The formula is as follows: Steps in the initial treatment process With rules Perform conflict determination; where, Steps in the initial treatment process With rules The conflict determination result; Steps in the initial treatment process Time limit requirements, For rules The time limit requirements in the document Steps in the initial treatment process Scope of application For rules The scope of use in [the context].
[0048] After completing case-based reasoning and rule-based reasoning for the current violent attack incident, deep learning is combined to improve the reasoning accuracy of the current violent attack incident. Specifically, a deep learning model for natural language processing is constructed. For example, a hybrid model is adopted, using a pre-trained language model (such as Bidirectional Encoder Representation from Transformers, BERT) and a sequence modeling unit (such as a Gated Recurrent Unit, GRU). The hidden layers are set to 3 GRU layers (256 hidden units per layer). The input is the semantic vector of the event attributes and the feature vector of the handling process of the current violent attack incident. The output is the weight parameters of each event attribute on the handling process (e.g., "Event Damage Level" weight 0.3, "Occurrence Area" weight 0.25, "Event Type" weight 0.2, "On-Site Situation Characteristics" weight 0.15, "Evolution Stage" weight 0.1).
[0049] The hybrid model is trained using case samples from a case library, and then optimized using an improved Huber loss function. The improved Huber loss function is as follows: In the formula, The true value of the case sample Predictions from the mixture model At the error threshold Error loss below; ; The penalty coefficient is a hyperparameter of the hybrid model that is adaptively adjusted during training and optimization.
[0050] After the hybrid model is trained and optimized, based on the selected correction rules, the weights of each event attribute of the current violent attack event are input to calculate the priority score of each step in the initial handling process of the current violent attack event. Specifically, according to the formula: Determine the treatment steps in the initial treatment process. Priority score In the formula, The first of the current violent attacks The weight of each event attribute, For handling steps With the The correlation of event attributes The value is between 0 and 1. The number of event properties.
[0051] Then, the handling steps are sorted according to their priority scores to generate a structured handling process adapted to the current violent attack incident. Specifically, the order of the steps in the initial handling process is adjusted according to the priority score of each handling step to generate a structured handling process adapted to the current violent attack incident (in tabular form, including eight fields: step number, handling stage, implementing department, implementation requirements, time limit requirements, resource requirements, association rule ID, and priority).
[0052] Therefore, in response to current violent attacks, a hybrid model that integrates case-based reasoning, rule-based reasoning, and deep learning-based methods is used to generate a response process for such attacks, effectively addressing the issues of poor adaptability and low accuracy of single reasoning mechanisms.
[0053] Step S103: Using an improved table-to-text generation model, the structured handling process is converted into natural language in stages to generate a response plan for the current violent attack.
[0054] To address the poor readability of structured incident response procedures, an improved table-to-text generation model is employed. This model converts the generated structured response procedures into natural language in stages, effectively resolving issues such as logical inconsistencies and terminological errors in the generated long texts. Specifically, the sequence of record units in the current violent attack incident's structured response procedure is input into the improved table-to-text generation model. The model then sequentially performs key record unit filtering, table structure awareness, and descriptive text generation operations to convert the structured response procedure into natural language.
[0055] In a specific example, a fusion model based on a bidirectional long short-term memory (BiLSTM) network and a discriminative probabilistic graphical model (such as a conditional random field, CFR) is used to perform the key record unit screening operation.
[0056] First, the fusion model is trained using case samples from the disposal case library. Specifically, the case samples in the disposal case library are divided into a training set, a validation set, and a test set in an 8:1:1 ratio; the training set contains 2000 labeled record unit sequences, and the fusion model's labeled accuracy, recall, and F1 score are calculated on the test set.
[0057] in, The number of true positives The number of false positives To identify false negatives, the required labeling accuracy is ≥92% and recall is ≥90%. Value ≥ 91%.
[0058] Then, the sequence of record units in the structured handling process of the current violent attack incident (each record unit corresponds to a combination of fields such as "step number - handling stage - implementing department - time limit requirement - resource requirement", such as "step 2: on-site lockdown, implementing department = public security department + security agency, time limit requirement = within 5 minutes, resource requirement = 20 police officers, 4 police cars, 10 riot shields") is input into the fusion model. The semantic associations of each record unit are captured through a BiLSTM layer (forward + backward), and the probability distribution (critical / non-critical) of each record unit is output. Based on the probability distribution of each record unit, the record units are binary-classified and labeled through a CRF layer to filter out the key record units of the structured handling process. For example, based on the probability distribution of the record units, the key record units such as "delineation of on-site lockdown area", "planning of personnel evacuation routes", "setting of medical rescue points", and "evidence fixation operation specifications" are filtered out, and redundant information is eliminated.
[0059] In another specific example, during the table structure awareness operation, the key record unit is first added with an embedded field of "row name-column name-location coordinates" through field embedding. For example, the embedded field of the record unit "Step 3: Evacuation of personnel" is "Disposal steps-operation content-(3,2)". One-hot encoding and position encoding are used to fuse the content vector and position vector of each key record unit in the structured disposal process to obtain the fused vector of each key record unit.
[0060] Then, a structure-aware Transformer encoder (with 6 layers, 512 hidden layer dimensions, and 8 multi-head self-attention heads) is used to capture the semantic relationships between key recording units based on the fusion vectors of each key recording unit, and outputs the encoded vector sequence of each key recording unit. In this way, the encoder outputs an encoded vector sequence containing structural and content features by capturing the semantic relationships between key recording units.
[0061] After generating a sequence of encoded vectors containing structural and content features through the table structure perception operation, the encoded vector sequences of each key record unit are logically sorted using a pointer network. The order of steps is adjusted according to the following chapter logic: "Scenario Description → Handling Principles → Initial Handling → Emergency Response → On-site Control → Evidence Preservation → Medical Care → Post-event Recovery → Precautions".
[0062] Then, based on the logical sorting results of the encoded vector sequences of each key record unit, a natural language scheme for handling the current violent attack incident is generated using a replication mechanism. Specifically, a Seq2Seq framework is employed, combined with a replication mechanism to process specialized terminology related to handling violent attack incidents in key locations, and the generation probability and replication probability are weighted and fused. in, Words in a natural language processing solution for handling current violent attacks fusion probability; The fusion weights are dynamically calculated using the sigmoid function. To generate words from a vocabulary list The generation probability, To copy words from the input sequence The probability of replication, when encountering technical terms. .
[0063] Finally, the generated natural language processing scheme is evaluated using the BLEU-4 and ROUGE-L indices. Specifically, according to the formula: For the generated natural language scheme Conduct an evaluation; where, For reference text, The number of reference texts, The length of the longest common subsequence. When evaluating metrics... , If so, the generated natural language solution for the current violent attack event is logically coherent, informationally complete, and directly executable.
[0064] In this embodiment, intelligent decision-making for violent attack incidents is achieved through a complete process of "ontology modeling - case reasoning - rule reasoning - text generation," realizing an integrated closed loop from incident entry to solution output. This shortens the emergency response time for violent attack incidents in key locations and effectively meets the minute-level response requirements. By combining ontology modeling and hybrid reasoning, the adaptability of the handling process to different types and scenarios of violent attack incidents in key locations is improved, effectively increasing decision-making accuracy and reducing decision-making errors caused by human experience bias. At the same time, by optimizing the table-to-text generation model, the problems of logical confusion, terminology errors, and missing information when generating long texts in existing models are effectively solved, generating natural language solutions that conform to the handling specifications for violent attack incidents in key locations.
[0065] Furthermore, this embodiment also provides a deep learning-based intelligent decision-making system for handling violent attacks in key locations. It employs any of the deep learning-based intelligent decision-making methods for handling violent attacks in key locations described above to address such attacks. Figure 6 As shown, the system includes: The initial handling unit 601 is configured to determine the handling steps for the current violent attack incident from a pre-built handling case library by calculating attribute similarity, so as to generate the initial handling process for the current violent attack incident; The modified handling unit 602 is configured to modify the initial handling process based on a pre-built rule base to obtain a structured handling process for violent attack incidents; The decision-making unit 603 is configured to use an improved table-to-text generation model to convert the structured handling process into natural language in stages, and generate a response plan for the current violent attack.
[0066] The intelligent decision-making system for handling violent attacks in key locations based on deep learning provided in this embodiment can replicate the steps and processes of any of the above embodiments of the intelligent decision-making method for handling violent attacks in key locations based on deep learning, and achieve the same technical effect.
[0067] In a specific example, the initial processing unit includes an ontology model building module, a case library management module, and a case reasoning module. The ontology model building module uses Vue.js + ElementUI to build a visual interface on the front end, and integrates Protege's OntoGraf and inference engine functionality on the back end using the Python + Flask framework. Model data is stored in a MongoDB database.
[0068] It supports adding / modifying / deleting concepts such as "Event Class" and "Handling Process Class," defining concept attributes (such as "Event Occurrence Area" and "Handling Time Limit") and attribute constraints (value range, data type, and whether it is required); establishing relationships such as "Event-Handling Process" and "Handling Process-Responsible Department," supporting custom relationship types ("Requires Execution," "Belongs to," and "Depends on"), and configuring the relationship strength of each relationship (levels 1-5, used for weight calculation during inference); simultaneously displaying the hierarchical structure and concept relationships of the ontology model, supporting scaling (0.5-2.0 times), panning, node highlighting, and relationship filtering operations; using the inference engine to detect model logic conflicts and outputting a verification report containing error type, error location, and correction suggestions; supporting model export to OWL2.0, RDF / XML, Turtle, and other formats, and also allowing import of external ontology model files (supporting OWL and RDF formats) for secondary editing.
[0069] In the case library management module, the database uses SQL Server 2022, case queries are optimized through multi-dimensional indexes, and statistical reports use the ECharts visualization library. It supports case entry (form-based input, including four tabs: event attributes, handling measures, handling results, and post-event evaluation; form fields are associated with ontology model attributes) and batch import (Excel / CSV format, maximum 1000 records per import). During import, it automatically verifies data format and integrity, marking errors and providing prompts for data that does not meet requirements. It allows modification of case field information, retaining up to 10 historical versions during modification. It supports multi-condition combined queries (precise and fuzzy queries for fields such as "event type," "occurrence area," and "damage level"), with query results displayed in a list format, supporting sorting by similarity, occurrence time, and damage level. Clicking on a case list item allows viewing case details (displaying an event attribute table, a list of handling measures steps, a statistical chart of handling results, and post-event evaluation text in tab format). It can generate statistical reports (bar charts, pie charts, and line charts) based on event type, occurrence area, damage level, and handling effect, and supports report export (PNG, PDF, and Excel formats), providing data support for rule base optimization and model training.
[0070] The case reasoning module is equipped with a BERT semantic encoding model and a similarity algorithm. After receiving the event attribute information of the current violent attack, it automatically retrieves the case library and calculates the similarity, outputs the top-3 similar cases and similarity values, and supports manual adjustment of the reference case weights.
[0071] In another specific example, the remediation and handling unit includes a rule reasoning module and a structured module. The rule reasoning module includes rule base management functions, supporting the addition, editing, and deletion of rules for handling violent attacks in key locations. The rule editing interface provides a visual configuration of "condition-action" (the condition section supports multiple field combinations, and the action section supports drag-and-drop configuration of handling steps). Rule storage adopts a production rule notation, with each rule including a rule ID, condition expression, action content, priority (levels 1-5), creator, and creation time. It also features a rule matching engine (forward reasoning algorithm) and outputs a list of applicable rules and remediation suggestions.
[0072] The structured module includes a weight optimization submodule, which deploys a hybrid model based on BERT+GRU. It supports model training (uploading training datasets, setting hyperparameters, and starting training tasks), deployment (saving model parameters to local or cloud storage), and performance evaluation (inputting test datasets and outputting weight prediction accuracy and error values). The inference result output unit displays the structured processing flow generated by hybrid inference in tabular form, supports manual adjustment of process steps (adding / deleting steps, modifying execution departments / time limits), and provides export functions in Excel, PDF, and Word formats.
[0073] In another specific example, the decision-making unit includes a text generation module, which is based on the PyTorch framework and uses the python-docx and PyPDF2 libraries for text export. This module includes: a data preprocessing module, a sequence labeling module, a text generation module, and a text optimization module. The data preprocessing module receives the structured processing flow output from the hybrid inference module and automatically performs data cleaning (removing null fields and correcting format errors) and record unit serialization. The sequence labeling module integrates a BiLSTM+CRF model, supports model parameter configuration and automatic / manual labeling, and outputs a list of key record units and label confidence (users need to manually confirm confidence scores <0.8). The text generation module has a built-in improved Transformer model, provides a model training interface (upload the "structured process - emergency response plan text" paired dataset and set training parameters), supports generation parameter configuration (text style: concise instruction type / detailed report type / emergency command type; text length: 500-5000 words; professional terminology retention rate: 100%), and has a text generation trigger function (manual start or automatic start of the associated inference process), and displays the progress in real time during the generation process. The text optimization module supports online text editing and format optimization (automatic formatting of chapter titles, adjustment of font styles, and addition of page numbers and headers), supports export in PDF, Word, and TXT formats, and allows users to choose whether to include a table of contents and add a watermark during export.
[0074] In addition, the decision-making system in this embodiment also includes an interactive interface unit and a data storage unit. The interactive interface unit includes a front-end user interface (for front-line personnel in public security, emergency management, security, etc.) and a back-end management interface (for system administrators).
[0075] In this embodiment, the front-end user interface (for frontline personnel in public security, emergency management, security, etc.) includes a login / registration module, an event information entry module, an intelligent response decision-making module, and an effect evaluation module. The login / registration module supports account / password login and verification code login (6-digit verification code sent via SMS), and provides a password retrieval function (mobile phone number / email verification, reset link valid for 24 hours). New users must fill in basic information (name, company, position, contact information) and upload proof of employment; the account is activated after administrator approval.
[0076] The event information entry module provides a visual form (divided into two tabs: "Basic Event Attributes" and "On-site Situation"). "Basic Event Attributes" includes event type (drop-down selection), location (map selection + text input, integrated map API), damage level (radio button), and time of occurrence (date and time selector). "On-site Situation" includes personnel density (slider selection: low / medium / high), risk of secondary disasters (radio selection: yes / no), suspect status (fleeing / controlled / unknown), and measures taken on-site (text box input). It supports uploading on-site images / video attachments (images support JPG and PNG formats, videos support MP4 format, with a single upload limit of 200MB).
[0077] The intelligent response decision-making module displays case search results (a list of Top-3 similar cases), a response process table generated by hybrid reasoning (supporting filtering and sorting), and text-generated emergency response plan text (supporting chapter jumping and keyword highlighting); it supports linked viewing of process steps and text chapters (clicking on a process step will automatically highlight the corresponding text description); and it provides a historical decision query function (querying past decision records by event number, occurrence time, and event type).
[0078] After the incident is handled, the effectiveness evaluation module provides an evaluation form (including five dimensions: timeliness of handling, process adaptability, readability of the solution, handling effect, and collaboration efficiency, with a 1-5 point scoring system). The evaluation opinions are filled in, and the total evaluation score (weighted average score) is automatically calculated and stored in the historical decision database.
[0079] In this embodiment, the backend management interface (for system administrators) uses Vue.js + ElementUI for the front end, integrates the map API for map functionality, and uses WebSocket technology for real-time communication. It includes user management module, case library management module, rule library management module, model management module, and system configuration module.
[0080] The user management module displays all user information (account, name, organization, position, permission level, account status, registration time); it supports administrators in adding user accounts, disabling accounts, modifying user permissions, and resetting user passwords. The case library management module provides case review functionality (reviewing new cases entered by users, approving / rejecting cases and providing feedback); it supports batch import / export of cases; and it includes case version management and case tagging (classic cases / sensitive cases). The rule library management module displays all rules for handling violent attack incidents in key locations (rule ID, conditional expression, action content, priority, status); it supports batch import / export of rules, rule testing (inputting simulated event attributes to test matching effects), and rule enabling / disabling.
[0081] The model management module manages the versions of ontology models, hybrid inference models, and text generation models (displaying version number, training time, and performance metrics); it supports model backup and recovery, updates (uploading new weight files), and performance monitoring (viewing call counts, average inference time, and error rate). The system configuration module allows configuring system parameters (session timeout, file upload size limit, log retention duration, and case retrieval similarity threshold); it manages system logs (querying operation logs and error logs); and it supports system backup and recovery.
[0082] In the decision-making system of this embodiment, the data storage unit adopts a hybrid storage architecture. SQL Server 2022 stores structured data (user information, case data, rule data, ontology model metadata), and MongoDB 5.0 stores unstructured data (ontology model files, emergency response plan text, on-site pictures / videos, model weight files, system logs). It supports automatic backup (setting the backup cycle, time, and content, with a default full backup at 2 AM every day) and manual backup. Backup data is stored on local servers and cloud servers, and the data is encrypted using the AES-256 encryption algorithm.
[0083] The data storage unit also provides data recovery functionality (selecting historical backup points, supporting full / partial recovery), prompting for confirmation before recovery, and outputting a report after recovery; it implements data access control based on the RBAC model, assigning different data access ranges to users with different permission levels; it employs data anonymization technology to anonymize sensitive information in the case; and it records all data operation logs, which are tamper-proof and meet compliance requirements.
[0084] Therefore, through the modular design of the decision-making system, it can be connected with the public security intelligence system, fire dispatch system, and emergency command platform via RESTful API interface to receive external early warning information (such as the trajectory of suspected violent attackers and dangerous goods detection signals), push decision results and resource allocation requests, and achieve cross-system collaboration.
[0085] In the description of this invention, it should be understood that the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to specific features, structures, materials, or characteristics described in connection with that embodiment or example, which are included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.
[0086] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.
Claims
1. A deep learning-based intelligent decision-making method for handling violent attacks in key locations, characterized in that, include: By using attribute similarity, the handling steps for the current violent attack incident are determined from a pre-built case library to generate an initial handling procedure for the current violent attack incident; Based on a pre-built rule base, the initial handling process is modified to obtain a structured handling process for the current violent attack incident; An improved table-to-text generation model is used to convert structured handling procedures into natural language in stages, generating emergency response plans for the current violent attack incident.
2. The method according to claim 1, characterized in that, Based on the attribute similarity of the current violent attack incidents and handling case samples in the database, the following approach is adopted: The mechanism selects and handles cases from the case database. Each sample case serves as a candidate case for the current violent attack incident; among them, the attribute similarity between the current violent attack incident and each sample case in the case database is calculated using a semantic similarity algorithm. It is a positive integer; based on The process for handling each candidate case determines the steps to take in dealing with the current violent attack incident.
3. The method according to claim 2, characterized in that, According to the formula: Calculation and processing steps Probability of selection in the initial response process of current violent attacks ; In the formula, For the first Candidate cases The weight, Let be an indicator function, where the first... Candidate cases Includes processing steps ,but ,otherwise ; The steps with a selection probability greater than 60% are identified as the current steps for handling the violent attack, and an initial handling procedure for the current violent attack is generated.
4. The method according to claim 1, characterized in that, The event attributes of the current violent attack are matched with the rule conditions in the rule base, and the correction rules for the current violent attack are selected from the rule base based on the matching results to modify the initial handling process.
5. The method according to claim 4, characterized in that, Based on the filtering correction rules, the priority score of each handling step in the initial handling process of the current violent attack is calculated according to the weight of each event attribute of the current violent attack. The initial response process is sorted according to priority scores to generate a structured response process adapted to the current violent attack incident.
6. The method according to claim 1, characterized in that, The sequence of record units in the current structured handling process of violent attacks is input into an improved table into a text generation model. The key record units of the structured handling process are then filtered, the table structure is perceived, and the descriptive text is generated in sequence to convert the structured handling process into natural language.
7. The method according to claim 6, characterized in that, Key record cell filtering operations include: The semantic associations of each recording unit are captured by the BiLSTM layer, and the probability distribution of each recording unit is output. Based on the probability distribution of each recording unit, the CRF layer is used to perform binary classification and labeling on each recording unit to select the key recording units for the structured processing procedure.
8. The method according to claim 6, characterized in that, Table structure awareness operations include: The content vectors and position vectors of each key recording unit in the structured processing flow are fused to obtain the fused vector of each key recording unit; A structure-aware Transformer encoder is used to capture the semantic relationships between key recording units based on the fusion vector of each key recording unit, and output the encoded vector sequence of each key recording unit.
9. The method according to claim 8, characterized in that, The descriptive text generation operation includes: The encoded vector sequences of each key record unit are logically sorted using a pointer network; Based on the logical sorting results of the encoded vector sequences of each key record unit, a natural language scheme for handling the current violent attack incident is generated based on the replication mechanism, and the generated natural language scheme is evaluated by the BLEU-4 and ROUGE-L indices.
10. A deep learning-based intelligent decision-making system for handling violent attacks in key locations, characterized in that: The system employs any one of the deep learning-based intelligent decision-making methods for handling violent attacks in key locations, as described in claims 1-9, to address such attacks. The system comprises: The initial handling unit is configured to determine the handling steps for the current violent attack incident from a pre-built handling case library through attribute similarity calculation, so as to generate the initial handling process for the current violent attack incident; The modified handling unit is configured to modify the initial handling process based on a pre-built rule base, resulting in a structured handling process for violent attack incidents; The decision-making unit is configured to use an improved table-to-text generation model to convert the structured handling process into natural language in stages, generating a response plan for the current violent attack.