MDATA knowledge extraction method and system based on attack and defense behaviors

The invention discloses an attack and defense behavior-based MDATA knowledge extraction method and system, which are based on an artificial intelligence technology and a natural language processing technology of deep learning to record attack and defense behavior data in a network attack and defense exercise, perform conjoint analysis on the attack and defense data of attack and defense parties and remove all invalid attack steps. And extracting all effective attack steps as MDATA knowledge so as to construct a network security knowledge base. In this way, the time-space characteristics of the attacker in the attack process are extracted from comprehensive and rich attack and defense behavior data, and the effectiveness of knowledge extraction is improved. 公开了一种基于攻防行为的MDATA知识抽取方法及其系统，其基于深度学习的人工智能技术与自然语言处理技术，以在网络攻防演习中记录攻防行为数据，并对攻防双方的攻防数据进行联合分析，去除所有的无效攻击步骤，将所有的有效攻击步骤抽取出来作为MDATA知识以构建网络安全知识库。这样，不仅从全面而丰富的攻防行为数据中提取到攻击者攻击过程中的时空特性，还提高了知识抽取的有效性。