CN118013030A - Method, device and electronic device for generating business process rule file - Google Patents

Abstract

The present invention provides a method, device and electronic device for generating a business process rule file, wherein the method comprises: obtaining a first sample feature field and a business label of a process characteristic analysis software package PCAP sample package; performing clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to characterize a common feature; analyzing the association between the business label and the second sample feature field to obtain an association rule; and generating a business process rule file according to the association rule. The generation method of the present invention can achieve high generation efficiency and can also ensure high accuracy of the business rule file.

Description

Method, device and electronic device for generating business process rule file

Technical Field

The embodiments of the present invention relate to the technical field of network and data mining, and in particular to a method, device and electronic device for generating a business process rule file.

Background technique

With the continuous development and evolution of 5G technology, the types of new 4G/5G services are increasing. The business data traffic based on HTTP/HTTPS or TCP/UDP, as well as WEB3.0 transmission is huge and the business data is complex.

The existing technology method for obtaining business flow rules:

Rely on manual dialing and packet capture. After connecting the mobile phone to the computer for dialing, use Wireshark to capture the network card traffic to obtain the traffic of the application data. Then, check with the naked eye whether the data message contains characteristic data that can characterize the business flow, extract its characteristics and organize them into the rules of the business flow.

The existing method of manually obtaining business flow rules to generate business rule files is inefficient and the generated business rule documents are prone to errors.

Summary of the invention

The embodiments of the present invention provide a method, device and electronic device for generating a business process rule file, so as to solve the problems that the existing method of generating business rule files by relying on manual acquisition of business flow rules is inefficient and the generated business rule documents are prone to errors.

In order to solve the above-mentioned technical problems, the present invention is achieved as follows:

In a first aspect, an embodiment of the present invention provides a method for generating a business process rule file, comprising:

Obtain the first sample feature field and business label of a process characteristic analysis software package PCAP sample package;

Performing clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to characterize a common feature;

Analyze the association between the service tag and the second sample feature field to obtain an association rule;

A business process rule file is generated according to the association rule.

Optionally,

The clustering process is performed on the first sample feature field, including:

Using a clustering algorithm to pre-classify the first sample feature field;

Using the longest common substring algorithm to solve the first sample characteristic fields after pre-classification, to obtain the longest common substring value corresponding to the first sample characteristic fields after pre-classification;

The field value of the first sample characteristic field after pre-classification is updated corresponding to the longest common substring value to obtain a second sample characteristic field.

Optionally,

The first sample feature field is pre-classified using a clustering algorithm, including:

The first sample feature field sets are combined into a first sample set, and the first sample set is sent to an interactive terminal associated with a user, wherein the first sample set is used by the user to remove the first sample feature fields that are not strongly correlated, and to obtain a second sample set that only includes the first sample feature fields that are strongly correlated;

receiving the second sample set sent by the interactive terminal;

A clustering algorithm is used to pre-classify the first sample feature fields in the second sample set.

Optionally,

The first sample feature fields in the second sample set are pre-classified using a clustering algorithm, which includes:

Performing format detection on the first sample feature word in the second sample set to obtain a first detection result;

If the first detection result is that the first sample feature field is in character format, the first sample feature field in the second sample set is converted into a digital format using a one-hot encoding method.

Optionally,

The first sample feature field is pre-classified using a clustering algorithm, which includes:

Performing format detection on the first sample characteristic field to obtain a second detection result;

If the second detection result is that the first sample feature field is in character format, the first sample feature field is converted into a digital format using a one-hot method.

Optionally,

Analyzing the association between the service tag and the second sample feature field includes:

Acquire a preset training set, wherein the preset training set includes: a training service label and a training sample feature field;

The association analysis model is trained using the training service label and the training sample feature field to obtain a target association analysis model;

The target association analysis model is used to analyze the association between the service tag and the second sample feature field.

Optionally,

Generate a business process rule file according to the association rule, and then include:

The business process rule file is loaded into the rule base, and the rule base information is updated.

Optionally,

Update the rule base information, including:

Receive request instructions sent by the configuration library;

The rule base information is returned according to the request instruction. The rule base information is used by the configuration library to determine whether the business process rule files stored in it are the latest. If they are not the latest and the number of business process rule files that differ from the rule base exceeds the preset difference threshold, the configuration library sends a full synchronization instruction; if they are not the latest and the number of business process rule files that differ from the rule base does not exceed the preset difference threshold, the configuration library sends an incremental synchronization instruction.

Optionally,

Returning the rule base information according to the request instruction, and then comprising:

Receiving the full synchronization instruction sent by the configuration library;

All business process rule files in the rule library are sent to the configuration library to update all business process rule files stored in the configuration library itself.

Optionally,

Returning the rule base information according to the request instruction, and then comprising:

Receiving the incremental synchronization instruction sent by the configuration repository;

The business process rule file is sent to the configuration library according to the incremental synchronization instruction to update the business process rule file stored in the configuration library itself that is different from the rule library. The incremental synchronization instruction is used to indicate the business process rule file that is different from the configuration library and the rule library.

Optionally,

The request instruction includes: a first message digest algorithm;

Returning the rule base information according to the request instruction includes:

The first message digest algorithm is used to calculate the information digest value of the rule base, and the information digest value is returned to the configuration library.

Optionally,

The information digest value of the rule base is calculated using the first message digest algorithm, which includes:

Verifying whether the first message digest algorithm is a digest algorithm in a preset specified algorithm set, and obtaining a verification result;

If the verification result is that the first message digest algorithm is not a digest algorithm in the specified algorithm set, determine that an algorithm in the specified algorithm set is a target message digest algorithm, use the target message digest algorithm to calculate the information digest value, return the information digest value and the target message digest algorithm to the configuration library, and the target message digest algorithm is used by the configuration library to update the first message digest algorithm stored in itself.

Optionally,

The request instruction is transmitted by carrying a first request message, and the first request message includes:

A message digest indication field is used to indicate whether to generate a message digest and/or the algorithm used to generate the message digest;

The rule base information is transmitted by carrying a first response message, and the first response message includes:

The response result indication field is used to indicate whether the response is successful;

The rule base version information field is used to indicate the current rule base version information;

The digest algorithm indication field is used to indicate the message digest algorithm;

The digest value indication field is used to indicate the digest value calculated by the message digest algorithm corresponding to the rule base version information.

Optionally,

The full synchronization instruction is transmitted by carrying a second request message, and the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

A rule base synchronization mode indication field is used to indicate that the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

All business process rule files in the rule base are transmitted by carrying a second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

Optionally,

The incremental synchronization instruction is transmitted by carrying a second request message, and the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

The rule base synchronization mode indication field is used to indicate whether the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

The business process rule file sent according to the incremental synchronization instruction is carried and transmitted through a second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

In a second aspect, an embodiment of the present invention provides a device for generating a business process rule file, including:

An acquisition module, used for acquiring a first sample feature field and a business label of a process characteristic analysis software package PCAP sample package;

A clustering module, used for performing clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to represent a common feature;

An analysis module, used for analyzing the association between the service tag and the second sample feature field to obtain an association rule;

A generation module is used to generate a business process rule file according to the association rule.

In a third aspect, an embodiment of the present invention provides an electronic device, comprising a processor, a memory, and a program or instruction stored in the memory and executable on the processor, wherein the program or instruction, when executed by the processor, implements the steps in the method for generating a business process rule file as described in any one of the first aspects.

In a fourth aspect, an embodiment of the present invention provides a readable storage medium, on which a program or instruction is stored. When the program or instruction is executed by a processor, the steps in the method for generating a business process rule file as described in any one of the first aspects are implemented.

In the embodiment of the present invention, the inefficient process of manually checking with the naked eye whether the data message contains characteristic data that can characterize the business flow is avoided, and the efficiency of generating business process rule files is improved; since inefficient manual labor is avoided, the embodiment of the present invention can generate more rule files in the same time, generate more software packages, broaden the coverage, and increase the number of samples, thereby avoiding the interference of extreme cases caused by too narrow coverage and small samples on the association rules, and further improving the accuracy of the business rule files; in addition, the embodiment of the present invention obtains the first sample feature field and business label of the process characteristic analysis software package PCAP sample package; clusters the first sample feature field to obtain the second sample feature field; the second sample feature field is used to characterize common features; analyzes the association between the business label and the second sample feature field to obtain the association rule; generates the business process rule file according to the association rule, and improves the accuracy of the business process rule file.

BRIEF DESCRIPTION OF THE DRAWINGS

Various other advantages and benefits will become apparent to those of ordinary skill in the art by reading the detailed description of the preferred embodiments below. The accompanying drawings are only for the purpose of illustrating the preferred embodiments and are not to be considered as limiting the present invention. Moreover, the same reference symbols are used throughout the accompanying drawings to represent the same components. In the accompanying drawings:

FIG1 is a schematic diagram of a flow chart of a method for generating a business process rule file according to an embodiment of the present invention;

2 is a schematic diagram of a flow chart of a method for generating a business process rule file according to an embodiment of the present invention;

FIG3 is a schematic diagram of the interaction process between the rule base configuration device and the user plane DPI system;

FIG4 is a schematic diagram of the execution flow of the rule base configuration device;

Figure 5 is a schematic diagram of a new message type;

FIG6 is a schematic diagram of a rule base version information query request message body;

FIG7 is a schematic diagram of a rule base version information query response message body;

FIG8 is a schematic diagram of a rule base configuration request message body;

FIG9 is a schematic diagram of a rule base configuration response message body;

10 is a functional block diagram of a device for generating a business process rule file according to an embodiment of the present invention;

FIG. 11 is a functional block diagram of an electronic device according to an embodiment of the present invention.

Detailed ways

The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

With the development and evolution of 4G/5G technology, the business volume has increased dramatically. The method based on manual original packet capture and generation of business flow rules is inefficient, has narrow coverage, and has a small sample size. At the same time, the generated business rule documents are prone to errors and the versions are difficult to maintain.

Manual acquisition of business rules has the following disadvantages:

1) The acquisition cycle is too long. It takes 1-2 weeks to generate business rules for a single application.

2) Low manual efficiency. The acquisition of business rules for each application relies on manual packet capture and visual analysis.

3) The coverage of business types is narrow, relying on manual discovery of rules, and only a few applications can be analyzed in the short term, and the coverage of application business is narrow.

4) Rule version maintenance is inconvenient and error-prone. The format of rule files that have been manually analyzed and organized is prone to errors and cannot be verified.

An embodiment of the present invention provides a method for generating a business process rule file. Referring to FIG. 1 , FIG. 1 is a flow chart of a method for generating a business process rule file according to an embodiment of the present invention. The method for generating a business process rule file includes:

Step 11: Obtain the first sample feature field and business label of the process characteristic analysis software package PCAP sample package;

Step 12: clustering the first sample feature field to obtain a second sample feature field; the second sample feature field is used to characterize the common feature;

Step 13: Analyze the association between the service tag and the second sample feature field to obtain an association rule;

Step 14: Generate a business process rule file based on the association rules.

For example, referring to FIG. 2 , FIG. 2 is a flow chart of a method for generating a business process rule file according to an embodiment of the present invention, which includes the following steps:

1) Data analysis and feature extraction:

A1. In order to facilitate subsequent algorithm analysis and improve the accuracy of flow rules, the application PCAP message obtained by dialing is first analyzed for traffic. Traffic analysis includes: IP analysis, TCP/UDP analysis, HTTP/HTTPS analysis. Specifically, the pcap4j framework can be used to perform hierarchical analysis on the application traffic to obtain the characteristic fields of each layer of the protocol, which is equivalent to the first sample characteristic field of the embodiment of the present invention:

IP layer: source IP, destination IP, number of IP fragments, and message length;

TCP/UDP layer: source port, destination port, window size, upstream and downstream traffic, number of out-of-order packets, number of retransmitted packets, payload length, etc.

HTTP/HTTPS: HOST, URI, User-Agent, Cookie, ServerName, IdAtCommonName, etc.

B1. Extract features that are strongly related to the business from the parsed feature fields and eliminate irrelevant data to avoid the impact of these data on subsequent results.

2) Automatic rule analysis:

A2. Feature encoding: Use one-hot encoding to map the value of the feature field from character format to digital format to facilitate subsequent clustering analysis.

B2. Cluster analysis: Perform K-means (or DBScan) cluster analysis on the multi-dimensional feature data after encoding conversion, and pre-classify all feature vectors to facilitate subsequent substring analysis of each feature field.

The multi-dimensional feature data is the detailed fields in each protocol obtained by parsing the IP, TCP/UDP, HTTP/HTTPS protocols, as feature data.

C2. Substring analysis: For the pre-classified data, in each sub-classification, the longest common substring algorithm is used to find the longest common substring of each feature field, and the obtained longest common substring is used to replace the value of the original feature field. The obtained sample feature field is equivalent to the second sample feature field in the embodiment of the present invention. The longest common substring represents the common features between the feature fields, and thus the obtained second sample feature field is used to represent the common features.

D2. Association analysis: The substring analysis features and business label data are analyzed together. The support and confidence of the FPGrowth algorithm are adjusted through multiple experiments. Finally, appropriate parameters are selected and the target association analysis model is trained. The target association analysis model is used to analyze the association rules between the business label and a single or multiple second sample feature fields. This association rule will be used as the basis for generating business flow rules.

If the association rule algorithm FPGrowth is used, the input data of the algorithm may be a multidimensional feature vector and business label data corresponding to the multidimensional feature vector, and the output data is the association rules related to the business label.

3) Business flow rule generation:

The business-related association rules generated in step 2) are converted into a file in a standard rule format that can be recognized by DPI to obtain a business flow rule file.

The conversion refers to the conversion of the format. For example, in the embodiment of the present invention, the association rule may be in the following form:

SERVER_NAME__s.hongyibo.com.cn&&ID_AT_COMMON_NAME__*.hongyibo.com.cn＝＝>AppInfo__1900061000

This association rule means: server_name and id_at_common_name are related to appinfo_1900061000.

The above association rules can be converted into the following format:

[SoSoMap]

#Rule_ID:17463

Server_name=s.hongyibo.com.cn

Id_at_common_name=*.hongyibo.com.cn

Name＝SoSoMap

The conversion steps for the above conversion are as follows:

Step 1. Convert the code after appinfo_1900061000 into the corresponding business name, such as SoSoMap;

Step 2: Find the business name in the first step in the original rule base file and compare the Rule_ID under the business name. The new Rule_ID will automatically increase by 1 on the largest Rule_ID.

Step 3: List the fields associated with appinfo in the form of association rules;

Step 4. Add the service name corresponding to this rule in the Name field.

As shown in FIG. 2 , the “labeled feature vector” in the figure is because the PCAP will be labeled when the packet is captured, and the label will eventually become the label of the feature vector.

In the embodiment of the present invention, the inefficient process of manually checking with the naked eye whether the data message contains characteristic data that can characterize the business flow is avoided, and the efficiency of generating business process rule files is improved; since inefficient manual labor is avoided, the embodiment of the present invention can generate more rule files in the same time, generate more software packages, broaden the coverage, and increase the number of samples, thereby avoiding the interference of extreme cases caused by too narrow coverage and small samples on the association rules, and further improving the accuracy of the business rule files; in addition, the embodiment of the present invention obtains the first sample feature field and business label of the process characteristic analysis software package PCAP sample package; clusters the first sample feature field to obtain the second sample feature field; the second sample feature field is used to characterize common features; analyzes the association between the business label and the second sample feature field to obtain the association rule; generates the business process rule file according to the association rule, and improves the accuracy of the generated business process rule file.

In some embodiments of the present invention, optionally, clustering the first sample feature field includes:

Using a clustering algorithm to pre-classify the first sample feature field;

The longest common substring algorithm is used to solve the first sample characteristic field after pre-classification to obtain the longest common substring value corresponding to the first sample characteristic field after pre-classification;

The field value of the first sample characteristic field after pre-classification is updated corresponding to the longest common substring value to obtain the second sample characteristic field.

In some embodiments of the present invention, the clustering algorithm may include at least one of the following: K-means and DBScan.

The K-means algorithm accepts an input of k and then divides n data objects into k clusters so that the obtained clusters satisfy: objects in the same cluster have a high degree of similarity, while objects in different clusters have a low degree of similarity. Cluster similarity is calculated using a "central object" (center of gravity) obtained by the mean of the objects in each cluster.

The working process of the K-means algorithm is described as follows:

First, k objects are randomly selected from n data objects as initial cluster centers; and for the remaining objects, they are assigned to the clusters (represented by the cluster centers) that are most similar to them according to their similarity (distance) to these cluster centers;

Then calculate the cluster center of each new cluster (the mean of all objects in the cluster); repeat this process until the standard measure function begins to converge.

DBScan (Density-Based Spatial Clustering of Applications with Noise) is a representative density-based clustering algorithm. Different from partitioning and hierarchical clustering methods, it defines a cluster as the largest set of density-connected points, can divide areas with sufficiently high density into clusters, and can find clusters of any shape in noisy spatial databases.

In the embodiment of the present invention, for example, referring to FIG. 2 , and in combination with step C2 of 1) data analysis and feature extraction:

Substring analysis: For the pre-classified data, in each sub-classification, the longest common substring algorithm is used to find the longest common substring of each feature field, and the obtained longest common substring is used to replace the value of the original feature field. The obtained sample feature field is equivalent to the second sample feature field in the embodiment of the present invention. The longest common substring represents the common features between the feature fields, and thus the obtained second sample feature field is used to represent the common features.

In an embodiment of the present invention, the common characteristics of the sample are obtained by solving the longest common substring value; further, the field value of the first sample characteristic field after pre-classification is updated corresponding to the longest common substring value to obtain the second sample characteristic field, which is beneficial to avoid the interference of non-public characteristics in the sample on the association rules and is beneficial to improving the accuracy of the generated business process rule file.

In some embodiments of the present invention, optionally, a clustering algorithm is used to pre-classify the first sample feature field, including:

The first sample feature field set is formed into a first sample set, and the first sample set is sent to an interactive terminal associated with a user, wherein the first sample set is used by the user to remove non-strongly relevant first sample feature fields, and is used to obtain a second sample set containing only strongly relevant first sample feature fields;

receiving a second sample set sent by the interaction terminal;

A clustering algorithm is used to pre-classify the first sample feature fields in the second sample set.

For example, see FIG. 2 and combine with step B1 of 1) data analysis and feature extraction:

In the embodiment of the present invention, features that are strongly related to the business are extracted from the parsed feature fields, and irrelevant data are eliminated to avoid the influence of these data on subsequent results.

In some embodiments of the present invention, optionally, a clustering algorithm is used to pre-classify the first sample feature field in the second sample set, which includes:

Performing format detection on the first sample feature word in the second sample set to obtain a first detection result;

If the first detection result is that the first sample feature field is in character format, the first sample feature field in the second sample set is converted into a digital format using a one-hot encoding method.

For example, see FIG. 2 and combine with step A2 of 1) data analysis and feature extraction:

Feature encoding: One-hot encoding is used to map the value of the feature field from character format to digital format to facilitate subsequent clustering analysis.

In an embodiment of the present invention, if the first detection result is that the first sample feature field is in character format, a one-hot encoding method is used to convert the first sample feature field in the second sample set into a digital format, thereby avoiding the process stagnation or error caused by the inability to perform cluster analysis on the first sample feature field in character form, saving the time required to eliminate errors and correct problems, and further improving the efficiency of rule file generation.

In some embodiments of the present invention, optionally, a clustering algorithm is used to pre-classify the first sample feature field, which includes:

Performing format detection on the first sample characteristic field to obtain a second detection result;

If the second detection result is that the first sample feature field is in character format, a one-hot method is used to convert the first sample feature field into a digital format.

For example, see FIG. 2 and combine with step A2 of 1) data analysis and feature extraction:

Feature encoding: One-hot encoding is used to map the value of the feature field from character format to digital format to facilitate subsequent clustering analysis.

In an embodiment of the present invention, if the second detection result is that the first sample feature field is in character format, a one-hot method is used to convert the first sample feature field into a digital format, thereby avoiding the process stagnation or error caused by the inability to perform cluster analysis on the first sample feature field in character form, saving the time required to eliminate errors and correct problems, and further improving the efficiency of rule file generation.

In some embodiments of the present invention, optionally, analyzing the association between the service tag and the second sample feature field includes:

Obtain a preset training set, the preset training set includes: training business labels and training sample feature fields;

The association analysis model is trained using training business labels and training sample feature fields to obtain a target association analysis model;

The target association analysis model is used to analyze the association between the service tag and the second sample feature field.

For example, see FIG. 2 , and combine 1) step D2 of data analysis and feature extraction:

Association analysis: The substring analysis features and business tag data are analyzed together. The support and confidence of the FPGrowth algorithm are adjusted through multiple experiments. Finally, the appropriate parameters are selected and the target association analysis model is trained. The target association analysis model is used to analyze the association rules between the business tag and a single or multiple second sample feature fields. This association rule will be used as the basis for generating business flow rules.

If the association rule algorithm FPGrowth is used, the input data of the algorithm may be a multidimensional feature vector and business label data corresponding to the multidimensional feature vector, and the output data is the association rules related to the business label.

In an embodiment of the present invention, an association analysis model is trained by using training service labels and training sample feature fields to obtain a target association analysis model; the target association analysis model is then used to analyze the association between the service label and the second sample feature field, thereby avoiding the inefficient process of manually checking with the naked eye whether the data message contains feature data that can characterize the service flow; and, since manual acquisition of business rule files is also limited by personnel's knowledge and cannot adapt to new sample features and new rules that emerge with the development of communication technology, the target association analysis model used in an embodiment of the present invention can overcome the limitations of personnel's knowledge, improve the adaptability to new sample features and new rules, and ensure efficient generation and high accuracy of rule files.

In some embodiments of the present invention, optionally, generating a business process rule file according to the association rule includes:

Load the business process rule file into the rule base and update the rule base information.

For example, see FIG. 2 , 3) generating business flow rules:

The business-related association rules generated in step 2) are converted into a file in a standard rule format that can be recognized by DPI to obtain a business flow rule file.

Among them, DPI (Deep Packet Inspection) is a deep inspection technology based on data packets. It performs deep inspection on different network application layer loads (such as HTTP, DNS, etc.) and determines the legitimacy of the message by inspecting the payload of the message.

DPI devices detect and analyze the traffic and message content at key points in the network, and can filter and control the detected traffic according to pre-defined strategies. They can complete functions such as refined business identification of the link, business traffic flow analysis, business traffic share statistics, business share shaping, application layer denial of service attacks, filtering of viruses and Trojans, and control of P2P abuse.

In the embodiment of the present invention, loading the business process rule file into the rule base and updating the rule base information may be loading the business process rule file into the rule base of the DPI system and updating the rule base information of the DPI system.

Specifically, the business flow rule file is directly loaded into the DPI system, and different versions of the rule base, version checking and control logic are maintained through the interaction between the configuration device and the DPI system. The configuration device can be an independent system or service, or a sub-module of other systems or services. The interaction between the configuration device and the user-side DPI system is based on the existing SDTP protocol (Safe Data Transfer Protocol) as the bearer protocol. A new rule base version negotiation message type is added based on the SDTP protocol to implement query of the rule base version and version consistency check. A new rule base configuration message type is added based on the SDTP protocol to implement the distribution configuration of the rule base.

Referring to FIG. 3 and FIG. 4 , FIG. 3 is a schematic diagram of the interaction process between the rule base configuration device and the user plane DPI system, wherein:

The three black blocks in each XDR correspond to App_Type (business category), App_Sub_Typ (business subcategory) and App_Content (business subcategory subdivision), which are three fields marking the business type;

UE: User Equipment;

eNB: 4G base station;

gNB: 5G base station;

SGW: abbreviation of Serving GateWay, meaning service gateway;

UPF: User Plane Function, which is mainly responsible for the routing and forwarding of user plane data packets in the 5G core network;

S1-U: The eNodeB and S-GW are interconnected through this interface, which is the user plane interface and is used for data message transmission;

N3: The interface between 5G RAN (Radio Access Network) and UPF (User Plane Function), mainly used to transmit uplink and downlink user plane data between 5G RAN and UPF.

In Figure 3, the user plane DPI system collects data from the S1-U interface in the 4G core network or the N3 interface in the 5G core network, identifies services based on the rule base, generates three fields: service category, service subcategory, and service subcategory segmentation, and writes the three fields into the XDR data to provide data support for upper-level business analysis, network management and other application systems.

In FIG. 3 , the black circles numbered 1 to 5 illustrate the order of the interaction process between the user plane DPI system and the configuration library configuration device, which are:

No. 1: The rule base configuration device sends a RuleVer_Req message to the user plane DPI system, requesting to obtain the current rule base version and specifying the algorithm used to generate the message digest value;

Number 2: The user plane DPI system sends a RuleVer_Resp message to the rule base configuration device, replying with the query result, the rule base version number currently used, the message digest algorithm, and the message digest value calculated using the message digest algorithm;

No. 3: The rule base configuration device checks whether the version information and message digest value returned by the RuleVer_Resp message are normal. If normal, check whether the current version is the latest version; if the current version is the latest version, the process terminates; if the current version is not the latest version, the rule base management device obtains the latest version in the device, generates a digest value for each business, and compares it with the digest value in the RuleVer_Resp message in No. 2 to determine whether the number of businesses with different rules exceeds half of the total number of businesses in the rule base;

No. 4: If the number of services does not exceed half of the total number of services in the rule base, obtain the rules of different services, trigger the RuleConfig_Req message to the user plane DPI system, select incremental as the data synchronization type, and request to push the latest version of the rule base version information and incremental rule information; if the number of services exceeds half of the total number of services in the rule base, trigger the RuleConfig_Req message to the user plane DPI system, select full as the data synchronization type, and request to push the latest version of the rule base version information and all rule base information;

Number 5: The user plane DPI system parses the data synchronization type in the RuleConfig_Req message. If it is full data synchronization, the rule base file is directly replaced; if it is incremental data synchronization, the business rules that need to be updated in the rule base file are updated and replaced. The user plane DPI system sends a RuleConfig_Resp message to the rule base configuration device and returns the configuration result.

FIG4 is a schematic diagram of the execution flow of the rule base configuration device, which includes the following steps (step 1 to step 10):

1. The rule base configuration device sends a RuleVer_Req message to the user plane DPI system, requesting the current rule base version and specifying the algorithm used to generate the message digest value;

2. The user plane DPI system sends a RuleVer_Resp message to the rule base configuration device, replying with the query result, the rule base version number currently in use, the message digest algorithm, and the message digest value calculated using the message digest algorithm;

3. The rule base configuration device checks whether the version information and message digest value returned by the RuleVer_Resp message are normal. If so, proceed to step 4, otherwise proceed to step 5;

4. Check whether the current version is the latest version. If yes, the process terminates. Otherwise, go to step 5;

5. The rule base management device obtains the latest version in the device, generates a summary value for each service, and compares it with the summary value in the RuleVer_Resp message in step 2;

6. Determine whether the number of services with different rules exceeds half of the total number of services in the rule base. If not, proceed to step 7; otherwise, proceed to step 8.

7. Obtain rules for different services, trigger the RuleConfig_Req message to the user plane DPI system, select incremental as the data synchronization type, and request to push the latest version of the rule base version information and incremental rule information;

8. Trigger the RuleConfig_Req message to the user plane DPI system, select full data synchronization type, and request to push the latest version of the rule base version information and all rule base information;

9. The user plane DPI system parses the data synchronization type in the RuleConfig_Req message. If it is full data synchronization, the rule base file is directly replaced; if it is incremental data synchronization, the business rules that need to be updated in the rule base file are updated and replaced.

10. The user plane DPI system sends a RuleConfig_Resp message to the rule base configuration device and returns the configuration result.

In step 1, the rule base configuration device sends a RuleVer_Req message to the user plane DPI system, specifying the algorithm used to generate the message digest value; and in step 2, the RuleVer_Resp message sent by the user plane DPI system to the rule base configuration device also includes the message digest algorithm. This process is a digest algorithm negotiation process between the rule base configuration device and the user plane DPI system, specifically:

The user plane DPI system can verify whether the digest algorithm specified according to the RuleVer_Req message is the algorithm supported by itself. If it is not the algorithm supported by itself, the user plane DPI system uses the digest algorithm supported by itself to calculate the information digest value, and returns the digest algorithm supported by the user plane DPI system and the message digest value calculated by the algorithm through the RuleVer_Resp message, so that the rule base configuration device also adopts the digest algorithm supported by the user plane DPI system to complete the negotiation.

In step 6, the number of services with different rules is obtained by determining the number of different information summary values. Because a summary value is generated for each service, determining the number of services with different rules is to determine the number of different summary values.

In step 6, it is determined whether the number of services with different rules exceeds half of the total number of services in the rule base, that is, whether the number of service process rule files that differ from the rule base exceeds a preset difference threshold. The preset difference threshold may be half of the total number of services.

The embodiment of the present invention can quickly push a new version of the rule base through configuration management of business flow rules; through standardization of the rule configuration management interface, the update efficiency and frequency of the rule base can be accelerated, solving the problem of large differences in business identification results among provinces and manufacturers.

In some embodiments of the present invention, optionally, updating the rule base information may then include:

Receive request instructions sent by the configuration library;

The rule base information is returned according to the request instruction. The rule base information is used by the configuration library to determine whether the business process rule files stored in it are the latest. If they are not the latest and the number of business process rule files that differ from the rule base exceeds the preset difference threshold, the configuration library sends a full synchronization instruction; if they are not the latest and the number of business process rule files that differ from the rule base does not exceed the preset difference threshold, the configuration library sends an incremental synchronization instruction.

In the examples of Figures 3 and 4 of the embodiments of the present invention, in step 6, the number of businesses with different rules is obtained by determining the number of different information summary values. Since a summary value is generated for each business, determining the number of businesses with different rules is to determine the number of different summary values. Determining whether the number of businesses with different rules exceeds half of the total number of businesses in the rule base is to determine whether the number of business process rule files that are different from the rule base exceeds a preset difference threshold. The preset difference threshold can be half of the total number of businesses.

In some embodiments of the present invention, optionally, returning rule base information according to the request instruction, then comprising:

Receive the full synchronization instruction sent by the configuration library;

Send all business process rule files in the rule base to the configuration base to update all business process rule files stored in the configuration base itself.

In the examples of FIG. 3 and FIG. 4 of the embodiment of the present invention, in step 8, a RuleConfig_Req message is triggered to the user plane DPI system, the data synchronization type is selected as full, and a request is made to push the latest version of the rule base version information and all rule base information.

In some embodiments of the present invention, optionally, returning rule base information according to the request instruction, then comprising:

Receive incremental synchronization instructions sent by the configuration repository;

The business process rule file is sent to the configuration library according to the incremental synchronization instruction to update the business process rule file stored in the configuration library itself that is different from the rule library. The incremental synchronization instruction is used to indicate the business process rule file that is different from the configuration library and the rule library.

In the examples of Figures 3 and 4 of the embodiments of the present invention, in step 7, rules for different services are obtained, and a RuleConfig_Req message is triggered to the user plane DPI system. The data synchronization type selects incremental, and a request is made to push the latest version of the rule library version information and incremental rule information.

In some embodiments of the present invention, optionally, the request instruction includes: a first message digest algorithm;

Returns rule base information according to the request instruction, including:

The first message digest algorithm is used to calculate the information digest value of the rule base, and the information digest value is returned to the configuration library.

In some embodiments of the present invention, optionally, the information digest value of the rule base is calculated using a first message digest algorithm, which includes:

Verifying whether the first message digest algorithm is a digest algorithm in a preset specified algorithm set, and obtaining a verification result;

If the verification result is that the first message digest algorithm is not a digest algorithm in the specified algorithm set, an algorithm in the specified algorithm set is determined to be the target message digest algorithm, the target message digest algorithm is used to calculate the information digest value, the information digest value and the target message digest algorithm are returned to the configuration library, and the target message digest algorithm is used by the configuration library to update the first message digest algorithm stored in itself.

In step 1, the rule base configuration device sends a RuleVer_Req message to the user plane DPI system, specifying the algorithm used to generate the message digest value; and in step 2, the RuleVer_Resp message sent by the user plane DPI system to the rule base configuration device also includes the message digest algorithm. This process is a digest algorithm negotiation process between the rule base configuration device and the user plane DPI system, specifically:

The user plane DPI system can verify whether the digest algorithm specified according to the RuleVer_Req message (equivalent to the first message digest algorithm in the embodiment of the present invention) is an algorithm supported by itself. If it is not an algorithm supported by itself, the user plane DPI system uses the digest algorithm supported by itself (equivalent to the target message digest algorithm in the embodiment of the present invention) to calculate the information digest value, and returns the digest algorithm supported by the user plane DPI system and the message digest value calculated by the algorithm through the RuleVer_Resp message, so that the rule base configuration device also uses the digest algorithm supported by the user plane DPI system to complete the negotiation (equivalent to the target message digest algorithm in the embodiment of the present invention used to configure the library to update its own stored first message digest algorithm).

In some embodiments of the present invention, optionally, the request instruction is transmitted by carrying a first request message, and the first request message includes:

A message digest indication field is used to indicate whether to generate a message digest and/or the algorithm used to generate the message digest;

The rule base information is transmitted via a first response message, which includes:

The response result indication field is used to indicate whether the response is successful;

The rule base version information field is used to indicate the current rule base version information;

The digest algorithm indication field is used to indicate the message digest algorithm;

The digest value indication field is used to indicate the digest value calculated by the message digest algorithm corresponding to the rule base version information.

As shown in Figure 3, based on the SDTP protocol as the transmission protocol, two pairs of request/response message types are added, which are used for querying the rule base version information and pushing the rule base configuration. As shown in Figure 5, the rectangle (dashed line) box in the lower right corner of the figure shows two pairs of newly added request/response messages. The message names of the rule base version information query request and response messages are RuleVer_Req and RuleVer_Resp, respectively, and the corresponding MessageType (information type) values are 0x0011 and 0x8011, respectively. The message names of the rule base configuration request and response messages are RuleConfig_Req and RuleConfig_Resp, respectively, and the corresponding MessageType (information type) values are 0x0012 and 0x8012, respectively.

Referring to FIG. 6 , FIG. 6 is a schematic diagram of a rule base version information query request message body. The first request message in the embodiment of the present invention is equivalent to a rule base version information query request RuleVer_Req, including:

Information digest indication field, such as: Message-Digest, which algorithm is used to generate the message digest value, 0: not generated, 1: MD5, 2: SHA1, 3: SHA256.

FIG6 also illustrates a first request message based on the SDTP stack structure, wherein the black frame indicates a message header (MessageHeader), and the white frame indicates a message body (MessageBody); the information digest indication field, such as: Message-Digest, occupies 1 byte as the message body (MessageBody) in the SDTP-based stack structure.

Referring to FIG. 7 , FIG. 7 is a schematic diagram of a rule base version information query response message body. The first response message in the embodiment of the present invention is equivalent to a rule base version information response request RuleVer_Resp, including:

Response result indication field, such as: Result, 0: failure, 1: success;

Rule base version information field, such as: Version, current rule base version information;

Digest algorithm indication field, such as: Message-Digest, message digest algorithm;

Digest value indicator field, such as: Message-Digest-Value, version number + rules for each service, the value calculated by the specified message digest algorithm.

Figure 7 also illustrates the first response message of the stack structure based on SDTP, wherein the black box indicates the message header (MessageHeader), and the white box indicates the message body (MessageBody); the response result indication field, such as: Result, occupies 1 byte as the message body (MessageBody) in the stack structure based on SDTP; the rule base version information field, such as: Version, occupies 3 bytes as the message body (MessageBody) in the stack structure based on SDTP; the digest algorithm indication field, such as: Message-Digest, occupies 1 byte as the message body (MessageBody) in the stack structure based on SDTP; the digest value indication field, such as: Message-Digest-Value, occupies an indefinite amount of bytes as the message body (MessageBody) in the stack structure based on SDTP.

In some embodiments of the present invention, optionally, the full synchronization instruction is transmitted by carrying a second request message, and the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

A rule base synchronization mode indication field is used to indicate that the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

All business process rule files in the rule base are transmitted by carrying the second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

Referring to FIG. 8 , FIG. 8 is a schematic diagram of a rule base configuration request message body. The second request message in the embodiment of the present invention is equivalent to the rule base configuration request message body RuleConfig_Req, including:

Rule base version information field, such as: Version, current rule base version information;

Rule base synchronization method indication field, such as: Sync-Type, rule base synchronization method, 0: full data synchronization; 1: incremental data synchronization;

Rule base information indicator field, such as Rule, rule base information. When full data is synchronized, all rule base contents are carried; when incremental data is synchronized, different business rule contents are carried.

Figure 8 also illustrates a second request message based on the SDTP stack structure, wherein the black box indicates a message header (MessageHeader), and the white box indicates a message body (MessageBody); the rule base version information field, such as: Version, occupies 3 bytes as the message body (MessageBody) in the SDTP-based stack structure; the rule base synchronization mode indication field, such as: Sync-Type, occupies 1 byte as the message body (MessageBody) in the SDTP-based stack structure; the rule base information indication field, such as: Rule, occupies an indefinite amount of bytes as the message body (MessageBody) in the SDTP-based stack structure.

Referring to FIG. 9 , FIG. 9 is a schematic diagram of a rule base configuration response message body. The second response message in the embodiment of the present invention is equivalent to the rule base configuration response message body RuleConfig_Resp, including:

Response result indication field, such as: Result, 0: failure, 1: success.

Figure 9 also illustrates the second response message based on the SDTP stack structure, wherein the black box indicates the message header (MessageHeader), and the white box indicates the message body (MessageBody); the response result indication field, such as: Result, occupies 1 byte in the SDTP-based stack structure as the message body (MessageBody).

In some embodiments of the present invention, optionally, the incremental synchronization instruction is transmitted by carrying a second request message, and the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

The rule base synchronization mode indication field is used to indicate whether the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

The business process rule file sent according to the incremental synchronization instruction is carried and transmitted through the second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

Referring to FIG. 8 , FIG. 8 is a schematic diagram of a rule base configuration request message body. The second request message in the embodiment of the present invention is equivalent to the rule base configuration request message body RuleConfig_Req, including:

Rule base version information field, such as: Version, current rule base version information;

Rule base synchronization method indication field, such as: Sync-Type, rule base synchronization method, 0: full data synchronization; 1: incremental data synchronization;

Rule base information indicator field, such as Rule, rule base information. When full data is synchronized, all rule base contents are carried; when incremental data is synchronized, different business rule contents are carried.

Referring to FIG. 9 , FIG. 9 is a schematic diagram of a rule base configuration response message body. The second response message in the embodiment of the present invention is equivalent to the rule base configuration response message body RuleConfig_Resp, including:

Response result indication field, such as: Result, 0: failure, 1: success.

An embodiment of the present invention provides a device for generating a business process rule file. Referring to FIG. 10 , FIG. 10 is a functional block diagram of a device for generating a business process rule file according to an embodiment of the present invention. The device 100 for generating a business process rule file includes:

An acquisition module 101 is used to acquire a first sample feature field and a business label of a process characteristic analysis software package PCAP sample package;

A clustering module 102, configured to perform clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to represent a common feature;

An analysis module 103, configured to analyze the association between the service tag and the second sample feature field to obtain an association rule;

The generating module 104 is used to generate a business process rule file according to the association rule.

In some embodiments of the present invention, optionally,

The clustering module 102 is further used to pre-classify the first sample feature field using a clustering algorithm;

The clustering module 102 is further used to solve the first sample feature fields after pre-classification using the longest common substring algorithm to obtain the longest common substring value corresponding to the first sample feature fields after pre-classification;

The clustering module 102 is further configured to update the field value of the first sample feature field after pre-classification corresponding to the longest common substring value to obtain a second sample feature field.

In some embodiments of the present invention, optionally,

The clustering module 102 is further used to form a first sample set from the first sample feature field set, and send the first sample set to an interactive terminal associated with a user, wherein the first sample set is used for the user to remove the first sample feature fields that are not strongly correlated, and to obtain a second sample set that only includes the first sample feature fields that are strongly correlated;

The clustering module 102 is further configured to receive the second sample set sent by the interaction terminal;

The clustering module 102 is further configured to pre-classify the first sample feature fields in the second sample set by using a clustering algorithm.

In some embodiments of the present invention, optionally,

The clustering module 102 is further configured to perform format detection on the first sample feature words in the second sample set to obtain a first detection result;

The clustering module 102 is further configured to convert the first sample feature field in the second sample set into a digital format by using a one-hot encoding method if the first detection result is that the first sample feature field is in a character format.

In some embodiments of the present invention, optionally,

The clustering module 102 is further used to perform format detection on the first sample feature field to obtain a second detection result;

The clustering module 102 is further configured to convert the first sample feature field into a digital format by using a one-hot method if the second detection result is that the first sample feature field is in a character format.

In some embodiments of the present invention, optionally,

The analysis module 103 is further used to obtain a preset training set, wherein the preset training set includes: a training service label and a training sample feature field;

The analysis module 103 is further used to train the association analysis model using the training service label and the training sample feature field to obtain a target association analysis model;

The analysis module 103 is further configured to analyze the association between the service tag and the second sample feature field by using the target association analysis model.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to load the business process rule file into a rule base and update the rule base information.

In some embodiments of the present invention, optionally,

The generating module 104 is further used to receive a request instruction sent by the configuration library;

The generation module 104 is also used to return the rule base information according to the request instruction. The rule base information is used by the configuration library to determine whether the business process rule files stored in it are the latest. If they are not the latest and the number of business process rule files that differ from the rule base exceeds the preset difference threshold, the configuration library sends a full synchronization instruction; if they are not the latest and the number of business process rule files that differ from the rule base does not exceed the preset difference threshold, the configuration library sends an incremental synchronization instruction.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to receive the full synchronization instruction sent by the configuration library;

The generating module 104 is further configured to send all the business process rule files in the rule base to the configuration base, so as to update all the business process rule files stored in the configuration base itself.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to receive the incremental synchronization instruction sent by the configuration repository;

The generation module 104 is also used to send the business process rule file to the configuration library according to the incremental synchronization instruction to update the business process rule file stored in the configuration library itself that is different from the rule library. The incremental synchronization instruction is used to indicate the business process rule file that is different from the configuration library and the rule library.

In some embodiments of the present invention, optionally,

The request instruction includes: a first message digest algorithm;

The generating module 104 is further configured to use the first message digest algorithm to calculate an information digest value of the rule base, and return the information digest value to the configuration base.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to verify whether the first message digest algorithm is a digest algorithm in a preset specified algorithm set, and obtain a verification result;

The generation module 104 is also used to, if the verification result is that the first message digest algorithm is not a digest algorithm in the specified algorithm set, determine that an algorithm in the specified algorithm set is a target message digest algorithm, use the target message digest algorithm to calculate the information digest value, return the information digest value and the target message digest algorithm to the configuration library, and the target message digest algorithm is used by the configuration library to update the first message digest algorithm stored in itself.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to transmit the request instruction by carrying a first request message, wherein the first request message includes:

A message digest indication field is used to indicate whether to generate a message digest and/or the algorithm used to generate the message digest;

The rule base information is transmitted by carrying a first response message, and the first response message includes:

The response result indication field is used to indicate whether the response is successful;

The rule base version information field is used to indicate the current rule base version information;

The digest algorithm indication field is used to indicate the message digest algorithm;

The digest value indication field is used to indicate the digest value calculated by the message digest algorithm corresponding to the rule base version information.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to carry and transmit the full synchronization instruction through a second request message, wherein the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

A rule base synchronization mode indication field is used to indicate that the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

All business process rule files in the rule base are transmitted by carrying a second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

In some embodiments of the present invention, optionally,

The generating module 104 is further configured to transmit the incremental synchronization instruction by carrying a second request message, wherein the second request message includes:

The rule base version information field is used to indicate the current rule base version information;

The rule base synchronization mode indication field is used to indicate whether the synchronization mode is full data synchronization or incremental data synchronization;

The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization;

The business process rule file sent according to the incremental synchronization instruction is carried and transmitted through a second response message, and the second response message includes:

The response result indication field is used to indicate whether the response is successful.

The device for generating a business process rule file provided in the embodiment of the present application can implement the various processes implemented by the method embodiments of Figures 1 to 9 and achieve the same technical effect. To avoid repetition, it will not be described here.

An embodiment of the present invention provides an electronic device 110, as shown in Figure 11, which is a principle block diagram of the electronic device 110 of the embodiment of the present invention, including a processor 111, a memory 112, and a program or instruction stored in the memory 112 and executable on the processor 111. When the program or instruction is executed by the processor, it implements any step in the method for generating a business process rule file of the present invention.

An embodiment of the present invention provides a readable storage medium, on which a program or instruction is stored. When the program or instruction is executed by a processor, the various processes of an embodiment of a method for generating a business process rule file such as any of the above-mentioned items are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

The readable storage medium is, for example, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk.

The embodiments of the present invention are described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the guidance of the present invention, ordinary technicians in this field can also make many forms without departing from the scope of protection of the present invention and the claims, all of which are within the protection of the present invention.

Claims (18)

1. A method for generating a business process rule file, characterized by comprising: Obtain the first sample feature field and business label of a process characteristic analysis software package PCAP sample package; Performing clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to characterize a common feature; Analyze the association between the service tag and the second sample feature field to obtain an association rule; A business process rule file is generated according to the association rule. 2. The method for generating a business process rule file according to claim 1, characterized in that: The clustering process is performed on the first sample feature field, including: Using a clustering algorithm to pre-classify the first sample feature field; Using the longest common substring algorithm to solve the first sample characteristic fields after pre-classification, to obtain the longest common substring value corresponding to the first sample characteristic fields after pre-classification; The field value of the first sample characteristic field after pre-classification is updated corresponding to the longest common substring value to obtain a second sample characteristic field. 3. The method for generating a business process rule file according to claim 2, characterized in that: The first sample feature field is pre-classified using a clustering algorithm, including: The first sample feature field sets are combined into a first sample set, and the first sample set is sent to an interactive terminal associated with a user, wherein the first sample set is used by the user to remove the first sample feature fields that are not strongly correlated, and to obtain a second sample set that only includes the first sample feature fields that are strongly correlated; receiving the second sample set sent by the interactive terminal; A clustering algorithm is used to pre-classify the first sample feature fields in the second sample set. 4. The method for generating a business process rule file according to claim 3, characterized in that: The first sample feature fields in the second sample set are pre-classified using a clustering algorithm, which includes: Performing format detection on the first sample feature word in the second sample set to obtain a first detection result; If the first detection result is that the first sample feature field is in character format, the first sample feature field in the second sample set is converted into a digital format using a one-hot encoding method. 5. The method for generating a business process rule file according to claim 2, characterized in that: The first sample feature field is pre-classified using a clustering algorithm, which includes: Performing format detection on the first sample characteristic field to obtain a second detection result; If the second detection result is that the first sample feature field is in character format, the first sample feature field is converted into a digital format using a one-hot method. 6. The method for generating a business process rule file according to claim 1, characterized in that: Analyzing the association between the service tag and the second sample feature field includes: Acquire a preset training set, wherein the preset training set includes: a training service label and a training sample feature field; The association analysis model is trained using the training service label and the training sample feature field to obtain a target association analysis model; The target association analysis model is used to analyze the association between the service tag and the second sample feature field. 7. The method for generating a business process rule file according to claim 1, characterized in that: Generate a business process rule file according to the association rule, and then include: The business process rule file is loaded into the rule base, and the rule base information is updated. 8. The method for generating a business process rule file according to claim 7, characterized in that: Update the rule base information, including: Receive request instructions sent by the configuration library; The rule base information is returned according to the request instruction. The rule base information is used by the configuration library to determine whether the business process rule files stored in it are the latest. If they are not the latest and the number of business process rule files that differ from the rule base exceeds the preset difference threshold, the configuration library sends a full synchronization instruction; if they are not the latest and the number of business process rule files that differ from the rule base does not exceed the preset difference threshold, the configuration library sends an incremental synchronization instruction. 9. The method for generating a business process rule file according to claim 8, characterized in that: Returning the rule base information according to the request instruction, and then comprising: Receiving the full synchronization instruction sent by the configuration library; All business process rule files in the rule library are sent to the configuration library to update all business process rule files stored in the configuration library itself. 10. The method for generating a business process rule file according to claim 8, characterized in that: Returning the rule base information according to the request instruction, and then comprising: Receiving the incremental synchronization instruction sent by the configuration repository; The business process rule file is sent to the configuration library according to the incremental synchronization instruction to update the business process rule file stored in the configuration library itself that is different from the rule library. The incremental synchronization instruction is used to indicate the business process rule file that is different from the configuration library and the rule library. 11. The method for generating a business process rule file according to claim 8, characterized in that: The request instruction includes: a first message digest algorithm; Returning the rule base information according to the request instruction includes: The first message digest algorithm is used to calculate the information digest value of the rule base, and the information digest value is returned to the configuration library. 12. The method for generating a business process rule file according to claim 11, characterized in that: The information digest value of the rule base is calculated using the first message digest algorithm, which includes: Verifying whether the first message digest algorithm is a digest algorithm in a preset specified algorithm set, and obtaining a verification result; If the verification result is that the first message digest algorithm is not a digest algorithm in the specified algorithm set, determine that an algorithm in the specified algorithm set is a target message digest algorithm, use the target message digest algorithm to calculate the information digest value, return the information digest value and the target message digest algorithm to the configuration library, and the target message digest algorithm is used by the configuration library to update the first message digest algorithm stored in itself. 13. The method for generating a business process rule file according to claim 8, characterized in that: The request instruction is transmitted by carrying a first request message, and the first request message includes: A message digest indication field is used to indicate whether to generate a message digest and/or the algorithm used to generate the message digest; The rule base information is transmitted by carrying a first response message, and the first response message includes: The response result indication field is used to indicate whether the response is successful; The rule base version information field is used to indicate the current rule base version information; The digest algorithm indication field is used to indicate the message digest algorithm; The digest value indication field is used to indicate the digest value calculated by the message digest algorithm corresponding to the rule base version information. 14. The method for generating a business process rule file according to claim 9, characterized in that: The full synchronization instruction is transmitted by carrying a second request message, and the second request message includes: The rule base version information field is used to indicate the current rule base version information; A rule base synchronization mode indication field is used to indicate that the synchronization mode is full data synchronization or incremental data synchronization; The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization; All business process rule files in the rule base are transmitted by carrying a second response message, and the second response message includes: The response result indication field is used to indicate whether the response is successful. 15. The method for generating a business process rule file according to claim 10, characterized in that: The incremental synchronization instruction is transmitted by carrying a second request message, and the second request message includes: The rule base version information field is used to indicate the current rule base version information; The rule base synchronization mode indication field is used to indicate whether the synchronization mode is full data synchronization or incremental data synchronization; The rule base information indication field is used to indicate that all rule base contents are carried when the synchronization mode is full data synchronization, or to indicate that different rule base contents are carried when the synchronization mode is incremental data synchronization; The business process rule file sent according to the incremental synchronization instruction is carried and transmitted through a second response message, and the second response message includes: The response result indication field is used to indicate whether the response is successful. 16. A device for generating a business process rule file, characterized by comprising: An acquisition module, used for acquiring a first sample feature field and a business label of a process characteristic analysis software package PCAP sample package; A clustering module, used for performing clustering processing on the first sample feature field to obtain a second sample feature field; the second sample feature field is used to represent a common feature; An analysis module, used for analyzing the association between the service tag and the second sample feature field to obtain an association rule; A generation module is used to generate a business process rule file according to the association rule. 17. An electronic device, characterized in that it includes a processor, a memory, and a program or instruction stored in the memory and executable on the processor, wherein the program or instruction, when executed by the processor, implements the steps in the method for generating a business process rule file as described in any one of claims 1 to 15. 18. A readable storage medium, characterized in that: the readable storage medium stores a program or instruction, and when the program or instruction is executed by a processor, the steps in the method for generating a business process rule file as described in any one of claims 1 to 15 are implemented.