阅读说明：本技术 网络行为模型构建方法、装置和计算机可读介质 (Network behavior model construction method and device and computer readable medium ) 是由 唐文 于 2019-06-17 设计创作，主要内容包括：网络行为模型构建方法、装置和计算机可读介质,该网络行为模型构建方法包括：从运营技术系统的网络流量中获取第一网络节点和第二网络节点之间通过目标通信协议和目标应用层数据通道传输的至少一个第一数据报文；根据至少一个第一数据报文确定至少一个序列模式,其中,每一个序列模式用于表征第一网络节点和第二网络节点之间的一种信息交互逻辑；针对每一个序列模式,利用文法推断构建与该序列模式相对应的确定有限自动机DFA；将构建出的各个确定有限自动机DFA进行组合,获得第一网络节点和第二网络节点之间通过目标通信协议和目标应用层数据通道进行通信时的网络行为模型。上述方法能够降低所构建网络行为模型的复杂性。(The network behavior model construction method comprises the following steps: acquiring at least one first data message transmitted between a first network node and a second network node through a target communication protocol and a target application layer data channel from network flow of an operation technology system; determining at least one sequence mode according to at least one first data message, wherein each sequence mode is used for representing an information interaction logic between a first network node and a second network node; constructing a Deterministic Finite Automata (DFA) corresponding to each sequence mode by utilizing grammar inference aiming at each sequence mode; and combining the established DFAs to obtain a network behavior model when the first network node and the second network node communicate through a target communication protocol and a target application layer data channel. The method can reduce the complexity of the constructed network behavior model.)