Ant Group’s Large‑Model‑Based Security Parallel Plane and Intelligent Threat Detection System

On November 12, the 13th plenary meeting of the China Artificial Intelligence Industry Development Alliance in Beijing announced the 2024 AI Pioneer Case Collection, and Ant Group’s "Large‑Model‑Based Security Parallel Plane and Intelligent Threat Detection System" was officially selected.

The case collection, jointly organized by the Alliance, the Ministry of Industry and Information Technology’s news center, and the China Academy of Information and Communications Technology, selects high‑value, benchmark, and truly implemented AI applications; Ant Group’s system passed the review and was included.

Amid the global digital transformation wave, network threat risks have become increasingly severe, posing unprecedented challenges to China’s governmental and enterprise cyberspace security. Ant Group generates massive security data daily, with intrusion detection probe logs reaching tens of millions per second, testing the resilience of digital security defenses.

In response, Ant Group’s basic security team applied a security large model with strong semantic understanding and problem‑solving capabilities, integrating expert experience and machine intelligence through the DKCF (Data/Knowledge/Collaboration/Feedback) paradigm, establishing a multi‑layered security depth‑defense system centered on "security parallel plane and intelligent threat detection".

The system comprises four core modules: Data Correlation Analysis , which innovatively fuses AI with Ant’s proprietary parallel plane technology to associate diverse data types and construct complete attack chains; Unknown Threat Discovery , which leverages the DKCF framework to overcome concept ambiguity, reasoning gaps, feedback inefficiency, and attention‑scale limitations, enabling trustworthy application of large‑model reasoning to unknown threats; Alarm False‑Positive Reduction , which builds business‑behavior baselines and uses large‑model capabilities to match alarms against these baselines, filtering normal activities and lowering false alerts; and Security Countermeasure Knowledge Graph , which integrates ATT&CK tactics, techniques, and threat‑intelligence information into a knowledge‑graph, enhancing detection accuracy and explainability.

In repeated drills and real‑world practice, the "security parallel plane and intelligent threat detection" framework achieves an automated abnormal‑behavior judgment rate exceeding 95%, effectively addressing novel and unknown security challenges and improving overall proactive protection. The solution has earned accolades such as the 2024 WIC Find Intelligent Technology Innovation Application case and the 2022 Shanghai Cybersecurity Industry Innovation Achievement.