CN114679333A - Dual security decision method based on function and network and computer readable storage medium - Google Patents

Dual security decision method based on function and network and computer readable storage medium Download PDF

Info

Publication number
CN114679333A
CN114679333A CN202210413437.2A CN202210413437A CN114679333A CN 114679333 A CN114679333 A CN 114679333A CN 202210413437 A CN202210413437 A CN 202210413437A CN 114679333 A CN114679333 A CN 114679333A
Authority
CN
China
Prior art keywords
network
function
security
safety
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210413437.2A
Other languages
Chinese (zh)
Inventor
戚建淮
周杰
杜玲禧
宋晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Y&D Electronics Information Co Ltd
Original Assignee
Shenzhen Y&D Electronics Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Y&D Electronics Information Co Ltd filed Critical Shenzhen Y&D Electronics Information Co Ltd
Priority to CN202210413437.2A priority Critical patent/CN114679333A/en
Publication of CN114679333A publication Critical patent/CN114679333A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a dual security decision method based on function and network and a computer-readable storage medium. Aiming at one operation scene, the invention respectively judges the data generated by the applicable multiple functional safety strategies to ensure the conformity with the functional safety, and simultaneously respectively judges the data generated by the applicable multiple network safety strategies to ensure the conformity with the network safety, thereby meeting the requirements of the network safety and the functional safety. And aiming at the operation scene which is initially judged to be safe, extracting the data combination of the function safety data and the network safety data, and performing parallel verification on each data combination by adopting a plurality of different verification model functions, so that the simultaneous accordance with the function safety and the network safety can be ensured. Through circulation verification, the cracking difficulty is exponentially increased, and the safety can be further ensured.

Description

Dual security decision method based on function and network and computer readable storage medium
Technical Field
The present invention relates to the field of network security, and more particularly, to a dual security decision method based on function and network and a computer-readable storage medium.
Background
The cyber-physical system has dual world attributes and dual function security problems, specifically including function security problems and network security problems, and the security system in the existing defense and attack mode mainly aims at the reliability of function security and the security protection mode of vulnerability patch type of network security. The interleaving property of the double security problem enables the traditional reliability theory premise to be overturned, and a novel network protection method is urgently needed to solve the common problem of functional security and network security.
However, the security decision scheme in the prior art considers functional security and network security separately, and does not consider the interleaving problem of functional security and network security comprehensively, and in the key information infrastructure, the double security problem becomes the most serious common threat of network security.
Disclosure of Invention
The present invention is directed to solve the above-mentioned problems of the prior art, and provides a dual security determination method based on function and network and a computer-readable storage medium, which can effectively ensure both function security and network security.
The technical scheme adopted by the invention for solving the technical problems is as follows: a dual safety judgment method based on functions and networks is constructed, and the method comprises the following steps:
s1, performing initial safety judgment on the operation scene based on the function safety data and the network safety data respectively;
and S2, extracting data combinations of the function safety data and the network safety data of the operation scene which is initially judged to be safe, performing parallel verification on each data combination by adopting a plurality of different verification model functions, and circularly judging whether the operation scene is safe or not based on the parallel verification result.
In the dual security determination method based on function and network according to the present invention, the step S1 further includes the following steps:
s11, collecting function security policy setA is ═ a1,a2,…,amB and network security policy set B ═ B1,b2,…,bn}
S12, the operation scene S is jointly constructed through heterogeneous redundancy of function security and network security { S1, S2, …, sl };
s13, calculating a function safety index for each operation scene and judging whether the function is safe or not based on the function safety index;
s14, calculating a network safety index aiming at each operation scene and judging whether the network is safe or not based on the network safety index;
s15, performing the initial safety judgment on the operation scene based on the function safety judgment result and the network safety judgment result.
In the dual security determination method based on function and network according to the present invention, the step S13 further includes the following steps:
s131, aiming at the operation scene Si, selecting the function security policy set A ═ { a ═ from the function security policy set A1,a2,…,amExtract application function security policy set Asi∈A,
Figure BDA0003604176630000031
Applying to obtain functional safety data related to the operation scene Si
Figure BDA0003604176630000032
And the set of application function security policies
Figure BDA0003604176630000033
Corresponding functional safety threshold
Figure BDA0003604176630000034
S132, safety data based on functions
Figure BDA0003604176630000035
Calculating the functional safety of the operation scene SiNumber of
Figure BDA0003604176630000036
S133, safety index based on function
Figure BDA0003604176630000037
And said functional safety threshold
Figure BDA0003604176630000038
And judging whether the function is safe.
In the dual security determination method based on function and network according to the present invention, in the step S133, the function security of the operation scenario Si is calculated based on the following formula
Figure BDA0003604176630000039
Wherein
Figure BDA00036041766300000310
When X is presentsiAnd if not equal to 0, judging that the operation scene Si is unsafe, otherwise, judging that the operation scene Si is safe in function.
In the dual security determination method based on function and network according to the present invention, the step S14 further includes the following steps:
s141, aiming at the operation scene Si, selecting the network security policy set B ═ { B ═ B1,b2,…,bnExtracting application network security policy set Bsi∈B,
Figure BDA0003604176630000041
Applying to obtain network security data related to the operating scenario Si
Figure BDA0003604176630000042
And the application network security policy set
Figure BDA0003604176630000043
Corresponding network security threshold
Figure BDA0003604176630000044
S142, based on the network security data
Figure BDA0003604176630000045
Calculating the network security index of the operation scene Si
Figure BDA0003604176630000046
S143, based on the network security index
Figure BDA0003604176630000047
And the network security threshold
Figure BDA0003604176630000048
And judging whether the network is safe.
In the dual security determination method based on function and network according to the present invention, in the step S143, the network security of the operation scenario Si is calculated based on the following formula
Figure BDA0003604176630000049
Wherein
Figure BDA00036041766300000410
When Y issiAnd if not equal to 0, judging that the operation scene Si is unsafe, otherwise, judging that the operation scene Si is safe in network.
In the dual security determination method based on function and network according to the present invention, in the step S15, when X is detectedsi0 and YsiAnd when the running scene Si is 0, initially judging that the running scene Si is safe.
In the dual security decision method based on function and network according to the present invention, the step S2 further includes the following steps:
s21, extracting a data combination C ═ C of function safety data and network safety data aiming at the operation scene which is initially judged to be safe1,c2,…,ct}
S22, c for each data combinationkUsing r different verification model functions W ═ W1,W2,…,WrPerforming parallel verification, and if a single verification is safe, making Wi(ck)=0;
S23, judging whether the parallel verification result satisfies
Figure BDA0003604176630000051
If yes, executing step S24, otherwise, judging the data combination ckThe corresponding operation scene is a danger;
s24, adding the circulation times, judging whether the circulation times reach the upper limit, if so, judging the data combination ckAnd if the corresponding operation scene is safe, otherwise, returning to the step S22.
In the dual security determination method based on function and network according to the present invention, the number of cycles is greater than or equal to 2.
Another technical solution to solve the technical problem of the present invention is to construct a computer-readable storage medium, wherein the computer-readable storage medium is configured to implement the dual security determination method based on function and network when executed by a processor.
By implementing the dual-safety judgment method based on the function and the network and the computer readable storage medium, the accessed node can be finally accessed only if the space condition and the time condition are met and each node on the path is credible; therefore, the reliability of secret access can be effectively ensured, and the risk of secret leakage is reduced.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of the steps of a preferred embodiment of the dual function and network based security decision method of the present invention;
FIG. 2 is a flow chart of the initial security decision steps of the preferred embodiment of the dual function and network based security decision method of the present invention;
fig. 3 is a schematic diagram of the multi-mode authentication step of the preferred embodiment of the dual security decision method based on function and network of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The invention relates to a dual safety judgment method based on functions and a network, which comprises the steps of carrying out initial safety judgment on an operation scene based on function safety data and network safety data respectively; and aiming at the operation scene which is initially judged to be safe, extracting the data combination of the function safety data and the network safety data, performing parallel verification on each data combination by adopting a plurality of different verification model functions, and circularly judging whether the operation scene is safe or not based on the parallel verification result. Aiming at one operation scene, data generated by a plurality of applicable functional safety strategies are respectively judged to ensure that the data accord with functional safety, and meanwhile, data generated by a plurality of applicable network safety strategies are respectively judged to ensure that the data accord with network safety, so that the requirements of network safety and functional safety can be met. And aiming at the operation scene which is initially judged to be safe, extracting the data combination of the function safety data and the network safety data, and performing parallel verification on each data combination by adopting a plurality of different verification model functions, so that the simultaneous accordance with the function safety and the network safety can be ensured. Through circulation verification, the cracking difficulty is exponentially increased, and the safety can be further ensured.
Fig. 1 is a flow chart of the steps of a preferred embodiment of the dual function and network-based security decision method of the present invention. As described in fig. 1, in step S1, an initial security decision is made on the operation scenario based on the function security data and the network security data, respectively. In a preferred embodiment of the present invention, a functional security policy set and a network security policy set may be collected separately; the operation scene is constructed through heterogeneous redundancy of functional safety and network safety; calculating a functional safety index for each operating scene and determining whether the function is safe or not based on the functional safety index; calculating a network security index for each of the operating scenarios and determining whether to be network secure based on the network security index; and finally, performing the initial safety judgment on the operation scene based on a function safety judgment result and a network safety judgment result. In the method, for one operation scene, data generated by a plurality of applicable functional security policies are respectively judged to ensure that the data accord with functional security, and data generated by a plurality of applicable network security policies are respectively judged to ensure that the data accord with network security, so that the requirements of network security and functional security can be met.
As will be appreciated by those skilled in the art, the steps of the functional security policy set and the network security policy set and the steps of constructing the operation scenario may be performed simultaneously, or may be performed in different orders, for example, the step of collecting may be performed first, and then the step of constructing may be performed, or the step of constructing may be performed first and then the step of collecting may be performed. The functional security determination step and the network security step may be performed simultaneously or in a different order. In the invention, the safety of the operation scene is initially judged only when the function safety judgment result and the network safety judgment result are both safe.
In step S2, for the operation scenario initially determined to be safe, data combinations of the function security data and the network security data are extracted, each data combination is verified in parallel using a plurality of different verification model functions, and whether the operation scenario is safe is determined based on the parallel verification result in a loop. In the preferred embodiment of the invention, aiming at the operation scene which is initially judged to be safe, the data combination of the function safety data and the network safety data is extracted, and a plurality of different verification model functions are adopted to carry out parallel verification on each data combination, so that the function safety and the network safety can be ensured to be simultaneously met.
In a further preferred embodiment of the present invention, a loop determination may be performed on the parallel verification result, and based on a result of the loop determination, whether the operation scenario is safe or not may be performed. Through the cycle verification, the cracking difficulty is exponentially increased, even if malicious attacks pass through the cycle verification once by accident, the second cycle is blocked with high probability, and the safety is further ensured.
Fig. 2 is a flow chart of the initial security decision steps of the preferred embodiment of the dual function and network based security decision method of the present invention. Further preferred embodiments of the present invention are described below with reference to fig. 2.
In step S11, the function security policy sets a ═ a are collected respectively1,a2,…,amH and a set of network security policies B ═ B1,b2,…,bnCollection of the set of functional security policies and the set of network security policies can be performed by one skilled in the art herein according to any known method. Wherein n and m are positive integers of any value.
In step S12, the operating scenario S ═ S1, S2, …, sl } is jointly constructed by heterogeneous redundancy of functional security and network security. Here, a person skilled in the art may construct an operation scenario according to any known method as long as heterogeneous redundancy of function security and network security is ensured, where l is a positive integer with any value.
In verification S13, a functional safety index is calculated for each of the operating scenarios and it is determined whether or not the function is safe based on the functional safety index. The method comprises the following specific steps.
For each operating scenario Si (i takes a value of 1 to l), from the set of functional security policies a ═ a1,a2,…,amExtract application function security policy set Asi∈A,
Figure BDA0003604176630000091
Performing an application to obtain functional safety data related to the operation scenario Si
Figure BDA0003604176630000092
And the set of application function security policies
Figure BDA0003604176630000093
Corresponding workSafety threshold
Figure BDA0003604176630000094
Security data based on the function
Figure BDA0003604176630000095
Calculating a functional safety index of the operating scene Si
Figure BDA0003604176630000096
Here, the calculation may be performed according to any known functional safety index calculation method. The person skilled in the art can select the compound according to practical situations, and is not limited herein.
And then based on the functional safety index
Figure BDA0003604176630000097
And said functional safety threshold
Figure BDA0003604176630000098
And judging whether the function is safe.
I.e. the functional safety of the operating scenario Si is calculated on the basis of the following formula
Figure BDA0003604176630000099
Wherein
Figure BDA00036041766300000910
When X is presentsiIf not equal to 0, judging that the operation scene Si is unsafe, otherwise, judging that X is XsiAnd when the value is 0, judging that the running scene Si is safe in function.
In step S14, a network security index is calculated for each of the operation scenarios and it is determined whether to be network secure based on the network security index. The method comprises the following specific steps.
For the operating scenario Si, from the set of network security policies B ═ { B ═ B1,b2,…,bnExtracting application network security policy set Bsi∈B,
Figure BDA0003604176630000101
Applying to obtain network security data related to the operating scenario Si
Figure BDA0003604176630000102
And the application network security policy set
Figure BDA0003604176630000103
Corresponding network security threshold
Figure BDA0003604176630000104
Based on the network security data
Figure BDA0003604176630000105
Calculating the network safety index of the operation scene Si
Figure BDA0003604176630000106
Here, the calculation may be performed according to any known network security index calculation method. The person skilled in the art can select the compound according to practical situations, and is not limited herein.
Subsequent network based security index
Figure BDA0003604176630000107
And the network security threshold
Figure BDA0003604176630000108
And judging whether the network is safe.
Namely, the network security of the operation scene Si is calculated based on the following formula
Figure BDA0003604176630000109
Wherein
Figure BDA00036041766300001010
When Y issiWhen not equal to 0, judging that the operation scene Si is unsafe, otherwise, YsiAnd when the operation scene is 0, judging the Si work network safety of the operation scene.
In step S15, the initial security determination is made for the operation scenario based on the function security determination result and the network security determination result.
Specifically, when Xsi0 and YsiAnd when the running scene Si is 0, initially judging that the running scene Si is safe.
In this case, for each operation scenario, the data generated by the applicable multiple functional security policies are respectively determined to ensure compliance with functional security, and simultaneously or subsequently, the data generated by the applicable multiple network security policies are respectively determined to ensure compliance with network security.
Fig. 3 is a schematic diagram of the multimode authentication step of the preferred embodiment of the dual function and network-based security decision method of the present invention. Further preferred embodiments of the present invention are described below with reference to fig. 3.
For the operation scene St initially determined as safe in the step of fig. 2, extracting a data combination C ═ C of the function safety data and the network safety data1,c2,…,ctI.e. for satisfying Xsi0 and Ysi0 scene St, and extracts a data combination C ═ C of the function security data and the network security data1,c2,…,ctWhere t is a positive integer.
For each data combination ck(k-1, 2, …, t), using r different verification model functions W-W1,W2,…,WrPerforming parallel verification, if a single verification is safe, making Wi(ck) 0. As shown in fig. 3, r is a positive integer less than n. Where r different verification model functions may be selected any suitable verification model function.
Determining whether parallel verification results satisfy
Figure BDA0003604176630000111
If yes, adding one to the number of loops to determine whether the number of loops reaches an upper limit, if yes, determining the data combination ckThe corresponding operating scene is AnnAnd if not, returning to the parallel verification step. And if the verification result is greater than 0, determining that the system is dangerous.
That is, as shown in FIG. 3, the above parallel verification steps are circularly judged, and if the number of the circulation is limited, for example, h ≧ 2, the parallel verification result can be satisfied each time
Figure BDA0003604176630000121
The data combination c can be determinedkAnd the corresponding operation scene is safe.
In this way, both the problem of unknown uncertainty at the individual level and the problem of unknown certainty, which is known, can be translated into a "known unknown" probabilistic problem of population-level differential or common-mode representation (perceiving unknown events in a way that it is only known to be unknown at all). The size of the differential mode probability (controlling the possible influence range of unknown problems) can be controlled by adjusting the relative scale and the scene heterogeneity of the relative correct axiom logic expression, a voting strategy and the like. Simple consensus arbitration results have a small probability of error, requiring multidimensional dynamic iterative processing and arbitration. The relative correct axiom is not time robust and quality robust (even if life cannot be guaranteed) under human trial and error or blind attack conditions.
Therefore, the data combination generated by the applicable strategy combination of a plurality of functional safety and network safety is adopted for multi-mode verification, and the simultaneous conformity of the functional safety and the network safety is ensured; through the cycle verification, the cracking difficulty is exponentially increased, even if malicious attacks pass through the cycle verification once by accident, the second cycle is blocked with high probability, and the safety is further ensured.
Further preferred embodiments of the present invention also relate to a computer-readable storage medium that, when executed by a processor, implements the aforementioned dual function and network-based security decision method.
Accordingly, the present invention can be realized in hardware, software, or a combination of hardware and software. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the present invention is suited. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
The present invention may also be implemented by a computer program product, comprising all the features enabling the implementation of the methods of the invention, when loaded in a computer system. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A dual security judgment method based on functions and networks is characterized by comprising the following steps:
s1, performing initial safety judgment on the operation scene based on the function safety data and the network safety data respectively;
and S2, extracting data combinations of the function safety data and the network safety data of the operation scene which is initially judged to be safe, performing parallel verification on each data combination by adopting a plurality of different verification model functions, and circularly judging whether the operation scene is safe or not based on the parallel verification result.
2. The dual function and network-based security decision method according to claim 1, wherein the step S1 further comprises the steps of:
s11, collection function security policy set a ═ a1,a2,…,amB and network security policy set B ═ B1,b2,…,bn};
S12, the operation scene S is jointly constructed through heterogeneous redundancy of function security and network security { S1, S2, …, sl };
s13, calculating a function safety index for each operation scene and judging whether the function is safe or not based on the function safety index;
s14, calculating a network safety index aiming at each operation scene and judging whether the network is safe or not based on the network safety index;
s15, performing the initial safety judgment on the operation scene based on the function safety judgment result and the network safety judgment result.
3. The dual function and network-based security decision method according to claim 2, wherein said step S13 further comprises the steps of:
s131, aiming at the operation scene Si, selecting the function security policy set A ═ { a ═ from the function security policy set A1,a2,…,amExtract application function security policy set Asi∈A,
Figure FDA0003604176620000021
Applying to obtain functional safety data related to the operation scene Si
Figure FDA0003604176620000022
And the set of application function security policies
Figure FDA0003604176620000023
Corresponding functional safety threshold
Figure FDA0003604176620000024
S132, safety data based on functions
Figure FDA0003604176620000025
Calculating a functional safety index of the operating scene Si
Figure FDA0003604176620000026
S133, safety index based on function
Figure FDA0003604176620000027
And said functional safety threshold
Figure FDA0003604176620000028
And judging whether the function is safe.
4. The dual function and network-based security determination method according to claim 3, wherein in the step S133, the function security degree of the operation scenario Si is calculated based on the following formula
Figure FDA0003604176620000029
Wherein
Figure FDA00036041766200000210
When X issiAnd if not equal to 0, judging that the operation scene Si is unsafe, otherwise, judging that the operation scene Si is safe in function.
5. The dual function and network-based security decision method of claim 4, wherein said step S14 further comprises the steps of:
s141, aiming at the operation scene Si, selecting the network security policy set B ═ { B ═ B1,b2,…,bnExtracting an application network security policy set B from the databasesi∈B,
Figure FDA0003604176620000031
Applying to obtain network security data related to the operating scenario Si
Figure FDA0003604176620000032
And the application network security policy set
Figure FDA0003604176620000033
Corresponding network security threshold
Figure FDA0003604176620000034
S142, based on the network security data
Figure FDA0003604176620000035
Calculating the network security index of the operation scene Si
Figure FDA0003604176620000036
S143, based on the network security index
Figure FDA0003604176620000037
And the network security threshold
Figure FDA0003604176620000038
And judging whether the network is safe or not.
6. The method according to claim 5, wherein in step S143, the network security level of the operation scenario Si is calculated based on the following formula
Figure FDA0003604176620000039
Wherein
Figure FDA00036041766200000310
When Y issiAnd if not equal to 0, judging that the operation scene Si is unsafe, otherwise, judging that the operation scene Si is safe in network.
7. The dual security decision method based on function and network as claimed in claim 6, wherein in said step S15, when X is the number of timessi0 and YsiAnd when the running scene Si is 0, initially judging that the running scene Si is safe.
8. The method for determining dual security based on function and network according to any one of claims 1-6, wherein the step S2 further comprises the steps of:
s21, extracting a data combination C of function safety data and network safety data for the operation scene which is initially judged to be safe1,c2,…,ct};
S22, c for each data combinationkUsing r different verification model functions W ═ W1,w2,…,wrCarry out parallel verification, if single verification is safe, let wi(ck)=0;
S23, judging whether the parallel verification result meets the requirement
Figure FDA0003604176620000041
If yes, executing step S24, otherwise, judging the data combination ckThe corresponding operation scene is a danger;
s24, adding the circulation times to determine whether the circulation times reaches the upper limit, if so, determining the data combination ckAnd if the corresponding operation scene is safe, otherwise, returning to the step S22.
9. The dual function and network-based security decision method of claim 8, wherein the number of cycles is 2 or more.
10. A computer-readable storage medium, wherein the computer-readable storage medium, when executed by a processor, implements the dual function and network-based security decision method of any of claims 1-9.
CN202210413437.2A 2022-04-19 2022-04-19 Dual security decision method based on function and network and computer readable storage medium Pending CN114679333A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210413437.2A CN114679333A (en) 2022-04-19 2022-04-19 Dual security decision method based on function and network and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210413437.2A CN114679333A (en) 2022-04-19 2022-04-19 Dual security decision method based on function and network and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN114679333A true CN114679333A (en) 2022-06-28

Family

ID=82077447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210413437.2A Pending CN114679333A (en) 2022-04-19 2022-04-19 Dual security decision method based on function and network and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN114679333A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018175352A1 (en) * 2017-03-22 2018-09-27 Symantec Corporation Systems and methods for enforcing dynamic network security policies
CN111885019A (en) * 2020-07-08 2020-11-03 福建奇点时空数字科技有限公司 Network security situation element extraction method based on attack and defense information comparison
CN111935161A (en) * 2020-08-14 2020-11-13 国网重庆市电力公司电力科学研究院 Network attack and defense analysis method and system based on game theory
US20210006584A1 (en) * 2019-05-29 2021-01-07 Christian Lee Basballe Sorensen Systems and methods for evaluating and training cybersecurity teams
CN112769825A (en) * 2021-01-07 2021-05-07 深圳市永达电子信息股份有限公司 Network security guarantee method, system and computer storage medium
CN113824744A (en) * 2021-11-24 2021-12-21 深圳市永达电子信息股份有限公司 Situation awareness visualization method and system for business view and storage medium
CN114143099A (en) * 2021-12-03 2022-03-04 中国电信集团系统集成有限责任公司 Network security policy self-checking attack and defense test method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018175352A1 (en) * 2017-03-22 2018-09-27 Symantec Corporation Systems and methods for enforcing dynamic network security policies
US20210006584A1 (en) * 2019-05-29 2021-01-07 Christian Lee Basballe Sorensen Systems and methods for evaluating and training cybersecurity teams
CN111885019A (en) * 2020-07-08 2020-11-03 福建奇点时空数字科技有限公司 Network security situation element extraction method based on attack and defense information comparison
CN111935161A (en) * 2020-08-14 2020-11-13 国网重庆市电力公司电力科学研究院 Network attack and defense analysis method and system based on game theory
CN112769825A (en) * 2021-01-07 2021-05-07 深圳市永达电子信息股份有限公司 Network security guarantee method, system and computer storage medium
CN113824744A (en) * 2021-11-24 2021-12-21 深圳市永达电子信息股份有限公司 Situation awareness visualization method and system for business view and storage medium
CN114143099A (en) * 2021-12-03 2022-03-04 中国电信集团系统集成有限责任公司 Network security policy self-checking attack and defense test method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李 璇: "工业控制系统主动入侵反应的若干关键技术研究", 中国博士学位论文全文数据库 (信息科技辑), no. 2019, pages 3 - 5 *
胡博文: "基于模糊多目标决策的智能仪表功能安全与信息安全融合方法", 信息网络安全, no. 2021 *

Similar Documents

Publication Publication Date Title
US11509679B2 (en) Trust topology selection for distributed transaction processing in computing environments
US10482395B2 (en) System and methods for digital account threat detection
US10924514B1 (en) Machine learning detection of fraudulent validation of financial institution credentials
RU2638710C1 (en) Methods of detecting malicious elements of web pages
US6880087B1 (en) Binary state machine system and method for REGEX processing of a data stream in an intrusion detection system
CN109478220A (en) It is remedied to software attacks are extorted in cloud drive folder
KR20180105688A (en) Computer security based on artificial intelligence
Dash et al. Adaptive Naive Bayes method for masquerade detection
US11657899B2 (en) Computing device
Zhao et al. Federatedreverse: A detection and defense method against backdoor attacks in federated learning
Ahmad et al. Machine learning and blockchain technologies for cybersecurity in connected vehicles
Rakhimberdiev et al. Prospects for the use of neural network models in the prevention of possible network attacks on modern banking information systems based on blockchain technology in the context of the digital economy
CN110290110B (en) Encrypted malicious traffic identification method and system based on redundancy detection architecture
Cheng et al. STC‐IDS: Spatial–temporal correlation feature analyzing based intrusion detection system for intelligent connected vehicles
CN116684202B (en) Internet of things information security transmission method
CN114679333A (en) Dual security decision method based on function and network and computer readable storage medium
JP6674443B2 (en) Method and apparatus for using exhaustible network resources
CN111917760A (en) Network collaborative manufacturing cross-domain fusion trust management and control method based on identification analysis
CN116527317A (en) Access control method, system and electronic equipment
El Hadj et al. Validation and correction of large security policies: A clustering and access log based approach
US9998495B2 (en) Apparatus and method for verifying detection rule
Miehling et al. A dependency graph formalism for the dynamic defense of cyber networks
Jain et al. A literature review on machine learning for cyber security issues
CN113139878A (en) Method and system for identifying network security risk of power distribution automation master station
Iadarola et al. Designing Robust Deep Learning Classifiers for Image-based Malware Analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination