CN115348184B - Internet of things data security event prediction method and system - Google Patents

Internet of things data security event prediction method and system Download PDF

Info

Publication number
CN115348184B
CN115348184B CN202210979624.7A CN202210979624A CN115348184B CN 115348184 B CN115348184 B CN 115348184B CN 202210979624 A CN202210979624 A CN 202210979624A CN 115348184 B CN115348184 B CN 115348184B
Authority
CN
China
Prior art keywords
data
training
value
vector
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210979624.7A
Other languages
Chinese (zh)
Other versions
CN115348184A (en
Inventor
高小虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Vocational College of Business
Original Assignee
Jiangsu Vocational College of Business
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Vocational College of Business filed Critical Jiangsu Vocational College of Business
Priority to CN202210979624.7A priority Critical patent/CN115348184B/en
Publication of CN115348184A publication Critical patent/CN115348184A/en
Application granted granted Critical
Publication of CN115348184B publication Critical patent/CN115348184B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Artificial Intelligence (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for predicting data security events of the Internet of things. And obtaining the data of the Internet of things. And detecting the data of the Internet of things to obtain a transmission vector set. And carrying out hash mapping on the data content vector to obtain a mapping vector. And inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value. And if the predicted safety value is 0, discarding the data packet. After data information is mapped through the hash mapping table, the storage structure is controlled to store the training length position, the LTSM neural network is input, the data length can be reduced and becomes fixed, the detection of the neural network is faster, the association on the data information sequence is obtained, the output of the training content data at any position is controlled, and therefore the influence of unnecessary data on training is reduced. And inputting the header information into a DNN neural network, and judging together to accurately obtain a predicted safety value.

Description

Internet of things data security event prediction method and system
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for predicting data security events of the Internet of things.
Background
The problem of data interaction between the client and the server is that the receiving end receives data, but sometimes the phenomenon of unsafe data occurs, and the unsafe data can cause damage to the receiving end, so that the safety of the transmitted data needs to be judged. Since the transmission data is excessive and the transmission data is not data in an ideal state but is converted into binary data, the security problem is not easily solved.
Disclosure of Invention
The invention aims to provide a method and a system for predicting data security events of the Internet of things, which are used for solving the problems in the prior art.
In a first aspect, an embodiment of the present invention provides a method for predicting an internet of things data security event, including:
obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
detecting the data of the Internet of things to obtain a transmission vector set; the set of transmission vectors includes a header vector and a data content vector; the vector values in the data content vector represent the transmitted content;
hash mapping is carried out on the data content vector to obtain a mapping vector;
inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value; the predicted security value being 1 indicates data transmission security; the predicted security value being 0 indicates that the transmission data is not secure;
and if the predicted safety value is 0, discarding the data packet.
Optionally, the security event prediction model includes a storage structure, an LTSM neural network, and a DNN neural network:
the input of the DNN neural network is a data content vector; the input of the storage structure is a data content vector; the inputs to the LTSM neural network are the header vector and the output of the memory structure.
Optionally, the obtaining, by detecting, the data of the internet of things, a set of transmission vectors includes:
obtaining an Internet of things protocol; the internet of things protocol is a communication protocol with a fixed receiving end; the internet of things protocol is an application layer protocol;
obtaining a plurality of initial positions according to the Internet of things data and an Internet of things protocol; the initial position is the position of various information in the transmitted internet of things data;
dividing the data of the Internet of things at a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of an internet of things protocol;
and respectively forming a plurality of vectors by the values in the plurality of transmission data sets to obtain a transmission vector set.
Optionally, the hash mapping the data content vector to obtain a mapping vector includes:
obtaining a request length; the request length is the data length transmitted by the request;
sequentially combining the plurality of data content vectors according to the request length to obtain a plurality of combined data vectors; the vector length of the merged data vector is the request length;
obtaining a fixed length value; the fixed length value is a set length value;
based on the fixed length value and the combined data vector, a mapping vector is obtained through hash mapping.
Optionally, the obtaining the mapping vector by hash mapping based on the fixed length value and the merged data vector includes:
establishing a hash mapping table; the key value in the Ha Xiying table is a plurality of key value pairs arranged from 0;
dividing the combined data by a fixed length value to obtain a division length;
dividing the combined data vector into a plurality of data according to the dividing length to obtain a plurality of divided data;
searching the split data through a hash mapping table to obtain a plurality of mapping data;
forming a plurality of mapping data into a mapping vector; the length of the mapping vector is a fixed length value.
Optionally, the training method of the security event prediction model includes:
obtaining a training set; the training set comprises a plurality of training data and a corresponding plurality of labeling data; the training data comprises training header data and training content data; the training content data is mapping data constructed in the history transmission process; the labeling data is 1 to indicate safety; the labeling data being 0 indicates unsafe;
based on the training content data, a training length position is obtained;
inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value;
obtaining a loss value through a loss function by the training predicted safety value and the labeling data;
obtaining the current training iteration times of a safety event prediction model and the preset maximum iteration times of the training of the safety event prediction model;
and stopping training when the loss value is smaller than or equal to a threshold value or the training iteration number reaches the maximum iteration number, and obtaining a trained safety event prediction model.
Optionally, the obtaining the training length position based on the training content data includes:
searching training content data, and judging whether a value with a vector value of-1 in the training data exists in the data;
if the value of the vector value of the training content data is-1, obtaining the length position of the training content; the training content length position is the position of the first value equal to-1 in the training data.
Optionally, inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value, including:
inputting training length positions and training content data in the training data into an LTSM neural network to obtain training content values; the training content value represents the sequential relationship of the data; the training content value of 1 indicates that the training content data is safe, and the training content value of 0 indicates that the training content data is unsafe;
inputting training header data in the training data into a DNN neural network to obtain a training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe;
when the training content value is 1, the training header value is 1, and the training prediction safety value is set to be 1;
and when the training content value is 0 or the training header value is 0, setting the training prediction safety value to 0.
Optionally, inputting the training length position and training content data in the training data into the LTSM neural network to obtain a training content value, including:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LTSM structure to obtain a first LTSM output value;
inputting a second vector value in the first LTSM output value and training content data into a second LTSM structure to obtain a second LTSM output value;
and inputting the LTSM structure by repeatedly inputting the LTSM output value and the vector in the training content data until reaching the training length position in the storage structure, thereby obtaining the training content value.
In a second aspect, an embodiment of the present invention provides a system for predicting an internet of things data security event, including:
the acquisition module is used for: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
and a segmentation module: detecting the data of the Internet of things to obtain a transmission vector set; the set of transmission vectors includes a header vector and a data content vector; the vector values in the data content vector represent the transmitted content;
and a mapping module: hash mapping is carried out on the data content vector to obtain a mapping vector;
and a safety prediction module: inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value; the predicted security value being 1 indicates data transmission security; the predicted security value being 0 indicates that the transmission data is not secure;
discarding module: and if the predicted safety value is 0, discarding the data packet.
Compared with the prior art, the embodiment of the invention achieves the following beneficial effects:
the embodiment of the invention also provides a method and a system for predicting the data security event of the Internet of things, wherein the method comprises the following steps: and obtaining the data of the Internet of things. The data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network. And detecting the data of the Internet of things to obtain a transmission vector set. The set of transmission vectors includes a header vector and a data content vector. The vector values in the data content vector represent the transmitted content. And carrying out hash mapping on the data content vector to obtain a mapping vector. And inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value. The predicted security value of 1 indicates data transmission security. The predicted security value of 0 indicates that the transmission data is not secure. And if the predicted safety value is 0, discarding the data packet.
By adopting the neural network, the safety information can be obtained more accurately. Header information and data information in the internet of things data are separated, and various characteristics of the header information and the data information can be used. After data information is mapped through the hash mapping table, the storage structure is controlled to store the training length position, the LTSM neural network is input, the data length can be reduced and becomes fixed, the detection of the neural network is faster, the association on the data information sequence is obtained, the output of the training content data at any position is controlled, and therefore the influence of unnecessary data on training is reduced. And inputting the header information into a DNN neural network, and judging together to accurately obtain a predicted safety value.
Drawings
Fig. 1 is a flowchart of a method for predicting an internet of things data security event according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a security event prediction model in an internet of things data security event prediction system according to an embodiment of the present invention.
Fig. 3 is a schematic block diagram of an electronic device according to an embodiment of the present invention.
The marks in the figure: a bus 500; a receiver 501; a processor 502; a transmitter 503; a memory 504; bus interface 505.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a method for predicting an internet of things data security event, where the method includes:
s101: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network.
The Internet of things data is information transmitted between the client and the server.
S102: detecting the data of the Internet of things to obtain a transmission vector set; the set of transmission vectors includes a header vector and a data content vector; the vector values in the data content vector represent the transmitted content.
S103: hash mapping is carried out on the data content vector to obtain a mapping vector;
s104: and inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value. The predicted security value of 1 indicates data transmission security. The predicted security value of 0 indicates that the transmission data is not secure.
The structural schematic diagram of the security event prediction model is shown in fig. 2.
S105: and if the predicted safety value is 0, discarding the data packet.
Optionally, the security event prediction model includes a storage structure, an LTSM neural network, and a DNN neural network:
the input of the DNN neural network is a data content vector; the input of the storage structure is a data content vector; the inputs to the LTSM neural network are the header vector and the output of the memory structure.
Optionally, the obtaining, by detecting, the data of the internet of things, a set of transmission vectors includes:
obtaining an Internet of things protocol; the internet of things protocol is a communication protocol with a fixed receiving end. The internet of things protocol is an application layer protocol.
In this embodiment, the internet of things protocol is the HTTP protocol.
Obtaining a plurality of initial positions according to the Internet of things data and an Internet of things protocol; the initial position is the position of various information in the transmitted internet of things data;
dividing the data of the Internet of things at a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of an internet of things protocol;
and respectively forming a plurality of vectors by the values in the plurality of transmission data sets to obtain a transmission vector set.
By the method, header information and data information in the internet of things data are separated, and the predicted safety value can be accurately obtained in the subsequent safety judgment according to various characteristics of the header information and the data information.
Optionally, the hash mapping the data content vector to obtain a mapping vector includes:
obtaining a request length; the request length is the data length transmitted by the request.
Sequentially combining the plurality of data content vectors according to the request length to obtain a plurality of combined data vectors; the vector length of the merged data vector is the request length.
A fixed input length is obtained. The fixed length value is a set length value.
Based on the fixed length value and the combined data vector, a mapping vector is obtained through hash mapping.
By the method, the data with the same request are organized into one vector, and the security of the transmitted data is judged by the vector.
Optionally, the obtaining the mapping vector by hash mapping based on the fixed length value and the merged data vector includes:
establishing a hash mapping table; and a plurality of key value pairs with the key value of 0 as an initial value are constructed in the Ha Xiying table.
In this embodiment, the Ha Xiying table has a plurality of key value pairs. The key words of the key value pairs are segmented binary; the partial hash map is shown in table 1.
TABLE 1
100 101 110 111 1000
4 5 6 7 8
Dividing the combined data by a fixed length value to obtain a division length.
Wherein there is a remainder if the combined data is divided by the fixed length value. The quotient is added 1 to obtain the segmentation length. If 20 divided by 7, the division length is 3.
And dividing the merged data vector into a plurality of data according to the dividing length to obtain a plurality of divided data.
And searching the split data through the hash mapping table to obtain a plurality of mapping data.
The plurality of mapping data is organized into a mapping vector. The length of the mapping vector is a fixed length value.
The initial value of the vector value in the mapping vector is-1, and when no mapping vector is replaced, the vector value is still-1.
By the method, the fixed-length input can be used when the neural network input is performed later through the hash mapping table. And the data length can be reduced, so that the detection of the neural network is faster.
Optionally, the training method of the security event prediction model includes:
obtaining a training set; the training set comprises a plurality of training data and a corresponding plurality of labeling data; the training data is a mapping vector constructed in the history transmission process; the labeling data is 1 to indicate safety; the labeling data of 0 indicates unsafe.
And obtaining preprocessing training data based on the training data.
Inputting the training data into a safety event prediction model to obtain a training prediction safety value;
and obtaining the loss value through a loss function by the training predicted safety value and the labeling data.
Wherein the loss function is a binary cross entropy loss function.
And obtaining the current training iteration times of the safety event prediction model and the preset maximum iteration times of the training of the safety event prediction model.
The maximum iteration number of training the safety event prediction model preset in this embodiment is 1200.
And stopping training when the loss value is smaller than or equal to a threshold value or the training iteration number reaches the maximum iteration number, and obtaining a trained safety event prediction model.
By the method, training data with vector length smaller than the number of the neurons input by the neural network in the safety event prediction model is complemented by-1 because of the fixed reason of the neurons input by the neural network, but the influence of the part needs to be eliminated when the part is lost because the part has no meaning in the training process. The true length is obtained and then the length is not calculated at the time of the loss value.
Optionally, the obtaining the training length position based on the training content data includes:
searching training content data, and judging whether a value with a vector value of-1 in the training data exists in the data;
if the value of the vector value of the training content data is-1, obtaining the length position of the training content; the training content length position is the position of the first value equal to-1 in the training data.
By the method, the end of the data truly used for training is found.
Optionally, inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value, including:
inputting training length positions and training content data in the training data into an LTSM neural network to obtain training content values; the training content value represents the sequential relationship of the data; the training content value of 1 indicates that the training content data is safe, and the training content value of 0 indicates that the training content data is unsafe.
Inputting training header data in the training data into a DNN neural network to obtain a training header value; the training preamble value of 1 indicates that the training preamble data is safe, and the training preamble value of 0 indicates that the training preamble data is unsafe.
And when the training content value is 1, the training header value is 1, and the training prediction safety value is set to be 1.
And when the training content value is 0 or the training header value is 0, setting the training prediction safety value to 0.
By the method, the training content data are input into the LTSM neural network to extract information due to the sequence relation of the training content data. And the header information is independently extracted during training, so that DNN neural networks are used for extracting the information.
Optionally, inputting the training length position and training content data in the training data into the LTSM neural network to obtain a training content value, including:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LTSM structure to obtain a first LTSM output value;
inputting a second vector value in the first LTSM output value and training content data into a second LTSM structure to obtain a second LTSM output value;
and inputting the LTSM structure by repeatedly inputting the LTSM output value and the vector in the training content data until reaching the training length position in the storage structure, thereby obtaining the training content value.
By the method, the storage structure is controlled to store the training length position, and the output of the training content data is controlled at the position, so that the influence of unnecessary data on training is reduced.
By the method, header information and data information in the internet of things data are separated, and the predicted safety value can be accurately obtained in the subsequent safety judgment according to various characteristics of the header information and the data information. Data having the same request is organized into a vector, and the security of the transmitted data is judged by the vector. By hashing the mapping table, a fixed length input can be used when the neural network input is performed later. And the data length can be reduced, so that the detection of the neural network is faster. Because of the fixed input neurons in the neural network, training data with vector length smaller than the number of the input neurons of the neural network in the safety event prediction model is complemented by-1. Because the training content data has a sequence relation, the training content data is input into the LTSM neural network to extract information. And the header information is independently extracted during training, so that DNN neural networks are used for extracting the information. The control storage structure stores the training length position and controls the output position of the training content data, so that the influence of unnecessary data on training is reduced.
Example 2
Based on the method for predicting the data security event of the Internet of things, the embodiment of the invention also provides a system for predicting the data security event of the Internet of things, which comprises an acquisition module, a segmentation module, a mapping module, a security prediction module and a discarding module.
The acquisition module is used for acquiring the data of the Internet of things. The internet of things data is information transmitted by a user request. The data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network.
The segmentation module is used for obtaining a transmission vector set through detection of the internet of things data. The set of transmission vectors includes a header vector and a data content vector. The vector values in the data content vector represent the transmitted content.
The mapping module is used for carrying out hash mapping on the data content vector to obtain a mapping vector.
The safety prediction module is used for inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value being 1 indicates data transmission security; the predicted security value of 0 indicates that the transmission data is not secure.
And the discarding module is used for discarding the data packet if the predicted security value is 0.
The specific manner in which the various modules perform the operations in the systems of the above embodiments have been described in detail herein with respect to the embodiments of the method, and will not be described in detail herein.
An embodiment of the present invention further provides an electronic device, as shown in fig. 3, including a memory 504, a processor 502, and a computer program stored in the memory 504 and capable of running on the processor 502, where the steps of any one of the methods for predicting an internet of things data security event described above are implemented when the processor 502 executes the program.
Where in FIG. 3 a bus architecture (represented by bus 500), bus 500 may include any number of interconnected buses and bridges, with bus 500 linking together various circuits, including one or more processors, represented by processor 502, and memory, represented by memory 504. Bus 500 may also link together various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., as are well known in the art and, therefore, will not be described further herein. Bus interface 505 provides an interface between bus 500 and receiver 501 and transmitter 503. The receiver 501 and the transmitter 503 may be the same element, i.e. a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 502 is responsible for managing the bus 500 and general processing, while the memory 504 may be used to store data used by the processor 502 in performing operations.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, the program when executed by a processor implementing the steps of any one of the methods for predicting the data security event of the internet of things described above and the related data.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, the present invention is not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functions of some or all of the components in an apparatus according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names.

Claims (8)

1. The method for predicting the data security event of the Internet of things is characterized by comprising the following steps of
Obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
detecting the data of the Internet of things to obtain a transmission vector set; the set of transmission vectors includes a header vector and a data content vector; the vector values in the data content vector represent the transmitted content;
hash mapping is carried out on the data content vector to obtain a mapping vector;
inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value; the predicted security value being 1 indicates data transmission security; the predicted security value being 0 indicates that the transmission data is not secure;
if the predicted safety value is 0, discarding the data packet;
hash mapping is carried out on the data content vector to obtain a mapping vector, and the method comprises the following steps:
obtaining a request length; the request length is the data length transmitted by the request;
sequentially combining the plurality of data content vectors according to the request length to obtain a plurality of combined data vectors; the vector length of the merged data vector is the request length;
obtaining a fixed length value; the fixed length value is a set length value;
based on the fixed length value and the combined data vector, obtaining a mapping vector through hash mapping;
the obtaining a mapping vector based on the fixed length value and the merged data vector through hash mapping comprises the following steps:
establishing a hash mapping table; the key value in the Ha Xiying table is a plurality of key value pairs arranged from 0;
dividing the combined data by a fixed length value to obtain a division length;
dividing the combined data vector into a plurality of data according to the dividing length to obtain a plurality of divided data;
searching the split data through a hash mapping table to obtain a plurality of mapping data;
forming a plurality of mapping data into a mapping vector; the length of the mapping vector is a fixed length value.
2. The internet of things data security event prediction method according to claim 1, wherein the security event prediction model comprises a storage structure, an LSTM neural network and a DNN neural network:
the input of the DNN neural network is a header vector; the input of the storage structure is a data content vector; the inputs to the LSTM neural network are data content vectors and outputs of the storage structure.
3. The method for predicting the data security event of the internet of things according to claim 1, wherein the step of obtaining the set of transmission vectors by detecting the data of the internet of things comprises:
obtaining an Internet of things protocol; the internet of things protocol is a communication protocol with a fixed receiving end; the internet of things protocol is an application layer protocol;
obtaining a plurality of initial positions according to the Internet of things data and an Internet of things protocol; the initial position is the position of various information in the transmitted internet of things data;
dividing the data of the Internet of things at a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of an internet of things protocol;
and respectively forming a plurality of vectors by the values in the plurality of transmission data sets to obtain a transmission vector set.
4. The method for predicting the data security event of the internet of things according to claim 1, wherein the training method for the security event prediction model comprises the following steps:
obtaining a training set; the training set comprises a plurality of training data and a corresponding plurality of labeling data; the training data comprises training header data and training content data; the training content data is mapping data constructed in the history transmission process; the labeling data is 1 to indicate safety; the labeling data being 0 indicates unsafe;
based on the training content data, a training length position is obtained;
inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value;
obtaining a loss value through a loss function by the training predicted safety value and the labeling data;
obtaining the current training iteration times of a safety event prediction model and the preset maximum iteration times of the training of the safety event prediction model;
and stopping training when the loss value is smaller than or equal to a threshold value or the training iteration number reaches the maximum iteration number, and obtaining a trained safety event prediction model.
5. The method for predicting the data security event of the internet of things according to claim 4, wherein the obtaining the training length position based on the training content data comprises:
searching training content data, and judging whether a value with a vector value of-1 in the training data exists in the data;
if the value of the vector value of the training content data is-1, obtaining the length position of the training content; the training content length position is the position of the first value equal to-1 in the training data.
6. The method for predicting the data security event of the internet of things according to claim 4, wherein inputting the training data and the training length position into the security event prediction model to obtain the training predicted security value comprises:
inputting the training length position and training content data in the training data into an LSTM neural network to obtain a training content value; the training content value represents the sequential relationship of the data; the training content value of 1 indicates that the training content data is safe, and the training content value of 0 indicates that the training content data is unsafe;
inputting training header data in the training data into a DNN neural network to obtain a training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe;
when the training content value is 1, the training header value is 1, and the training prediction safety value is set to be 1;
and when the training content value is 0 or the training header value is 0, setting the training prediction safety value to 0.
7. The method for predicting the data security event of the internet of things according to claim 6, wherein inputting the training length position and the training content data in the training data into the LSTM neural network to obtain the training content value comprises:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LSTM structure to obtain a first LSTM output value;
inputting a second vector value in the first LSTM output value and training content data into a second LSTM structure to obtain a second LSTM output value;
and inputting the LSTM output value and the vector in the training content data into the LSTM structure for a plurality of times until reaching the training length position in the storage structure, thereby obtaining the training content value.
8. The system for predicting the data security event of the Internet of things is characterized by comprising the following components:
the acquisition module is used for: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
and a segmentation module: detecting the data of the Internet of things to obtain a transmission vector set; the set of transmission vectors includes a header vector and a data content vector; the vector values in the data content vector represent the transmitted content;
and a mapping module: hash mapping is carried out on the data content vector to obtain a mapping vector;
and a safety prediction module: inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value; the predicted security value being 1 indicates data transmission security; the predicted security value being 0 indicates that the transmission data is not secure;
discarding module: if the predicted safety value is 0, discarding the data packet;
hash mapping is carried out on the data content vector to obtain a mapping vector, and the method comprises the following steps:
obtaining a request length; the request length is the data length transmitted by the request;
sequentially combining the plurality of data content vectors according to the request length to obtain a plurality of combined data vectors; the vector length of the merged data vector is the request length;
obtaining a fixed length value; the fixed length value is a set length value;
based on the fixed length value and the combined data vector, obtaining a mapping vector through hash mapping;
the obtaining a mapping vector based on the fixed length value and the merged data vector through hash mapping comprises the following steps:
establishing a hash mapping table; the key value in the Ha Xiying table is a plurality of key value pairs arranged from 0;
dividing the combined data by a fixed length value to obtain a division length;
dividing the combined data vector into a plurality of data according to the dividing length to obtain a plurality of divided data;
searching the split data through a hash mapping table to obtain a plurality of mapping data;
forming a plurality of mapping data into a mapping vector; the length of the mapping vector is a fixed length value.
CN202210979624.7A 2022-08-16 2022-08-16 Internet of things data security event prediction method and system Active CN115348184B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210979624.7A CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210979624.7A CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Publications (2)

Publication Number Publication Date
CN115348184A CN115348184A (en) 2022-11-15
CN115348184B true CN115348184B (en) 2024-01-26

Family

ID=83952890

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210979624.7A Active CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Country Status (1)

Country Link
CN (1) CN115348184B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659243B (en) * 2022-12-22 2023-04-28 四川九通智路科技有限公司 Infrastructure risk monitoring method and monitoring system based on MEMS

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284606A (en) * 2018-09-04 2019-01-29 中国人民解放军陆军工程大学 Data flow anomaly detection system based on empirical features and convolutional neural networks
CN110995769A (en) * 2020-02-27 2020-04-10 上海飞旗网络技术股份有限公司 Deep data packet detection method and device and readable storage medium
CN111324889A (en) * 2020-03-04 2020-06-23 深信服科技股份有限公司 Security event prediction method, device, equipment and computer readable storage medium
CN112165402A (en) * 2020-09-28 2021-01-01 北京环境特性研究所 Method and device for predicting network security situation
CN112840355A (en) * 2018-09-05 2021-05-25 甲骨文国际公司 Context-aware feature embedding using deep recurrent neural networks and anomaly detection of sequential log data
CN113179244A (en) * 2021-03-10 2021-07-27 上海大学 Federal deep network behavior feature modeling method for industrial internet boundary safety
CN113765896A (en) * 2021-08-18 2021-12-07 广东三水合肥工业大学研究院 Internet of things implementation system and method based on artificial intelligence
CN113934862A (en) * 2021-09-29 2022-01-14 北方工业大学 Community security risk prediction method, device, electronic equipment and medium
CN114172881A (en) * 2021-11-19 2022-03-11 上海纽盾科技股份有限公司 Network security verification method, device and system based on prediction
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114785609A (en) * 2022-05-09 2022-07-22 内蒙古铖品科技有限公司 Data transmission safety detection system and method under block chain scene

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5792654B2 (en) * 2012-02-15 2015-10-14 株式会社日立製作所 Security monitoring system and security monitoring method

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284606A (en) * 2018-09-04 2019-01-29 中国人民解放军陆军工程大学 Data flow anomaly detection system based on empirical features and convolutional neural networks
CN112840355A (en) * 2018-09-05 2021-05-25 甲骨文国际公司 Context-aware feature embedding using deep recurrent neural networks and anomaly detection of sequential log data
CN110995769A (en) * 2020-02-27 2020-04-10 上海飞旗网络技术股份有限公司 Deep data packet detection method and device and readable storage medium
CN111324889A (en) * 2020-03-04 2020-06-23 深信服科技股份有限公司 Security event prediction method, device, equipment and computer readable storage medium
CN112165402A (en) * 2020-09-28 2021-01-01 北京环境特性研究所 Method and device for predicting network security situation
CN113179244A (en) * 2021-03-10 2021-07-27 上海大学 Federal deep network behavior feature modeling method for industrial internet boundary safety
CN113765896A (en) * 2021-08-18 2021-12-07 广东三水合肥工业大学研究院 Internet of things implementation system and method based on artificial intelligence
CN113934862A (en) * 2021-09-29 2022-01-14 北方工业大学 Community security risk prediction method, device, electronic equipment and medium
CN114172881A (en) * 2021-11-19 2022-03-11 上海纽盾科技股份有限公司 Network security verification method, device and system based on prediction
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114785609A (en) * 2022-05-09 2022-07-22 内蒙古铖品科技有限公司 Data transmission safety detection system and method under block chain scene

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LBDMIDS:LSTM Based Deep Learning Model for Intrusion Detection Systems for IoT Networks;Kumar Saurabh;《2022 IEEE World AI IoT Congress》;全文 *
基于物联网安全监测数据的预测研究;朱洪根;《中国优秀硕士学位论文全文数据库》;全文 *

Also Published As

Publication number Publication date
CN115348184A (en) 2022-11-15

Similar Documents

Publication Publication Date Title
US10645105B2 (en) Network attack detection method and device
CN106682906B (en) Risk identification and service processing method and equipment
CN110933091B (en) Block chain communication node verification method and device and electronic equipment
CN115348184B (en) Internet of things data security event prediction method and system
CN116266183A (en) Data analysis method, device, equipment and computer storage medium
CN113691556A (en) Big data processing method and server applied to information protection detection
CN112507265B (en) Method and device for abnormality detection based on tree structure and related products
CN112214402B (en) Code verification algorithm selection method, device and storage medium
CN111159009B (en) Pressure testing method and device for log service system
CN116800518A (en) Method and device for adjusting network protection strategy
WO2023093017A1 (en) Method and apparatus for identifying web service device
CN114338129B (en) Message anomaly detection method, device, equipment and medium
CN113792232B (en) Page feature calculation method, page feature calculation device, electronic equipment, page feature calculation medium and page feature calculation program product
CN109902831B (en) Service decision processing method and device
CN114064905A (en) Network attack detection method, device, terminal equipment, chip and storage medium
CN113132312A (en) Processing method and device for threat detection rule
CN103744963A (en) Processing method and device for transforming destination pages
CN116595529B (en) Information security detection method, electronic equipment and storage medium
CN113596097B (en) Log transmission method and electronic equipment
CN116781389B (en) Determination method of abnormal data list, electronic equipment and storage medium
CN115482422B (en) Training method of deep learning model, image processing method and device
CN113806542B (en) Text analysis method and system
CN116708008A (en) Method for determining malicious files in transformer substation system, electronic equipment and storage medium
CN116932316A (en) System parameter information determining method, data processing method, device and equipment
CN116910809A (en) Label information processing method, device, equipment and storage medium based on Handle system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant