CN116232669A - Heterogeneous system communication information security detection method, system, equipment and medium - Google Patents

Heterogeneous system communication information security detection method, system, equipment and medium Download PDF

Info

Publication number
CN116232669A
CN116232669A CN202211699769.8A CN202211699769A CN116232669A CN 116232669 A CN116232669 A CN 116232669A CN 202211699769 A CN202211699769 A CN 202211699769A CN 116232669 A CN116232669 A CN 116232669A
Authority
CN
China
Prior art keywords
communication information
heterogeneous system
data
sampling
heterogeneous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211699769.8A
Other languages
Chinese (zh)
Inventor
张鸿
庄卫金
闫磊
王其兵
何志方
邓雨田
于芳
潘加佳
黄龙达
慕国行
王婷
徐攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Electric Power Research Institute Of Sepc
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shanxi Electric Power Co Ltd
Original Assignee
State Grid Electric Power Research Institute Of Sepc
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shanxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Electric Power Research Institute Of Sepc, China Electric Power Research Institute Co Ltd CEPRI, State Grid Shanxi Electric Power Co Ltd filed Critical State Grid Electric Power Research Institute Of Sepc
Priority to CN202211699769.8A priority Critical patent/CN116232669A/en
Publication of CN116232669A publication Critical patent/CN116232669A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention belongs to the field of power automation, and discloses a heterogeneous system communication information security detection method, a heterogeneous system communication information security detection system, heterogeneous system communication information security detection equipment and a heterogeneous system communication information security detection medium, wherein the heterogeneous system communication information security detection method comprises the following steps: acquiring heterogeneous system communication information in a current sampling window; performing feature sampling on the heterogeneous system communication information to obtain feature sampling data; and calling a preset communication information threat detection model according to the feature sampling data to obtain a detection result of the communication information of the heterogeneous system. The method has the advantages that the accurate judgment of the state of the communication information of the heterogeneous system is realized, the possible risk operation and dangerous points of the heterogeneous system in the information interaction process can be effectively monitored, and then timely fusing or blocking can be realized when the communication information of the heterogeneous system has security threat, technical support and defense means are provided for enhancing the system security, and the interaction security of network communication among the heterogeneous systems and the access security of service functions are ensured under the open ecological environment.

Description

Heterogeneous system communication information security detection method, system, equipment and medium
Technical Field
The invention belongs to the field of power automation, and relates to a heterogeneous system communication information security detection method, a heterogeneous system communication information security detection system, heterogeneous system communication information security detection equipment and a heterogeneous system communication information security detection medium.
Background
With the rapid development of computer communication technology, the open source message buses represented by Kafka and MQ, the open source service frameworks represented by Dubbo and SpringCloud, and the message buses and service frameworks developed by various companies together are widely applied to a plurality of business systems inside and outside a regulation center. The service systems adopting different support platforms often have difficulties in information, service interaction and sharing, and the regulation and control requirements also need to ensure that the information between each system inside and outside the regulation and control center is fully and freely shared, and the information is acquired and freely used as required under the permission constraint. Meanwhile, on the basis of information sharing among systems, the realization of cross-system function service sharing is strongly required, and a technical foundation is laid for improving the productivity of all elements.
For realizing the information communication across heterogeneous systems, the following common solutions mainly include a file or database-based cross-system information sharing mode, a customized protocol message mode, a unified platform mode and an ESB (enterprise service bus) mode. However, when the interaction between the messages and the services of the heterogeneous systems is performed in these ways, the two ends of the heterogeneous systems are required to be familiar with the message middleware and the service framework of the opposite end respectively, so that the deployment requirements for realizing the sharing of the information and the services of different scheduling business systems are high, the implementation efficiency is low, and the capability of sharing the information and the services of the heterogeneous systems is limited.
Therefore, in practice, an additionally arranged open ecological gateway which can be compatible with the technical architecture of the original service system is generally used to realize the information communication across heterogeneous systems. Although service capability between heterogeneous systems can be effectively shared and opened through the open ecological gateway, at the same time, communication information security risks generated by function intercommunication between heterogeneous systems are also brought, the security problem of one service system can be spread to a plurality of service systems through information interaction, and whether the current communication information has security threat or not is judged by lack of effective detection modes, so that communication security cannot be guaranteed.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a heterogeneous system communication information security detection method, a heterogeneous system communication information security detection system, heterogeneous system communication information security detection equipment and a heterogeneous system communication information security detection medium.
In order to achieve the purpose, the invention is realized by adopting the following technical scheme:
the first aspect of the present invention provides a method for detecting communication information security of a heterogeneous system, including: acquiring heterogeneous system communication information in a current sampling window; performing feature sampling on the heterogeneous system communication information to obtain feature sampling data; and calling a preset communication information threat detection model according to the feature sampling data to obtain a detection result of the communication information of the heterogeneous system.
Optionally, the performing feature sampling on the heterogeneous system communication information to obtain feature sampling data includes: extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data; and marking the communication time of each extracted data to obtain the characteristic sampling data.
Optionally, the TCP connection characteristic data includes one or more of the following: duration, protocol type, number of source bytes, number of destination bytes; the data content characteristic data comprises one or more of the following: number of login failures, number of files created and number of files acquired; the traffic transmission characteristic data includes one or more of the following: the number of source hosts and the number of destination hosts.
Optionally, before the calling the preset communication information threat detection model, the method further includes: and carrying out normalization processing and normalization processing on the feature sampling data in sequence.
Optionally, the communication information threat detection model is constructed by the following manner: acquiring a pre-trained threat detection model; the threat detection model comprises a convolutional neural network model and a long-term memory network model, wherein the output of the convolutional neural network model is the input of the long-term memory network model; and acquiring a communication information sample of the marked heterogeneous system, and training a pre-trained threat detection model by adopting the communication information sample of the marked heterogeneous system to obtain a communication information threat detection model.
Optionally, the method further comprises: updating the current sampling window in real time according to the preset sliding step length of the sampling window; the sliding step length of the sampling window is smaller than the sampling time length of the sampling window.
In a second aspect of the present invention, there is provided a heterogeneous system communication information security detection system, including: the information acquisition module is used for acquiring heterogeneous system communication information in the current sampling window; the sampling module is used for carrying out characteristic sampling on the communication information of the heterogeneous system to obtain characteristic sampling data; and the detection module is used for calling a preset communication information threat detection model according to the characteristic sampling data to obtain a detection result of the communication information of the heterogeneous system.
Optionally, the sampling module is specifically configured to: extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data; labeling the communication time of each extracted data to obtain feature sampling data; wherein, the TCP connection characteristic data comprises one or more of the following: duration, protocol type, number of source bytes, number of destination bytes; the data content characteristic data comprises one or more of the following: number of login failures, number of files created and number of files acquired; the traffic transmission characteristic data includes one or more of the following: the number of source hosts and the number of destination hosts.
In a third aspect of the present invention, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the heterogeneous system communication information security detection method described above when the processor executes the computer program.
In a fourth aspect of the present invention, there is provided a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the heterogeneous system communication information security detection method described above.
Compared with the prior art, the invention has the following beneficial effects:
according to the heterogeneous system communication information safety detection method, the characteristic sampling is carried out on the heterogeneous system communication information within a certain continuous time, the characteristic analysis is carried out on the characteristic sampling data through the communication information threat detection model, the accurate judgment of the state of the heterogeneous system communication information is realized, the possible risk operation and dangerous points of the heterogeneous system in the information interaction process can be effectively monitored, and further timely fusing or blocking can be realized when the heterogeneous system communication information has safety threat, technical support and defense means are provided for enhancing the system safety, the threat detection problem of network communication safety and business function safety caused by the fact that the heterogeneous system communication information service and the application function are opened to the outside is solved, and the interaction safety of the heterogeneous system network communication and the access safety of the business function are ensured under the open ecological environment.
Drawings
Fig. 1 is a flowchart of a heterogeneous system communication information security detection method according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a principle of scroll detection according to an embodiment of the present invention.
Fig. 3 is a block diagram of a heterogeneous system communication information security detection system according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, in an embodiment of the present invention, a method for detecting communication information security of heterogeneous systems is provided, which monitors possible risk operations and risk points in the information interaction process between heterogeneous systems, and provides technical support and defense means for enhancing system security. Specifically, the heterogeneous system communication information security detection method comprises the following steps:
s1: and acquiring heterogeneous system communication information in the current sampling window.
S2: and performing feature sampling on the communication information of the heterogeneous system to obtain feature sampling data.
S3: and calling a preset communication information threat detection model according to the feature sampling data to obtain a detection result of the communication information of the heterogeneous system.
Specifically, according to the heterogeneous system communication information safety detection method, the heterogeneous system communication information in the current sampling window is obtained, characteristic sampling is carried out on the heterogeneous system communication information, and then intelligent characteristic analysis is carried out on characteristic sampling data through a preset communication information threat detection model, so that whether safety threat exists in the heterogeneous system communication information or not is obtained, and safety detection of the heterogeneous system communication information is achieved.
In summary, the heterogeneous system communication information safety detection method provided by the invention can be used for realizing accurate judgment of the state of the heterogeneous system communication information by carrying out feature sampling on the heterogeneous system communication information within a certain continuous time and carrying out intelligent feature analysis on feature sampling data through the communication information threat detection model, so that possible risk operation and dangerous points of the heterogeneous system in the information interaction process can be effectively monitored, and further timely fusing or blocking can be realized when the heterogeneous system communication information has safety threat, technical support and defense means are provided for enhancing the system safety, the threat detection problem of network communication safety and business function safety caused by external opening of message service and application functions between the heterogeneous systems is solved, and the interaction safety of network communication between the heterogeneous systems and the access safety of business functions under the open ecological environment are ensured.
In one possible implementation manner, the method for detecting the communication information security of the heterogeneous system is described by taking an open ecological gateway embedded in a service system as an example.
Specifically, in combination with the network communication characteristics and the security defense requirements between the power dispatching automation systems, an open ecological gateway supporting cross-system information interaction is deployed in each service system, and the open ecological proxy service of the cross-system is provided by accessing the local service system through an adapter of the local service architecture. And then setting the open ecological gateways of different service systems, and exchanging the service definition information of the message service and the application service in the different service systems by adopting a private data format. The service definition information generally includes a service interface definition, an input/output parameter definition, service location information, and the like.
Based on the setting, when the service function of the remote target system is called in the local system, a service caller of the local system sends service request information to the proxy service of the local open ecological gateway through the local service architecture interface, and the proxy service of the local open ecological gateway converts the service request information into a private format and then sends the private format to the open ecological gateway of the target system. After receiving the service request information in the private format, the open ecological gateway of the target system performs data conversion (including coding mode, programming language, etc.) on the received service request information in the private format according to the technical architecture of the target system, and then sends the service request information to the service of the target system through the service architecture adapter of the target system.
And the service of the target system returns service response information to the open ecological gateway of the target system according to the service request information, and the open ecological gateway of the target system converts the service response information into a private format and then sends the service response information to the open ecological gateway of the local system. After receiving the service response information in the private format, the open ecological gateway of the local system performs data conversion according to the local service architecture and returns the data conversion to a service caller of the local system.
In the interaction process, compared with the open ecological gateway of the local system, the heterogeneous system communication information transmitted through the open ecological gateway comprises service request information and service response information, so that the heterogeneous system communication information in the current sampling window is acquired, namely, the service request information and the service response information in the current sampling window are acquired, and meanwhile, the acquired service request information and service response information are original service request information and service response information after localization conversion. Similarly, the initial service response information and the localized service request information are the open ecological gateway of the target system.
In one possible implementation manner, the performing feature sampling on the heterogeneous system communication information to obtain feature sampling data includes: extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data; and marking the communication time of each extracted data to obtain the characteristic sampling data.
The extracting of the TCP connection feature data, the data content feature data, and the traffic transmission feature data of the heterogeneous system communication information refers to extracting the TCP connection feature data, the data content feature data, and the traffic transmission feature data of each heterogeneous system communication information in the heterogeneous system communication information. The communication time of each extracted data is specifically the communication time of the corresponding communication information of each heterogeneous system.
Specifically, when feature sampling is performed, the spatial features and the temporal features of the data are fully considered. The space characteristic mainly considers the TCP connection characteristic, the data content characteristic and the traffic transmission characteristic, and the time characteristic is the time attribute of each data. In this embodiment, by performing feature analysis on communication information of heterogeneous systems and combining with an actual detection result, the finally set TCP connection feature data includes one or more of the following: duration, protocol type, number of source bytes, and number of destination bytes, the data content characteristic data includes one or more of the following: the login failure times, the number of created files and the number of acquired files, and the flow transmission characteristic data comprise one or more of the following: the number of source hosts and the number of destination hosts.
The regulation and control system adopts different security defense strategies according to different service characteristics and security requirements, such as using a firewall in a control area, using forward and reverse physical isolation between a control area and an information area, and the like. Therefore, a communication mode meeting different protection requirements needs to be established to carry out message sharing and service access among heterogeneous systems, a sampling mode adapting to the information interaction mode of the current service system is deployed at an interaction port, for example, the two sides of a firewall can normally collect related attribute information of TCP connection, forward and reverse physical isolation can be carried out by analyzing interaction files, and finally, a sampling method adapting to different network interaction environments is formed and is applied to communication information security detection among heterogeneous systems of a regulation center crossing a security area.
In one possible implementation manner, before the calling the preset communication threat detection model, the method further includes: and carrying out normalization processing and normalization processing on the feature sampling data in sequence.
Specifically, the normalization processing and the normalization processing can adopt a current conventional processing mode, and the feature sampling data is sequentially subjected to the normalization processing and the normalization processing to obtain two-dimensional sample data, wherein the two-dimensional sample data comprises an information data dimension and a time data dimension, so that analysis can be conveniently carried out through a communication information threat detection model.
In one possible implementation, the communication threat detection model is constructed by: establishing a convolutional neural network model and a long-term memory network model, and taking the output of the convolutional neural network model as the input of the long-term memory network model to obtain a threat detection model; and acquiring a communication information sample of the marked heterogeneous system, and training a threat detection model by adopting the communication information sample of the marked heterogeneous system to obtain the communication information threat detection model.
The convolutional neural network model is used for learning spatial features of communication information samples of the heterogeneous system to form a spatial feature model for extracting the spatial features of the communication information of the heterogeneous system. The long-term and short-term memory network model is used for learning the time characteristics of the communication information samples of the heterogeneous system in a certain time, such as the sampling duration of a sampling window, so as to form a time characteristic model for extracting the time characteristics of the communication information of the heterogeneous system. The output of the convolutional neural network model is used as the input of the long-term memory network model, and the input of the long-term memory network model is set as a classification result, so that the attack and the normal can be realized. Finally, under the training of the communication information sample of the marked heterogeneous system, when the detection accuracy of the communication information threat detection model reaches a preset threshold value, the training can be considered to be completed. And then, feature sampling data obtained based on the heterogeneous system communication information in the current sampling window can be input into a communication information threat detection model to be detected, and whether the current heterogeneous system communication information has network security threat or not is judged based on the output result. Specifically, when the output result is an attack, the detection result of the heterogeneous system communication information is that network security threat exists; and when the output result is normal, indicating that the detection result of the heterogeneous system communication information is that no network security threat exists.
Optionally, the communication threat detection model may also be obtained by retraining based on a pre-trained threat detection model. The pre-trained threat detection model comprises a convolutional neural network model and a long-term memory network model, and the output of the convolutional neural network model is the input of the long-term memory network model. Based on this, the training of the communication information threat detection model is actually an iterative process, the pre-trained threat detection model can be obtained by pre-training the UNSW-NB15 or KD D99 according to the threat detection data set commonly used by the current Internet, in this embodiment, the UNSW-NB15 is adopted to simulate normal access and attack, and then the marked heterogeneous system communication information sample is obtained, the pre-trained threat detection model is retrained by the marked heterogeneous system communication information sample, and the threat detection model is optimized and corrected, so as to finally obtain the communication information threat detection model, thereby ensuring the requirements of training time and accuracy.
In one possible implementation manner, the heterogeneous system communication information security detection method further includes: updating the current sampling window in real time according to the preset sliding step length of the sampling window; the sliding step length of the sampling window is smaller than the sampling time length of the sampling window.
Specifically, referring to fig. 2, the sampling duration of the sampling window may be set to be Ts, the sliding step length of the sampling window is set to be t, where t < Ts, based on heterogeneous system communication information within the Ts range, whether the current network behavior state is abnormal is judged, and then real-time rolling detection is performed with the sliding step length t of the sampling window as a period, so as to form communication information security detection of the next sampling window, and achieve continuous monitoring effect on the network behavior state.
The following are device embodiments of the present invention that may be used to perform method embodiments of the present invention. For details not disclosed in the apparatus embodiments, please refer to the method embodiments of the present invention.
Referring to fig. 3, in still another embodiment of the present invention, a heterogeneous system communication information security detection system is provided, which can be used to implement the above-mentioned heterogeneous system communication information security detection method, and specifically, the heterogeneous system communication information security detection system includes an information acquisition module, a sampling module, and a detection module.
The information acquisition module is used for acquiring heterogeneous system communication information in the current sampling window; the sampling module is used for carrying out characteristic sampling on the communication information of the heterogeneous system to obtain characteristic sampling data; and the detection module is used for calling a preset communication information threat detection model according to the characteristic sampling data to obtain a detection result of the communication information of the heterogeneous system.
In one possible implementation manner, the sampling module is specifically configured to: extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data; and marking the communication time of each extracted data to obtain the characteristic sampling data.
In a possible implementation manner, the TCP connection characteristic data includes one or several of the following: duration, protocol type, number of source bytes, number of destination bytes; the data content characteristic data comprises one or more of the following: number of login failures, number of files created and number of files acquired; the traffic transmission characteristic data includes one or more of the following: the number of source hosts and the number of destination hosts.
In one possible implementation manner, before the calling the preset communication threat detection model, the method further includes: and carrying out normalization processing and normalization processing on the feature sampling data in sequence.
In one possible implementation, the communication threat detection model is constructed by: acquiring a pre-trained threat detection model; the threat detection model comprises a convolutional neural network model and a long-term memory network model, wherein the output of the convolutional neural network model is the input of the long-term memory network model; and acquiring a communication information sample of the marked heterogeneous system, and training a pre-trained threat detection model by adopting the communication information sample of the marked heterogeneous system to obtain a communication information threat detection model.
In a possible implementation manner, the device further comprises a rolling detection module, which is used for updating the current sampling window in real time according to a preset sampling window sliding step length.
The sliding step length of the sampling window is smaller than the sampling time length of the sampling window.
All relevant contents of each step involved in the foregoing embodiment of the method for detecting the communication information security of the heterogeneous system may be cited in the functional description of the functional module corresponding to the communication information security detection system of the heterogeneous system in the embodiment of the present invention, which is not described herein.
The division of the modules in the embodiments of the present invention is schematically only one logic function division, and there may be another division manner in actual implementation, and in addition, each functional module in each embodiment of the present invention may be integrated in one processor, or may exist separately and physically, or two or more modules may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules.
In yet another embodiment of the present invention, a computer device is provided that includes a processor and a memory for storing a computer program including program instructions, the processor for executing the program instructions stored by the computer storage medium. The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable gate array (FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc., which are the computational core and control core of the terminal adapted to implement one or more instructions, in particular to load and execute one or more instructions in a computer storage medium to implement the corresponding method flow or corresponding functions; the processor provided by the embodiment of the invention can be used for the operation of the communication information security detection method of the heterogeneous system.
In yet another embodiment of the present invention, a storage medium, specifically a computer readable storage medium (Memory), is a Memory device in a computer device, for storing a program and data. It is understood that the computer readable storage medium herein may include both built-in storage media in a computer device and extended storage media supported by the computer device. The computer-readable storage medium provides a storage space storing an operating system of the terminal. Also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor. The computer readable storage medium herein may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory. One or more instructions stored in a computer-readable storage medium may be loaded and executed by a processor to implement the corresponding steps of the method for detecting communication information security of a heterogeneous system in the above-described embodiments.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.

Claims (10)

1. The communication information safety detection method of the heterogeneous system is characterized by comprising the following steps of:
acquiring heterogeneous system communication information in a current sampling window;
performing feature sampling on the heterogeneous system communication information to obtain feature sampling data;
and calling a preset communication information threat detection model according to the feature sampling data to obtain a detection result of the communication information of the heterogeneous system.
2. The method for detecting the security of the communication information of the heterogeneous system according to claim 1, wherein the performing feature sampling on the communication information of the heterogeneous system to obtain feature sampling data includes:
extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data;
and marking the communication time of each extracted data to obtain the characteristic sampling data.
3. The heterogeneous system communication information security detection method according to claim 2, wherein the TCP connection characteristic data includes one or more of the following: duration, protocol type, number of source bytes, number of destination bytes; the data content characteristic data comprises one or more of the following: number of login failures, number of files created and number of files acquired; the traffic transmission characteristic data includes one or more of the following: the number of source hosts and the number of destination hosts.
4. The method for detecting the security of communication information of heterogeneous system according to claim 1, wherein before the calling the preset communication information threat detection model, further comprises: and carrying out normalization processing and normalization processing on the feature sampling data in sequence.
5. The heterogeneous system communication information security detection method according to claim 1, wherein the communication information threat detection model is constructed by:
acquiring a pre-trained threat detection model; the threat detection model comprises a convolutional neural network model and a long-term memory network model, wherein the output of the convolutional neural network model is the input of the long-term memory network model;
and acquiring a communication information sample of the marked heterogeneous system, and training a pre-trained threat detection model by adopting the communication information sample of the marked heterogeneous system to obtain a communication information threat detection model.
6. The heterogeneous system communication information security detection method according to claim 1, further comprising: updating the current sampling window in real time according to the preset sliding step length of the sampling window; the sliding step length of the sampling window is smaller than the sampling time length of the sampling window.
7. A heterogeneous system communication information security detection system, comprising:
the information acquisition module is used for acquiring heterogeneous system communication information in the current sampling window;
the sampling module is used for carrying out characteristic sampling on the communication information of the heterogeneous system to obtain characteristic sampling data;
and the detection module is used for calling a preset communication information threat detection model according to the characteristic sampling data to obtain a detection result of the communication information of the heterogeneous system.
8. The heterogeneous system communication information security detection system according to claim 7, wherein the sampling module is specifically configured to:
extracting TCP connection characteristic data, data content characteristic data and flow transmission characteristic data of the heterogeneous system communication information to obtain a plurality of extracted data;
labeling the communication time of each extracted data to obtain feature sampling data;
wherein, the TCP connection characteristic data comprises one or more of the following: duration, protocol type, number of source bytes, number of destination bytes; the data content characteristic data comprises one or more of the following: number of login failures, number of files created and number of files acquired; the traffic transmission characteristic data includes one or more of the following: the number of source hosts and the number of destination hosts.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the heterogeneous system communication security detection method according to any of claims 1 to 6 when the computer program is executed.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the heterogeneous system communication information security detection method according to any one of claims 1 to 6.
CN202211699769.8A 2022-12-28 2022-12-28 Heterogeneous system communication information security detection method, system, equipment and medium Pending CN116232669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211699769.8A CN116232669A (en) 2022-12-28 2022-12-28 Heterogeneous system communication information security detection method, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211699769.8A CN116232669A (en) 2022-12-28 2022-12-28 Heterogeneous system communication information security detection method, system, equipment and medium

Publications (1)

Publication Number Publication Date
CN116232669A true CN116232669A (en) 2023-06-06

Family

ID=86579593

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211699769.8A Pending CN116232669A (en) 2022-12-28 2022-12-28 Heterogeneous system communication information security detection method, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN116232669A (en)

Similar Documents

Publication Publication Date Title
Zhao et al. SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective
CN107294808B (en) Interface test method, device and system
US9537768B2 (en) System that provides for removal of middleware in an industrial automation environment
CN110287119A (en) A kind of automatic interface testing method and device based on python
JP2021515498A (en) Attribute-based policies for integrity monitoring and network intrusion detection
CN111970230B (en) Industrial field protocol automatic analysis method and system based on cloud identification
CN109379757B (en) Single-user fault diagnosis method and device based on narrowband Internet of things service
CN113411343A (en) Internal and external network request ferrying system and method for cross-isolation device
US11356468B2 (en) System and method for using inventory rules to identify devices of a computer network
CN113347060B (en) Method, device and system for detecting power network fault based on process automation
Ferling et al. Intrusion detection for sequence-based attacks with reduced traffic models
CN115329170A (en) Webpage crawling method, device, equipment and storage medium
US11596823B2 (en) Operating a fire control system
CN110262420A (en) A kind of distributed industrial control network security detection system
EP3799383A1 (en) System and method for using inventory rules to identify devices of a computer network
CN116232669A (en) Heterogeneous system communication information security detection method, system, equipment and medium
CN111698168A (en) Message processing method, device, storage medium and processor
CN110855003A (en) Method and device for calling and comparing self-adaptive configuration of main station
CN116170203A (en) Prediction method and system for security risk event
WO2015176516A1 (en) Method and apparatus for tracking service process
CN115150207A (en) Industrial network equipment identification method and device, terminal equipment and storage medium
CN111142873A (en) Browser access method and device, computer equipment and storage medium
US20160011585A1 (en) System and method for managing industrial processes
Teodorowicz Comparison of SCADA protocols and implementation of IEC 104 and MQTT in MOSAIK
CN111314278A (en) Safety detection method based on Ethernet IP industrial control protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination