CN116436666B - Security situation awareness method for distributed heterogeneous network - Google Patents
Security situation awareness method for distributed heterogeneous network Download PDFInfo
- Publication number
- CN116436666B CN116436666B CN202310380411.7A CN202310380411A CN116436666B CN 116436666 B CN116436666 B CN 116436666B CN 202310380411 A CN202310380411 A CN 202310380411A CN 116436666 B CN116436666 B CN 116436666B
- Authority
- CN
- China
- Prior art keywords
- threat detection
- task
- now
- available device
- ith
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000001514 detection method Methods 0.000 claims description 118
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 11
- 210000002569 neuron Anatomy 0.000 claims description 6
- 238000007667 floating Methods 0.000 claims description 4
- 238000007781 pre-processing Methods 0.000 claims description 4
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 2
- 238000013140 knowledge distillation Methods 0.000 claims description 2
- 230000003993 interaction Effects 0.000 abstract description 3
- 238000012546 transfer Methods 0.000 abstract description 3
- 239000003795 chemical substances by application Substances 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- RZVAJINKPMORJF-UHFFFAOYSA-N Acetaminophen Chemical compound CC(=O)NC1=CC=C(O)C=C1 RZVAJINKPMORJF-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000013585 weight reducing agent Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multi Processors (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A security situation awareness method for a distributed heterogeneous network can distribute network security situation awareness tasks to each level of equipment for execution according to parameters of the tasks and the equipment, and overall situation awareness results are finally generated through parameter interaction and cooperation transfer among the tasks. The method provided by the invention fully utilizes the computing resources of all levels of equipment of the cloud side network, reduces the bandwidth occupation, improves the instantaneity and effectively evaluates the whole network security risk in time.
Description
Technical Field
The invention relates to the technical field of network security situation awareness, in particular to a security situation awareness method for a distributed heterogeneous network.
Background
With the rapid development of technologies such as 5G, the Internet of things and the like, the generation of mass data and task calculation have great influence on the existing network. A distributed heterogeneous network is a network of heterogeneous computers and devices that may have different hardware and software configurations of operating systems, processor architectures, storage devices, and the like. The devices are connected together through a network and can communicate and cooperate with each other, so that the functions of data sharing, calculation task allocation and the like are realized. However, the internet structure is organically multiplied by network attackers due to the complicated structure, the numerous devices and the like, and brings great risks to network security.
The existing security situation awareness method mainly uploads a large amount of data from the terminal and the edge of the distributed heterogeneous network to the cloud, and then threat detection tasks are carried out on the cloud. This can lead to subtle anomalies of a certain terminal device or edge device being submerged in a huge amount of data, resulting in security risks of the edge device or terminal device not being captured. In addition, a large amount of data are uploaded to the cloud end of the distributed heterogeneous network in a centralized manner, so that the problem that cloud end computing resources are tense and the computing speed is reduced is caused.
Disclosure of Invention
In order to overcome the defects of the technology, the invention provides a method capable of distributing network security situation awareness tasks to all layers of equipment for execution according to the parameters of the tasks and the equipment, and finally generating global situation awareness results through parameter interaction and cooperation transfer among the tasks.
The technical scheme adopted for overcoming the technical problems is as follows:
a security situation awareness method for a distributed heterogeneous network comprises the following steps:
a) Acquiring parameter information of distributed heterogeneous network equipment to obtain an available equipment set D and the current processor capacity E of the equipment set D now The current available Bandwidth of device set D now And network transmission speed between devices
b) Deploying a threat detection model on the distributed heterogeneous network device set D to obtain a threat detection Task;
c) Performing network security situation awareness threat detection task allocation, and calculating to obtain an i-th available device d i Processor capacity E to be consumed by the threat detection task generated exe_i Executing the ith available device d i Total time T consumed by the threat detection task generated time_i ,d i ∈D;
d) The state space is defined as S (E, b), S (E, b) = (E now ,Bandwidth now );
e) Calculating to obtain a reward function R i Threat detection task allocation of the distributed heterogeneous network is realized through the reward function;
f) Preprocessing the data set of the distributed threat detection task, and inputting the preprocessed data into a threat detection model to obtain a threat detection result.
Further, step a) comprises the steps of:
a-1) n available devices in a distributed heterogeneous network, wherein the set of the available devices in the distributed heterogeneous network is D, D= { D 1 ,d 2 ,...,d i ,...,d n },d i I e {1, 2..n } for the i-th available device;
a-2) configuring a monitoring agent on all available devices of the distributed heterogeneous network;
a-3) the ith available device d i Is to obtain the current processor capacity E of the available device now_i Obtaining the current processor capacity E of the current device set D now ,E now ={E now_1 ,...,E now_i ,...,E now_n };
a-4) the ith available device d i The monitoring agent of (a) obtains the current available Bandwidth of the available device now_i Obtaining the current available Bandwidth of the current device set D now ,Bandwidth now ={Bandwidth now_1 ,...,Bandwidth now_i ,...,Bandwidth now_n -a }; a-5) the ith available device d i The monitoring agent of (c) obtains the available device and the j-th available device d j Network transmission speed betweenGet the network transmission speed between devices +.>
Further, step b) comprises the steps of:
b-1) at the ith available device d i Deploying a threat detection model M;
b-2) carrying out knowledge distillation on the threat detection model M to obtain a light threat detection model M';
b-3) the ith available device d i The threat detection Task performed by running the threat detection model M' after light weight is recorded as Task i The detection Task of the device set D is Task, task= { Task 1 ,Task 2 ,...,Task i ,...,Task n }。
Preferably, the threat detection model M of step b-1) is an LSTM-Attention model or a density clustering model. Further, step c) comprises the steps of:
c-1) recording the data size of the threat detection Task in the threat detection Task as Datasize, datasize= { Datasize 1 ,Datasize 2 ,...,Datasize i ,...,Datasize n }, where Datasize i For the ith available device d i The data size of the threat task generated;
c-2) threat detection Task data set is Dataset, dataset= { Dataset 1 ,Dataset 2 ,...,Dataset i ,...,Dataset n },Dataset i For the ith available device d i A data set of threat detection tasks generated;
c-3) is described by the formula E exe_i =P×(parameter+Datasize i ) Calculating to obtain the ith available device d i Processor capacity E consumed for execution of a generated threat detection task exe_i Wherein P is the processor capacity required by the unit data volume and the parameter quantity, and parameter is the parameter quantity of the threat detection model M' after light weight obtained by a defgetModelSize (model) function in PyTorch;
c-4) is represented by formula T time_i =T exe_i +T trans(i,j) Calculating to obtain the ith available device d i Total time T consumed for execution of the threat detection task generated time_i T in exe_i For the ith available device d i The resulting threat detects the task execution time,n is the execution times of model algorithm sentences of the threat detection model M' after light weight, and the weight is added>L is the layer number of the threat detection model M' after light weight, nerul i FLOPs for the number of neurons in the i-th layer i Floating point number of operations for layer i neurons, < ->Time required for executing unit algorithm statement and data quantity, T trans(i,j) For the ith available device d i The threat detection task generated is at the ith available device d i And the j-th available device d j Time required for transmission between them, < >>Further, the ith available device d in step d) i Is S (e) i ,b i ),S(e i ,b i )=(E now_i ,Bandwidth now_i ),
Further, step e) comprises the steps of
e-1) by the formula
Calculating to obtain a reward function R i Wherein beta is a reward weight which is more than or equal to 0 and less than or equal to 1;
e-2) when E now_i -E exe_i At > 0, the ith available device d i Threat detection Task of (1) i On the available device d that generated the threat detection task i Executing on the computer;
e-3) when E now_i -E exe_i When less than or equal to 0, the ith available device d i The linked list data field sequentially comprises a device number d i Device current state S (e i ,b i ) And a bonus function R i Reward function R i Initialized to 0, ith availableDevice d i Task for executing threat detection Task i Updating the bonus function Ri and the current state S of the device in the linked list data field once every interval T (e i ,b i ),5min≤T≤10min;
e-4) the set of reward functions of the set D of available devices is R, r= { R 1 ,R 2 ,...,R i ,...,R n Finding the largest bonus function R in the set of bonus functions R m Task for threat detection i Assigned to the mth available device d m 。
Further, step f) comprises the steps of:
f-1) Task threat detection i Data set Dataset for threat detection task of (2) i Removing the missing value and the abnormal value;
f-2) Dataset Dataset from which missing and outliers are to be removed i Performing normalization processing to obtain preprocessed data set PretreatemtDataset i ;
f-3) data set PretreatentDataset i Inputting the Threat detection result into a lightweight Threat detection model M', and outputting the Threat detection result through the model i 。
Further, the method also comprises the step of setting a Threat detection result thread after the step f-3) i Uploading the situation awareness total controller to the cloud situation awareness total controller, and updating situation awareness data by the cloud situation awareness total controller.
The beneficial effects of the invention are as follows: the security situation awareness method for the distributed heterogeneous network can distribute network security situation awareness tasks to each level of equipment for execution according to the parameters of the tasks and the equipment, and the overall situation awareness result is finally generated through parameter interaction and cooperation transfer among the tasks. The method provided by the invention fully utilizes the computing resources of all levels of equipment of the cloud side network, reduces the bandwidth occupation, improves the instantaneity and effectively evaluates the whole network security risk in time.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a diagram of an initial linked list configuration of the present invention.
Detailed Description
The invention is further described with reference to fig. 1 and 2.
As shown in fig. 1, a security situation awareness method for a distributed heterogeneous network includes the following steps:
a) Acquiring parameter information of distributed heterogeneous network equipment to obtain an available equipment set D and the current processor capacity E of the equipment set D now The current available Bandwidth of device set D now And network transmission speed between devices
b) And deploying a threat detection model on the distributed heterogeneous network device set D to obtain a threat detection Task.
c) Performing network security situation awareness threat detection task allocation, and calculating to obtain an i-th available device d i Processor capacity E to be consumed by the threat detection task generated exe_i Executing the ith available device d i Total time T consumed by the threat detection task generated time_i ,d i ∈D。
d) The state space is defined as S (E, b), S (E, b) = (E now ,Bandwidth now )。
e) Calculating to obtain a reward function R i Threat detection task allocation of the distributed heterogeneous network is achieved through the reward function.
f) Preprocessing the data set of the distributed threat detection task, and inputting the preprocessed data into a threat detection model to obtain a threat detection result.
Compared with the mode that a large amount of flow data and log behavior data need to be uploaded to the cloud in the prior art, the method and the device use the related resource information of the device to transmit the threat detection task to the device with the highest rewards for execution. The cloud resource occupation is greatly reduced. Most of the equipment completes threat detection tasks locally or nearby connected equipment, detection tasks of a small number of equipment with insufficient resources are carried out on the connected equipment with better communication and sufficient resources, compared with the prior art, the real-time performance of the threat detection tasks is better, the resource consumption is lower, and the security abnormality of a fine network of a single equipment can be detected in time.
Example 1:
step a) comprises the steps of:
a-1) n available devices in a distributed heterogeneous network, wherein the set of the available devices in the distributed heterogeneous network is D, D= { D 1 ,d 2 ,...,d i ,...,d n },d i I e {1,2,..n } for the i-th available device.
a-2) configuring a monitoring agent on all available devices of the distributed heterogeneous network. The monitoring agent is configured to monitor system information of system resources of the device (including available bandwidth, processor capacity), device network transmission speed, and the like.
a-3) the ith available device d i Is to obtain the current processor capacity E of the available device now_i Obtaining the current processor capacity E of the current device set D now ,E now ={E now_1 ,...,E now_i ,...,E now_n }。
a-4) the ith available device d i The monitoring agent of (a) obtains the current available Bandwidth of the available device now_i Obtaining the current available Bandwidth of the current device set D now ,Bandwidth now ={Bandwidth now_1 ,...,Bandwidth now_i ,...,Bandwidth now_n }。
a-5) the ith available device d i The monitoring agent of (c) obtains the available device and the j-th available device d j Network transmission speed betweenGet the network transmission speed between devices +.>
Further preferably, the obtained monitoring information is transmitted in real time and stored in the distributed heterogeneous network cloud situation awareness master controller.
Example 2:
step b) comprises the steps of:
b-1) at the ith available device d i And deploying a threat detection model M.
b-2) distilling the knowledge of the threat detection model M to obtain a light threat detection model M'. b-3) the ith available device d i The threat detection Task performed by running the threat detection model M' after light weight is recorded as Task i The detection Task of the device set D is Task, task= { Task 1 ,Task 2 ,...,Task i ,...,Task n }。
Example 3:
preferably, the threat detection model M of step b-1) is an LSTM-Attention model or a density clustering model.
Example 4:
step c) comprises the steps of:
c-1) recording the data size of the threat detection Task in the threat detection Task as Datasize, datasize= { Datasize 1 ,Datasize 2 ,…,Datasize i ,…,Datasize n }, where Datasize i For the ith available device d i The data size of the threat task generated.
c-2) threat detection Task data set is Dataset, dataset= { Dataset 1 ,Dataset 2 ,…,Dataset i ,...,Dataset n },Dataset i For the ith available device d i The resulting threat detection task data set.
c-3) is described by the formula E exe_i =P×(parameter+Datasize i ) Calculating to obtain the ith available device d i Processor capacity E consumed for execution of a generated threat detection task exe_i Where P is the processor capacity required for the unit data volume and the parameter, and parameter is the pass-throughThe magnitude of the parameter of the threat detection model M' after the weight reduction obtained by the defgetModelSize (model) function in pyrerch. Specifically, getModelSize (model) functions are:
def getModelSize(model):
parameter=0
param_sum=0
for paramin model.parameters():
parameter+=param.nelement()*param.element_size()
param_sum+=param.nelement()
return(parameter)
c-4) is represented by formula T time_i =T exe_i +T trans(i,j) Calculating to obtain the ith available device d i Total time T consumed for execution of the threat detection task generated time_i T in exe_i For the ith available device d i The resulting threat detects the task execution time,n is the execution times of model algorithm sentences of the threat detection model M' after light weight, and the weight is added>L is the layer number of the threat detection model M' after light weight, nerul i FLOPs for the number of neurons in the i-th layer i For the floating point operation times of the neurons of the ith layer, if the input size of the ith layer is o multiplied by k and the output size of the ith layer is y multiplied by k, the floating point is calculated i =2oyk,/>Time required for executing unit algorithm statement and data quantity, T trans(i,j) For the ith available device d i The threat detection task generated is at the ith available device d i And the j-th available device d j Time required for transmission between them, < >>
Example 5:
the i-th available device d in step d) i Is S (e) i ,b i ),S(e i ,b i )=(E now_i ,Bandwidth now_i ),
Example 6:
next, in order to achieve real-time allocation of threat detection tasks, and simultaneously consider the consumption time of the tasks and the consumption of device resources (i.e., bandwidth and processor capacity). The present invention first defines a state set and a bonus function. Specifically, step e) comprises the steps of
e-1) by the formula
Calculating to obtain a reward function R i Wherein beta is a reward weight which is more than or equal to 0 and less than or equal to 1.
E-2) when E now_i -E exe_i At > 0, the ith available device d i Threat detection Task of (1) i On the available device d that generated the threat detection task i And executing on the computer.
E-3) when E is as shown in FIG. 2 now_i -E exe_i When less than or equal to 0, the ith available device d i The linked list data field sequentially comprises a device number d i Device current state S (e i ,b i ) And a bonus function R i Reward function R i Initialized to 0, ith available device d i Task for executing threat detection Task i Updating the reward function R in the linked list data field once every interval T i And the current state S (e i ,b i ),5min≤T≤10min。
e-4) the set of reward functions of the set D of available devices is R, r= { R 1 ,R 2 ,…,R i ,…,R n Finding the largest bonus function R in the set of bonus functions R m Task for threat detection i Assigned to the mthAvailable device d m 。
Example 7:
step f) comprises the steps of:
f-1) Task threat detection i Assigned to the mth available device d m Then Task for threat detection i Preprocessing, specifically, the threat detection Task is performed i Data set Dataset for threat detection task of (2) i The missing values and outliers are removed.
f-2) Dataset Dataset from which missing and outliers are to be removed i Performing normalization processing to obtain preprocessed data set PretreatemtDataset i 。
f-3) data set PretreatentDataset i Inputting the Threat detection result into a lightweight Threat detection model M', and outputting the Threat detection result through the model i 。
Example 8:
further comprising following step f-3) passing the Threat detection result thread i Uploading the situation awareness total controller to the cloud situation awareness total controller, and updating situation awareness data by the cloud situation awareness total controller. And the cloud situation awareness master controller is configured to receive parameter information of each device of the distributed heterogeneous network and threat task detection results. And storing the equipment parameter information, the linked list, threat task detection results and situation awareness data.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (4)
1. The security situation awareness method for the distributed heterogeneous network is characterized by comprising the following steps of:
a) Acquisition scoreThe distributed heterogeneous network device parameter information is used for obtaining an available device set D and the current processor capacity E of the device set D now The current available Bandwidth of device set D now And network transmission speed between devices
b) Deploying a threat detection model on the distributed heterogeneous network device set D to obtain a threat detection Task;
c) Performing network security situation awareness threat detection task allocation, and calculating to obtain an i-th available device d i Processor capacity E to be consumed by the threat detection task generated exe_i Executing the ith available device d i Total time T consumed by the threat detection task generated time_i ,d i ∈D;
d) The state space is defined as S (E, b), S (E, b) = (E now ,Bandwidth now );
e) Calculating to obtain a reward function R i Threat detection task allocation of the distributed heterogeneous network is realized through the reward function;
f) Preprocessing the data set of the distributed threat detection task, and inputting the preprocessed data into a threat detection model to obtain a threat detection result;
step a) comprises the steps of:
a-1) n available devices in a distributed heterogeneous network, wherein the set of the available devices in the distributed heterogeneous network is D, D= { D 1 ,d 2 ,...,d i ,...,d n },d i I e {1, 2..n } for the i-th available device;
a-2) configuring a monitoring agent on all available devices of the distributed heterogeneous network;
a-3) the ith available device d i Is to obtain the current processor capacity E of the available device now_i Obtaining the current processor capacity E of the current device set D now ,E now ={E now_1 ,...,E now_i ,...,E now_n };
a-4) the ith available device d i The monitoring agent of (a) obtains the current available Bandwidth of the available device now_i Obtaining the current available Bandwidth of the current device set D now ,Bandwidth now ={Bandwidth now_1 ,...,Bandwidth now_i ,...,Bandwidth now_n };
a-5) the ith available device d i The monitoring agent of (c) obtains the available device and the j-th available device d j Network transmission speed betweenGet the network transmission speed between devices +.>
Step b) comprises the steps of:
b-1) at the ith available device d i Deploying a threat detection model M;
b-2) carrying out knowledge distillation on the threat detection model M to obtain a light threat detection model M';
b-3) the ith available device d i The threat detection Task performed by running the threat detection model M' after light weight is recorded as Task i The detection Task of the device set D is Task, task= { Task 1 ,Task 2 ,...,Task i ,...,Task n };
Step c) comprises the steps of:
c-1) recording the data size of the threat detection Task in the threat detection Task as Datasize, datasize= { Datasize 1 ,Datasize 2 ,...,Datasize i ,...,Datasize n }, where Datasize i For the ith available device d i The data size of the threat task generated;
c-2) threat detection Task data set is Dataset, dataset= { Dataset 1 ,Dataset 2 ,...,Dataset i ,...,Dataset n },Dataset i For the ith available device d i A data set of threat detection tasks generated;
c-3) is described by the formula E exe_i =P×(parameter+Datasize i ) Calculating to obtain the ith available device d i Processor capacity E consumed for execution of a generated threat detection task exe_i Wherein P is the processor capacity required by the unit data volume and the parameter quantity, and parameter is the parameter quantity of the threat detection model M' after light weight obtained by the def getModelSize (model) function in PyTorch;
c-4) is represented by formula T time_i =T exe_i +T trans(i,j) Calculating to obtain the ith available device d i Total time T consumed for execution of the threat detection task generated time_i T in exe_i For the ith available device d i The resulting threat detects the task execution time,n is the execution times of model algorithm sentences of the threat detection model M' after light weight, and the weight is added>L is the layer number of the threat detection model M' after light weight, nerul i FLOPs for the number of neurons in the i-th layer i Floating point number of operations for layer i neurons, < ->Time required for executing unit algorithm statement and data quantity, T trans(i,j) For the ith available device d i The threat detection task generated is at the ith available device d i And the j-th available device d j Time required for transmission between them, < >>
Step (a)d) The i-th available device d i Is S (e) i ,b i ),
S(e i ,b i )=(E now_i ,Bandwidth now_i ),
S(e,b)=((E now_1 ,Bandwidth now_1 ),...,(E now_i ,Bandwidth now_i ),...,(E now_n ,Bandwidth now_n ));
Step e) comprises the steps of
e-1) by the formula
Calculating to obtain a reward function R i Wherein beta is a reward weight which is more than or equal to 0 and less than or equal to 1;
e-2) when E now_i -E exe_i At > 0, the ith available device d i Threat detection Task of (1) i On the available device d that generated the threat detection task i Executing on the computer;
e-3) when E now_i -E exe_i When less than or equal to 0, the ith available device d i The linked list data field sequentially comprises a device number d i Device current state S (e i ,b i ) And a bonus function R i Reward function R i Initialized to 0, ith available device d i Task for executing threat detection Task i Updating the reward function R in the linked list data field once every interval T i And the current state S (e i ,b i ),5min≤T≤10min;
e-4) the set of reward functions of the set D of available devices is R, r= { R 1 ,R 2 ,...,R i ,...,R n Finding the largest bonus function R in the set of bonus functions R m Task for threat detection i Assigned to the mth available device d m 。
2. The security situation awareness method for a distributed heterogeneous network according to claim 1, wherein: the threat detection model M of step b-1) is an LSTM-Attention model or a density clustering model.
3. The security posture awareness method for a distributed heterogeneous network of claim 1, wherein step f) comprises the steps of:
f-1) Task threat detection i Data set Dataset for threat detection task of (2) i Removing the missing value and the abnormal value;
f-2) Dataset Dataset from which missing and outliers are to be removed i Performing normalization processing to obtain preprocessed data set PretreatemtDataset i ;
f-3) data set PretreatentDataset i Inputting the Threat detection result into a lightweight Threat detection model M', and outputting the Threat detection result through the model i 。
4. A security posture awareness method for a distributed heterogeneous network according to claim 3, characterized in that: further comprising following step f-3) passing the Threat detection result thread i Uploading the situation awareness total controller to the cloud situation awareness total controller, and updating situation awareness data by the cloud situation awareness total controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310380411.7A CN116436666B (en) | 2023-04-11 | 2023-04-11 | Security situation awareness method for distributed heterogeneous network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310380411.7A CN116436666B (en) | 2023-04-11 | 2023-04-11 | Security situation awareness method for distributed heterogeneous network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116436666A CN116436666A (en) | 2023-07-14 |
| CN116436666B true CN116436666B (en) | 2024-01-26 |
Family
ID=87084942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310380411.7A Active CN116436666B (en) | 2023-04-11 | 2023-04-11 | Security situation awareness method for distributed heterogeneous network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116436666B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101126992A (en) * | 2006-08-15 | 2008-02-20 | 国际商业机器公司 | Method and system for dispensing multiple tasks at multiple node of network |
| CN111885040A (en) * | 2020-07-17 | 2020-11-03 | 中国人民解放军战略支援部队信息工程大学 | Distributed network situation perception method, system, server and node equipment |
| CN115277249A (en) * | 2022-09-22 | 2022-11-01 | 山东省计算中心(国家超级计算济南中心) | Network security situation perception method based on cooperation of multi-layer heterogeneous network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7203943B2 (en) * | 2001-10-31 | 2007-04-10 | Avaya Technology Corp. | Dynamic allocation of processing tasks using variable performance hardware platforms |
-
2023
- 2023-04-11 CN CN202310380411.7A patent/CN116436666B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101126992A (en) * | 2006-08-15 | 2008-02-20 | 国际商业机器公司 | Method and system for dispensing multiple tasks at multiple node of network |
| CN111885040A (en) * | 2020-07-17 | 2020-11-03 | 中国人民解放军战略支援部队信息工程大学 | Distributed network situation perception method, system, server and node equipment |
| CN115277249A (en) * | 2022-09-22 | 2022-11-01 | 山东省计算中心(国家超级计算济南中心) | Network security situation perception method based on cooperation of multi-layer heterogeneous network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116436666A (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2020201706B2 (en) | Automated system for generative multimodel multiclass classification and similarity analysis using machine learning | |
| US10331490B2 (en) | Scalable cloud-based time series analysis | |
| US20210160307A1 (en) | Probability-distribution-based log-file analysis | |
| CN109074377B (en) | Managed function execution for real-time processing of data streams | |
| US9575749B1 (en) | Method and apparatus for execution of distributed workflow processes | |
| DE112019000841T5 (en) | Handle I / O operations in a cloud-based storage system | |
| US20130328909A1 (en) | Systems, Methods, and Media for Generating Multidimensional Heat Maps | |
| CN107690616A (en) | Stream transmission connection in limited memory environments | |
| US20190079846A1 (en) | Application performance control system for real time monitoring and control of distributed data processing applications | |
| CN111737127A (en) | Method and apparatus for testing map service | |
| US10503498B2 (en) | Scalable cloud-based time series analysis | |
| JP2023511327A (en) | Model training method and apparatus | |
| Junaid et al. | Modeling an optimized approach for load balancing in cloud | |
| US20180165693A1 (en) | Methods and systems to determine correlated-extreme behavior consumers of data center resources | |
| CN110399271B (en) | Log processing device, method, electronic device, and computer-readable storage medium | |
| US20200042419A1 (en) | System and method for benchmarking ai hardware using synthetic ai model | |
| US9208005B2 (en) | System and method for performance management of large scale SDP platforms | |
| US8700637B2 (en) | Complex event processing engine | |
| CN116436666B (en) | Security situation awareness method for distributed heterogeneous network | |
| US20220382614A1 (en) | Hierarchical neural network-based root cause analysis for distributed computing systems | |
| US20230229537A1 (en) | Methods and systems that automatically predict distributed-computer-system performance degradation using automatically trained machine-learning components | |
| Gaykar et al. | Faulty Node Detection in HDFS Using Machine Learning Techniques. | |
| Křikava | Domain-specific modeling language for self-adaptive software system architectures | |
| EP4184328A1 (en) | Medical imaging device fault handling | |
| US20230229735A1 (en) | Training and implementing machine-learning models utilizing model container workflows |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |