CN111050302A - Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster - Google Patents
Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster Download PDFInfo
- Publication number
- CN111050302A CN111050302A CN201911336202.2A CN201911336202A CN111050302A CN 111050302 A CN111050302 A CN 111050302A CN 201911336202 A CN201911336202 A CN 201911336202A CN 111050302 A CN111050302 A CN 111050302A
- Authority
- CN
- China
- Prior art keywords
- threat
- monitor
- event
- unmanned aerial
- aerial vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Alarm Systems (AREA)
Abstract
The invention relates to the technical field of network security, and discloses a group intelligent system threat monitoring method suitable for a small unmanned aerial vehicle cluster, which mainly comprises the following three aspects: (1) defining the safety property of the unmanned flight system, and realizing light threat data acquisition through abstract description and a safety property protocol language; (2) by designing a security threat monitor and an interaction mode of verification and Bayesian network during operation, the threats such as attack behavior and network system abnormity are timely discovered and detected, and data-driven threat identification is realized; (3) and performing global security situation evaluation based on the global view. The scheme realizes lightweight threat data acquired as required, and provides a high-quality data base for threat monitoring of a group intelligent system; on the other hand, global perception of threat behaviors is achieved, and the problems of small dimension, low precision and high load of a monitoring means are solved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a group intelligent system threat monitoring method suitable for a small unmanned aerial vehicle cluster.
Background
The small unmanned aerial vehicle cluster is a main research object in distributed group intelligent research, and aims to realize distributed cooperative coordination control among intelligent systems with relatively simple functions and finally complete complex tasks. Therefore, currently, many group intelligent theories and technical researches are developed domestically, for example, analysis, control and optimization mechanisms under network group intelligence, and researches on group intelligent theories and methods based on a neural network, network group intelligent learning and cooperative control, network group intelligent information mining and decision optimization and other theories and related application researches are still in a starting stage in terms of security threat resistance, and only relate to the security problem of an unmanned aerial vehicle system on cooperative control.
The Huazhong university of science and technology has studied the problem of static consistency of multi-agent systems under the condition of communication time delay: the self-delay proportion-differentiation control protocol is provided aiming at the multi-agent system with the directed symmetrical communication network under the communication delay, so that the states of the system finally tend to be consistent. The average consistency of a multi-agent system with variable communication delay is also studied at the same time: the consistency gain is introduced into the consistency protocol, and a linear matrix inequality method is utilized to provide sufficient conditions for achieving consistency of the multi-agent system with time-varying communication delay. The Zhejiang industrial university researches the problem of safety consistency of a continuous-time nonlinear multi-agent system under malicious attack and communication delay: according to the time delay information interacted between the neighbors, a consistency algorithm with anti-attack and time delay capabilities is provided. The problem of limited time consistency of multi-agent systems under malicious attacks is studied. An effective node information deletion rule is designed according to the number upper limit of the maximum malicious nodes in the neighbors and the corresponding robustness of the directed network topology. Then, a limited time safety consistency protocol is provided by combining an iterative learning control method.
The prior art has the following defects: firstly, monitoring all logs and network data in a swarm intelligence system needs to consume huge safety resources, not only a great deal of noise is generated to make a subsequent threat detection link difficult to identify real important threats, but also the transmission of massive threat data is very likely to cause network congestion, and the stability of a normal service flow is seriously influenced. In addition, the main idea of the existing threat monitoring technology is to finish the positioning and discovery of threats by means of pattern matching of a malicious feature library and an abnormal behavior chain, high-level security threats are usually hidden in network flow in a staged and deep manner, and the problem cannot be solved by independently and singly analyzing an intelligent system alarm log.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the problems of few dimensionality, low precision and high load of the existing detection means, the group intelligent system threat monitoring method suitable for the small unmanned aerial vehicle cluster is provided.
The technical scheme adopted by the invention is as follows: a group intelligent system threat monitoring method suitable for a small unmanned aerial vehicle cluster comprises the following steps:
lightweight threat data collection: the safety property of the unmanned aerial vehicle flight system is abstractly described by adopting discrete time-based measurement sequential logic, a protocol for lightweight collection of threat data is generated based on a safety property protocol language, and lightweight threat data is collected;
data-driven threat identification: generating a monitor in the form of an automaton in dependence on the monitored property; extracting an event, carrying out parameterization processing on the event, segmenting an execution path of a program into a plurality of slices according to parameters, and respectively sending the slices as input to a monitor to obtain monitoring output; inputting the monitoring output and the extracted event into a Bayesian network as known information, and obtaining threat index information based on output results of the Bayesian network and the monitor;
global security posture assessment: and constructing a global view of the security situation analysis, integrating local threat index information into the global view of the security situation analysis, and performing the security situation analysis.
Further, in the process of collecting the light threat data:
firstly, describing the system state and the sequential logic of the unmanned aerial vehicle cluster by utilizing linear sequential logic;
then, supplementing the description dimension of the linear time sequence logic by using measurement time sequence logic to obtain a logic formula, and setting a system protocol language, wherein each protocol in the protocol language consists of a specific identifier, a plurality of events and a plurality of properties, the events are used for triggering the state change of the acquisition monitor, and the properties are the logic formula;
and finally, carrying out reduction description on the safety property of the unmanned aerial vehicle cluster through a reduction language to generate an acquisition monitor, dynamically adjusting an acquisition strategy of threat data, and realizing lightweight threat data acquisition with variable monitoring granularity.
Further, the process of dynamic adjustment includes: and feeding threat index information obtained based on the output result of the Bayesian network and the monitor back to a threat data acquisition process, and adjusting the monitor output in an iterative loop manner.
Furthermore, each of the conventions also defines an execution behavior when the monitor judges that the property is violated.
Further, the variables of the system state comprise system logs acquired from the unmanned aerial vehicle, system state data in the information of each sensor and system state variables.
Further, the sequential logic comprises a logic operator and a sequential operator, the logic operator comprises a standard operator logic AND, a logic OR, a logic NOT and an implication, and the sequential operator is used for expressing a sequential relation between the time.
Furthermore, in the data-driven threat identification process, firstly, after the log of the unmanned aerial vehicle system and the sensor information generate an event through the event and state information extraction module, the event and the parameterization information of the event are input into the event parameterization processing module; the event parameterization processing module is used for carrying out parameterization processing on events, screening parameters of each event and determining state variables which can be triggered by the events; slicing the event sequence according to different parameters, marking and extracting events related to the same parameter in the event sequence to form a path slice corresponding to the parameter, and obtaining a plurality of parameterized path slices; and finally, after each path slice is input into the monitor, the monitor modifies state variables of different parameters.
Further, in the global security situation assessment process, the method for integrating the local threat index information into the global view of the security situation analysis includes: and corresponding the global information classes and class attributes in the global view with the local information classes and class attributes actually stored in each local information source, and establishing a corresponding mapping relation.
Furthermore, in the process of analyzing the security situation, a large number of attack threat records are associated by mining the possible consequences caused by the previous attack flow and the prerequisite condition of successful implementation of the next attack flow, and the attack scene is reconstructed to analyze the security situation.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows:
the technical scheme of the invention generates the acquisition monitor based on the reduction description of the safety property, dynamically adjusts the acquisition strategy of the threat data, realizes the description and division of variable granularity, and digs the threat data and the characteristics with safety analysis value from the original data full of noise, thereby realizing the lightweight of the threat data acquired according to the requirement and providing a high-quality data base for the threat monitoring of a swarm intelligence system; the problem of threat data lightweight is solved.
The technical scheme of the invention establishes a global view, establishes a mapping relation between a local information source and information classes and class attributes in the global view, gradually peels off elaborate camouflage of high-level security threats from different visual angles, and re-establishes behavior association of security threats distributed in each stage, thereby realizing global perception of threat behaviors; breaking through the behavior of perceiving threats from the whole world.
Drawings
FIG. 1 is a schematic diagram of a group intelligent system threat monitoring method according to the present invention.
FIG. 2 is a schematic view of a monitoring feedback loop in the threat monitoring method for a swarm intelligence system according to the present invention.
FIG. 3 is a schematic diagram of an environment and platform framework of one embodiment of a swarm intelligence system threat monitoring method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
A group intelligent system threat monitoring method suitable for a small unmanned aerial vehicle cluster is characterized in that safety events have time sequence and real-time characteristics, are closely related to information such as physical components and communication, and have precedence causal relationship between events and states, a method of verification in operation is adopted, flight system safety threats of the unmanned aerial vehicle cluster are monitored in a mode of automatically generating an operation monitor, a threat monitoring framework is shown as a figure 1, and the monitoring method comprises the following steps:
lightweight threat data collection: the process mainly defines the safety property of the unmanned aerial vehicle flight system, abstractly describes the safety property of the unmanned aerial vehicle flight system by adopting measurement time sequence logic based on discrete time, generates a threat data lightweight collection protocol based on a safety property protocol language in a threat data collection framework, can analyze event and state information through a protocol analysis module, analyzes parameterized information, analyzes an alternative automaton, and controls the collection module to collect light threat data based on the collection protocol;
data-driven threat identification: generating a monitor in the form of an automaton in dependence on the monitored property; extracting an event, carrying out parameterization processing on the event, segmenting an execution path of a program into a plurality of slices according to parameters, and respectively sending the slices as input to a monitor to obtain monitoring output;
inputting the monitoring output and the extracted event into a Bayesian network as known information, and obtaining threat index information based on output monitoring results of the Bayesian network and the monitor;
global security posture assessment: and constructing a global view of the security situation analysis, integrating local threat index information into the global view of the security situation analysis, and performing the security situation analysis.
In addition, as shown in fig. 2, a threat monitoring and characterizing component of the threat monitoring system monitors potential threats by analyzing a data source to obtain a monitoring result, associates the potential threats and threat screening data to form a further verification data acquisition requirement, returns the monitoring result to a protocol parsing module, judges whether the protocol requirement is met by the protocol parsing module based on a lightweight acquisition planning algorithm and a data collection tool in a threat data framework, generates and executes a new acquisition granularity, a new acquisition strategy and a new acquisition plan by an intelligent data acquisition component, feeds the newly acquired data back to the threat monitoring and characterizing component again, and iterates to enable the system to collect other information about the threats under investigation, thereby improving the detection accuracy to the maximum extent.
Due to the characteristics of a distributed control mode of a group intelligent system, simple functions of group individuals, weak security resources and the like, the group intelligent system faces severe security risks in an open complex network environment, and due to the lack of global threat monitoring and defense functions, a single node cannot effectively sense attacks and threats. By researching the characteristics of the small unmanned aerial vehicle cluster in the aspects of hardware composition, network protocol, networking mode, operation mechanism and the like, the security threat category, behavior and security risk faced by the small unmanned aerial vehicle cluster are analyzed. The scheme of the embodiment solves the problems of small dimension, low precision and high load of a monitoring means, adapts to the grouping trend, can resist the group intelligent system threat monitoring technology required by novel threats, and lays a technical foundation for the threat detection of a distributed intelligent system.
Data acquisition: the unmanned aerial vehicle cluster flight in-process needs constantly receive ground control platform's instruction and obtains self position data through the satellite in real time, and the navigation computer can take notes unmanned aerial vehicle flight condition, such as CPU temperature, memory rate of utilization, sensor's parameter information etc. communication positioning system data and navigation computer data generate the system log through unmanned aerial vehicle system's software system in real time to the behavior of analysis unmanned aerial vehicle. The sensor parameter information can be obtained by reading the log of the unmanned flight system, and can also be obtained by directly reading the sensor data. In order to ensure the real-time performance of the sensor information, the sensor information is directly read. The data acquisition process therefore yields system logs and sensor information.
Preferably, the lightweight threat data acquisition is a data basis for realizing threat detection, and in this implementation, the lightweight threat data acquisition process:
firstly, describing a system state and a time sequence logic of an unmanned aerial vehicle cluster by utilizing a linear time sequence logic;
the system state variables comprise system logs acquired from the unmanned aerial system, system state data in the information of each sensor and system state variables.
Wherein the sequential logic comprises a logical operator and a sequential operator, the logical operator comprises a standard operator logical AND, logical OR, logical NOT and implication, and the sequential operator is used for expressing a sequential relationship between times.
Then, supplementing the description dimension of the linear time sequence logic by using measurement time sequence logic to obtain a logic formula, and setting a system protocol language, wherein each protocol in the protocol language consists of a specific identifier, a plurality of events and a plurality of properties, the events are used for triggering the state change of the acquisition monitor, and the properties are the logic formula;
typical properties of the reliability safety and the confidentiality safety of the unmanned aerial vehicle are described and numbered, an event set is defined to intuitively express a complex protocol, and the typical properties comprise that the unmanned aerial vehicle cannot accept an instruction with risk in the flight process, the unmanned aerial vehicle receives an abnormal instruction and generates large amplitude oscillation in the flight process, the unmanned aerial vehicle receives an abnormal period instruction after mode switching, and the like; for example, in the process that the unmanned aerial vehicle is subjected to distributed denial of service attack (DDOS), an attacker can send a large number of tentative instructions to crack a communication link, and in the cracking process, the unmanned aerial vehicle can receive many bad packets in a short time; after breaking the communication protocol of the drone, an attacker may send a series of anomalous commands to obtain the flight data of the drone. Therefore, according to the attack scenarios, security property description protocols corresponding to the attack types can be constructed, the properties described by the sequential logic formula are relatively abstract, when the acquisition monitor is generated, the acquisition monitor is mapped with corresponding events and states, the logic formula needs to be expanded into corresponding monitoring scripts, and a monitoring protocol expression form which can be identified by a computer is given, so that a property protocol language is set in the embodiment to formally express the security properties of the unmanned aerial vehicle cluster, and each protocol is composed of a specific identifier, a plurality of events and a plurality of properties; the event is used as an atomic proposition in the property, is used for triggering the state change of the acquisition monitor, and can be the state of a flight mode, the type of a received instruction and the value of parameter information. The nature is a logical formula, and the acquisition monitor in the form of an automaton can be generated by a corresponding algorithm.
And each protocol also defines an execution behavior of the monitor when the property is violated, wherein the execution behavior can be an alarm, a record or a control intervention behavior for the unmanned aerial vehicle system.
And finally, carrying out reduction description on the safety property of the unmanned aerial vehicle cluster through a reduction language to generate an acquisition monitor, dynamically adjusting an acquisition strategy of threat data, and realizing lightweight threat data acquisition with variable monitoring granularity.
Preferably, the data-driven global threat identification is a technical support for intelligent threat monitoring, the main method of the data-driven global threat identification is to complete a complete conversion process from local data to threat information and from the threat information to global security posture analysis and evaluation through threat dynamic identification based on distributed threat data analysis, and complete the timely discovery and detection of threats such as attack behaviors and network system anomalies through designing a security threat monitor and an interaction mode of runtime verification and a Bayesian network. In order to monitor the sequential logic formula on line during the operation, it is necessary to generate the property specification into a monitor in the form of an automaton, and during the operation of the software, the monitor performs state transition according to the input state and event, and gives a warning when an illegal state is reached. In this regard, a monitor auto-generation algorithm needs to be presented for acquisition protocols. In discrete control software, there is a ubiquitous monitoring requirement for different objects of a class or different instances of a structure to meet a certain property. For example, in a drone system, it is often required that the flying height of a drone cluster is not less than a certain value during the flight. For such properties, a rule can be written for each object or instance for monitoring purposes. But it is more common to introduce parameterized propositions or describe them using parameterized property conventions and use formal methods to generate monitors to accomplish monitoring of such properties. For parametric property monitoring, the processing of parameters, which is the most different from the property without parameters, especially for centralized monitoring of multiple objects, requires special processing. In the operation verification, a path slicing method is adopted, a monitor is generated according to monitored properties, then an execution path of a program is divided into a plurality of slices according to parameters, and the plurality of path slices are respectively used as input and sent to the monitor so as to respectively give corresponding conclusions to each parameter. The specific implementation process of this embodiment is as follows:
firstly, after an event is generated by an unmanned aerial vehicle system log and sensor information through an event and state information extraction module, the event and parameterization information of the event are input into an event parameterization processing module; the event parameterization processing module is used for carrying out parameterization processing on events, screening parameters of each event and determining state variables which can be triggered by the events;
slicing the event sequence according to different parameters, marking and extracting events related to the same parameter in the event sequence to form a path slice corresponding to the parameter, and obtaining a plurality of parameterized path slices;
finally, after each path slice is input into the monitor, the monitor modifies the state variables of different parameters, so as to achieve the purpose of processing different path slices by using the same monitor and different state variables. In addition, since in a drone system, violations of certain security properties may be caused by a variety of reasons, it is difficult to accurately determine whether the true cause is due to an external attack, relying solely on the monitor. For this reason, a bayesian network model is introduced to improve the accuracy of the overall security threat detection. A Bayesian network model of a monitored object is established by utilizing an observation data set in combination with a priori knowledge and other related methods, and then the output of a monitor and other related information (known information such as extracted events) are input into a network as the known information of the Bayesian network, so that the accurate probability value of the cause of the problem can be obtained. Through the accumulation of observation data, a Bayesian network learning algorithm can be used for updating the Bayesian network so as to obtain a more accurate threat monitoring network model.
Preferably, the global security situation analysis is a process of understanding and predicting security elements causing changes of network security states, and the method mainly includes the steps of building a global view of the security situation analysis, integrating local threat index information into a global situation, and realizing hierarchical security threat situation analysis of the unmanned aerial vehicle cluster by using differences and relevance of global situation perception and local fine detection. The virtual view is an information sharing and cooperating method for constructing an information virtual global view, and the core content is how to construct the mapping relation between the threat information sharing global view and each information source local view. The view mapping relationship refers to a corresponding relationship between the global view element and the local view element. On the basis of establishing a virtual organization information sharing global view, the key step of realizing virtual organization information sharing is to establish a mapping relation between the global view and each organization unit information source local view. The view mapping relationship corresponds the global information class and the class attribute in the global view to the local information class and the class attribute actually stored in each local information source, and provides guidance and support for information searching, positioning and obtaining through the global view.
Preferably, on the basis of the threat information global view, the core idea of the threat association early warning is that a causal relationship exists between compound attack steps. Therefore, in the process of analyzing the security situation, a great number of attack threat records are associated by mining possible consequences caused by the previous attack flow and the prerequisite condition of successful implementation of the next attack flow, and the attack scene is reconstructed to analyze the security situation, so that the understanding of the attack process is facilitated, and the overall analysis of the global security situation is realized.
One embodiment is as follows: the unmanned aerial vehicle cluster is used as a typical swarm intelligent system, the example environment is formed by a plurality of self-made multi-rotor unmanned aerial vehicles and a software simulation unmanned aerial vehicle, the software simulation is carried out on an open source unmanned aerial vehicle development and simulation platform, an environment platform framework is shown in figure 3, the self-made typical four-axis aircraft is used as an unmanned aerial vehicle swarm basic motion platform, and an embedded development board (such as raspberry, Xinjiang N3 and a sensor) is used for forming a swarm intelligent system hardware platform. The environment platform framework of fig. 3 operates as follows: the unmanned aerial vehicle simulation node runs software in a simulation environment, the operations of an unmanned aerial vehicle driver and an attacker are simulated through an unmanned aerial vehicle communication protocol agent, namely the unmanned aerial vehicle is simulated through the software, generated flight data are transmitted to a development board through a protocol, and the unmanned aerial vehicle flight data are directly transmitted to the development board through the self-made unmanned aerial vehicle node. An attacker initiates an attack on the unmanned aerial vehicle in modes of anomalous instructions, DDoS hijacking and the like, the threat data acquisition module acquires threat data in the attack process, the data analysis module takes the processed data as the input of the runtime verification module and the Bayesian network, and complex digital signals can be input into the runtime verification module only after being subjected to fast Fourier transform. The logic circuit in the runtime verification module generates corresponding output according to the input; for results possibly induced by multiple reasons, the output results can be input into a Bayesian network for analysis, so that the global situation analysis result of the unmanned aerial vehicle cluster is obtained, and corresponding abnormal instructions and attack modes are identified. Therefore, the intelligent threat monitoring technology provided by the invention can effectively detect the security threat of the small unmanned aerial vehicle cluster in the current network environment.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed. Those skilled in the art to which the invention pertains will appreciate that insubstantial changes or modifications can be made without departing from the spirit of the invention as defined by the appended claims.
Claims (9)
1. A group intelligent system threat monitoring method suitable for a small unmanned aerial vehicle cluster is characterized by comprising the following steps:
lightweight threat data collection: the safety property of the unmanned aerial vehicle flight system is abstractly described by adopting discrete time-based measurement sequential logic, a protocol for lightweight collection of threat data is generated based on a safety property protocol language, and lightweight threat data is collected;
data-driven threat identification: generating a monitor in the form of an automaton in dependence on the monitored property; extracting an event, carrying out parameterization processing on the event, segmenting an execution path of a program into a plurality of slices according to parameters, and respectively sending the slices as input to a monitor to obtain monitoring output; inputting the monitoring output and the extracted event into a Bayesian network as known information, and obtaining threat index information based on output results of the Bayesian network and the monitor;
global security posture assessment: and constructing a global view of the security situation analysis, integrating local threat index information into the global view of the security situation analysis, and performing the security situation analysis.
2. The crowd-sourcing system threat monitoring method applicable to a drone swarm of claim 1, wherein in the lightweight threat data collection process:
firstly, describing the system state and the sequential logic of the unmanned aerial vehicle cluster by utilizing linear sequential logic;
then, supplementing the description dimension of the linear time sequence logic by using measurement time sequence logic to obtain a logic formula, and setting a system protocol language, wherein each protocol in the protocol language consists of a specific identifier, a plurality of events and a plurality of properties, the events are used for triggering the state change of the acquisition monitor, and the properties are the logic formula;
and finally, carrying out reduction description on the safety property of the unmanned aerial vehicle cluster through a reduction language to generate an acquisition monitor, dynamically adjusting an acquisition strategy of threat data, and realizing lightweight threat data acquisition with variable monitoring granularity.
3. The swarm intelligence system threat monitoring method that is suitable for a drone mini-cluster of claim 2, the process of dynamically adjusting comprising: and feeding threat index information obtained based on the output result of the Bayesian network and the monitor back to a threat data acquisition process, and adjusting the monitor output in an iterative loop manner.
4. The swarm intelligence system threat monitoring method for a drone swarm of claim 2, wherein each of the conventions further defines an execution behavior of the monitor to determine the violation of the property.
5. The swarm intelligence system threat monitoring method for a drone swarm of claim 2, wherein the system state variables include system logs obtained from the drone flight system, system state data in the respective sensor information, and system state variables.
6. The swarm intelligence system threat monitoring method for a drone mini-cluster of claim 2, the sequential logic comprising logical operators and sequential operators, the logical operators comprising standard operator logical and, logical or, logical not and implications, the sequential operators to express a sequential relationship between times.
7. The crowd-sourcing system threat monitoring method of claim 1, adapted for a cluster of drones, wherein in the data-driven threat identification process, first, after the drone system log and sensor information generate an event through the event and state information extraction module, they are input into the event parameterization processing module together with the event parameterization information; the event parameterization processing module is used for carrying out parameterization processing on events, screening parameters of each event and determining state variables which can be triggered by the events; slicing the event sequence according to different parameters, marking and extracting events related to the same parameter in the event sequence to form a path slice corresponding to the parameter, and obtaining a plurality of parameterized path slices; and finally, after each path slice is input into the monitor, the monitor modifies state variables of different parameters.
8. The crowd-sourcing system threat monitoring method applicable to a drone swarm of claim 1, wherein in the global security situation assessment process, the method of integrating local threat indicator information into the global view of security situation analysis comprises: and corresponding the global information classes and class attributes in the global view with the local information classes and class attributes actually stored in each local information source, and establishing a corresponding mapping relation.
9. The crowd intelligent system threat monitoring method suitable for the unmanned aerial vehicle cluster as claimed in claim 8, in the security situation analysis process, by mining the possible consequences caused by the previous attack flow and the prerequisite condition for the successful implementation of the next attack flow, a large number of attack threat records are associated, and the attack scene is reconstructed to analyze the security situation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911336202.2A CN111050302A (en) | 2019-12-23 | 2019-12-23 | Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911336202.2A CN111050302A (en) | 2019-12-23 | 2019-12-23 | Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111050302A true CN111050302A (en) | 2020-04-21 |
Family
ID=70238521
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911336202.2A Pending CN111050302A (en) | 2019-12-23 | 2019-12-23 | Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111050302A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113627451A (en) * | 2020-05-08 | 2021-11-09 | 许继集团有限公司 | Non-invasive household electricity consumption behavior dynamic monitoring method based on Bayesian network |
| CN114489025A (en) * | 2022-02-14 | 2022-05-13 | 上海交通大学宁波人工智能研究院 | Model-driven industrial control system safety protection method |
| CN114492059A (en) * | 2022-02-07 | 2022-05-13 | 清华大学 | Multi-agent confrontation scene situation assessment method and device based on field energy |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259223A (en) * | 2017-12-07 | 2018-07-06 | 中国航空工业集团公司西安航空计算技术研究所 | The unmanned plane network system security Situation Awareness appraisal procedure for preventing GPS from cheating |
| CN108881323A (en) * | 2018-09-18 | 2018-11-23 | 中国人民解放军战略支援部队信息工程大学 | Threat detection system and method based on gunz theory |
| CN109714312A (en) * | 2018-11-19 | 2019-05-03 | 中国科学院信息工程研究所 | A kind of acquisition strategies generation method and system based on outside threat |
| CN109981686A (en) * | 2019-04-15 | 2019-07-05 | 广东电网有限责任公司 | A kind of network security situational awareness method and system based on circulation confrontation |
-
2019
- 2019-12-23 CN CN201911336202.2A patent/CN111050302A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259223A (en) * | 2017-12-07 | 2018-07-06 | 中国航空工业集团公司西安航空计算技术研究所 | The unmanned plane network system security Situation Awareness appraisal procedure for preventing GPS from cheating |
| CN108881323A (en) * | 2018-09-18 | 2018-11-23 | 中国人民解放军战略支援部队信息工程大学 | Threat detection system and method based on gunz theory |
| CN109714312A (en) * | 2018-11-19 | 2019-05-03 | 中国科学院信息工程研究所 | A kind of acquisition strategies generation method and system based on outside threat |
| CN109981686A (en) * | 2019-04-15 | 2019-07-05 | 广东电网有限责任公司 | A kind of network security situational awareness method and system based on circulation confrontation |
Non-Patent Citations (1)
| Title |
|---|
| 杨栋: "基于运行时验证的无人飞行系统安全威胁检测方法", 《软件学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113627451A (en) * | 2020-05-08 | 2021-11-09 | 许继集团有限公司 | Non-invasive household electricity consumption behavior dynamic monitoring method based on Bayesian network |
| CN113627451B (en) * | 2020-05-08 | 2024-04-19 | 许继集团有限公司 | Non-invasive household electricity behavior dynamic monitoring method based on Bayesian network |
| CN114492059A (en) * | 2022-02-07 | 2022-05-13 | 清华大学 | Multi-agent confrontation scene situation assessment method and device based on field energy |
| CN114489025A (en) * | 2022-02-14 | 2022-05-13 | 上海交通大学宁波人工智能研究院 | Model-driven industrial control system safety protection method |
| CN114489025B (en) * | 2022-02-14 | 2023-07-04 | 上海交通大学宁波人工智能研究院 | Model-driven industrial control system safety protection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11336669B2 (en) | Artificial intelligence cyber security analyst | |
| US20210273960A1 (en) | Cyber threat defense system and method | |
| US20210273957A1 (en) | Cyber security for software-as-a-service factoring risk | |
| US20230011004A1 (en) | Cyber security sandbox environment | |
| EP2487860B1 (en) | Method and system for improving security threats detection in communication networks | |
| CN111050302A (en) | Group intelligent system threat monitoring method suitable for small unmanned aerial vehicle cluster | |
| US20220360597A1 (en) | Cyber security system utilizing interactions between detected and hypothesize cyber-incidents | |
| CN105024877A (en) | Hadoop malicious node detection system based on network behavior analysis | |
| US20230132703A1 (en) | Capturing Importance In A Network Using Graph Theory | |
| EP4154136A1 (en) | Endpoint client sensors for extending network visibility | |
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| Shakya | Process mining error detection for securing the IoT system | |
| CN115795330A (en) | Medical information anomaly detection method and system based on AI algorithm | |
| US11706192B2 (en) | Integrated behavior-based infrastructure command validation | |
| Bakirtzis et al. | MISSION AWARE: Evidence-based, mission-centric cybersecurity analysis | |
| Alqurashi et al. | On the performance of isolation forest and multi layer perceptron for anomaly detection in industrial control systems networks | |
| Castiglione et al. | Which attacks lead to hazards? combining safety and security analysis for cyber-physical systems | |
| CA3226148A1 (en) | Cyber security system utilizing interactions between detected and hypothesize cyber-incidents | |
| Nintsiou et al. | Threat intelligence using Digital Twin honeypots in Cybersecurity | |
| Naukudkar et al. | Enhancing performance of security log analysis using correlation-prediction technique | |
| Zhang et al. | Hybrid intrusion detection based on data mining | |
| KR102656541B1 (en) | Device, method and program that analyzes large log data using a distributed method for each log type | |
| Wu | Networked Test System Attack Detection Based on Deep Generative Models | |
| Ayoughi et al. | Enhancing Automata Learning with Statistical Machine Learning: A Network Security Case Study | |
| EP4012999A1 (en) | Method of threat detection in a threat detection network and threat detection network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200421 |
|
| RJ01 | Rejection of invention patent application after publication |