CN113554330A - Training method and application method of security situation perception model of hydrological information platform - Google Patents

Training method and application method of security situation perception model of hydrological information platform Download PDF

Info

Publication number
CN113554330A
CN113554330A CN202110868787.3A CN202110868787A CN113554330A CN 113554330 A CN113554330 A CN 113554330A CN 202110868787 A CN202110868787 A CN 202110868787A CN 113554330 A CN113554330 A CN 113554330A
Authority
CN
China
Prior art keywords
security
safety
subsystem
situation
information platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110868787.3A
Other languages
Chinese (zh)
Inventor
王烁程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Chuangcheng Technology Co ltd
Original Assignee
Beijing Chuangcheng Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Chuangcheng Technology Co ltd filed Critical Beijing Chuangcheng Technology Co ltd
Priority to CN202110868787.3A priority Critical patent/CN113554330A/en
Publication of CN113554330A publication Critical patent/CN113554330A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/04Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • G06Q50/265Personal security, identity or safety

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Tourism & Hospitality (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • General Business, Economics & Management (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Quality & Reliability (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Evolutionary Computation (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Primary Health Care (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a training method and an application method of a security situation perception model of a hydrological information platform. Acquiring information security situation data of each subsystem of the hydrological information platform by using a big data collection technology, and analyzing and evaluating to obtain security element evaluation vectors at different moments; calculating based on the safety factor evaluation vector to obtain the safety situation values of all the subsystems and the whole hydrologic information platform; and based on a neural network algorithm, training by using the security situation value as a training sample to obtain a security situation perception model. Therefore, the big data analysis technology and the neural network algorithm are used for evaluating and predicting the system security situation, the current information security condition can be monitored, the change trend of the future security state can be predicted, a reference basis is provided for guaranteeing the information security of the hydrological information platform, and the effective response to the network attack is realized.

Description

Training method and application method of security situation perception model of hydrological information platform
Technical Field
The application relates to the technical field of hydrologic information platform safety monitoring and prediction, in particular to a training method and an application method of a safety situation perception model of a hydrologic information platform.
Background
The communication and internet technology is combined with the traditional hydrology management method, and the hydrology informatization process is greatly promoted. By applying the new technology, the hydrological monitoring network information platform (hydrological information platform for short) is subjected to upgrading on 4 aspects of perception, communication, platform and application, so that a modern and intelligent hydrological station based on 5G communication and big data cloud computing technology is created, and hydrological information comprehensive management and efficient information utilization are realized. The integration of communication technology and network promotes hydrological monitoring to move to the era of intelligent networking, but the consequent information security problem restricts the further application and popularization of the hydrological information platform.
The security situation awareness can master the overall risk condition of the system, predict security threats and realize effective response. At present, a security situation awareness model is applied to various fields by a plurality of scholars to improve the security defense level of a system. The information security of the hydrological information platform relates to monitoring equipment, a communication network, an information processing platform and the like, but most of the current researches are carried out on a certain part, the research on the overall security of the hydrological information platform system is less, and the threat is difficult to identify in time and the effective response is difficult to carry out in time when a large-scale information security incident occurs.
Disclosure of Invention
The application provides a training method and an application method of a security situation perception model of a hydrological information platform, and aims to solve the problems that the prior art has less research on the overall security of the hydrological information platform system, is difficult to identify threats in time and is difficult to respond effectively in time when large-scale information security events occur to at least a certain extent.
The above object of the present application is achieved by the following technical solutions:
in a first aspect, an embodiment of the present application provides a training method for a security situation awareness model of a hydrological information platform, including:
acquiring information security situation data of each subsystem of the hydrological information platform by applying a big data collection technology; the subsystem comprises a monitoring terminal, a communication network and a cloud platform;
analyzing and evaluating the information security situation data of each subsystem to obtain security element evaluation vectors of each subsystem at different moments;
calculating the safety situation of each subsystem and the whole hydrological information platform based on the safety factor evaluation vector to obtain the safety situation value of each subsystem and the whole hydrological information platform;
and based on a neural network algorithm, training to obtain a security situation perception model by using the security situation value as a training sample.
Optionally, the obtaining information security situation data of each subsystem of the hydrologic information platform by applying the big data collection technology includes:
acquiring information security situation data corresponding to each security element in the element sets based on a plurality of element sets constructed in advance by applying a big data collection technology; wherein the plurality of element sets are respectively constructed for the safety elements related to each subsystem.
Optionally, the analyzing and evaluating the information security situation data of each subsystem to obtain the security element evaluation vector of each subsystem at different times includes:
respectively determining the probability of each safety factor in each safety level according to a plurality of preset safety levels;
and aiming at each safety element, obtaining a corresponding safety element evaluation vector based on the probability of each safety element in each safety level.
Optionally, the preset multiple security levels include: safe, safer, substantially safe, unsafe, and dangerous.
Optionally, the calculating, based on the safety element evaluation vector, the safety situation of each subsystem and the whole hydrologic information platform to obtain the safety situation value of each subsystem and the whole hydrologic information platform includes:
respectively constructing fuzzy evaluation matrixes of the subsystems based on the safety factor evaluation vectors;
respectively constructing judgment matrixes for determining the importance of each safety element of each subsystem, and respectively calculating the maximum eigenvalue of each judgment matrix by using the following formula;
Figure BDA0003188259690000031
in the formula, λmaxTaking the maximum eigenvalue, m is the number of safety elements, W is the average value of each row of the judgment matrix, and A is the judgment matrix;
on the basis of the maximum eigenvalue, consistency judgment is carried out on each judgment matrix;
if the judgment result is that the consistency requirement is met, taking the mean value W of each row of the judgment matrix as a weight vector of the corresponding safety element;
normalizing each obtained weight vector;
carrying out weighted synthesis operation on the normalized weight vector and the corresponding fuzzy evaluation matrix to obtain a safety situation value of each subsystem;
and calculating the safety situation value of the whole hydrologic information platform based on the safety situation value of each subsystem according to the weight of each subsystem in the whole hydrologic information platform.
Optionally, the method further includes:
and determining the security situation level corresponding to each security situation value based on a preset situation perception level table.
Optionally, the neural network algorithm comprises a radial basis function neural network.
In a second aspect, an embodiment of the present application further provides an application method of a security situation awareness model of a hydrologic information platform, where the security situation awareness model is obtained by training using the method of any one of the first aspect, and the application method includes:
inputting historical information security situation data into the security situation perception model to obtain security situation values of all subsystems and the whole hydrologic information platform at a future moment;
and determining the safety situation of the whole hydrological information platform and each subsystem based on the obtained safety situation value.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
according to the technical scheme provided by the embodiment of the application, big data collection technology is applied to obtain information security situation data of each subsystem of the hydrological information platform; analyzing and evaluating the information security situation data of each subsystem to obtain security element evaluation vectors of each subsystem at different moments; then, calculating the safety situation of each subsystem and the whole hydrologic information platform based on the safety factor evaluation vector to obtain the safety situation value of each subsystem and the whole hydrologic information platform; and finally, based on a neural network algorithm, training by using the security situation value as a training sample to obtain a security situation perception model. Therefore, the big data analysis technology is used for evaluating and predicting the system security situation, the security situation of each subsystem of the hydrological information platform is analyzed respectively, the overall control of the security situation of the hydrological information platform is realized, compared with the prior art, when a large-scale information security event occurs, threats can be recognized in time and effective responses can be carried out in time, and then the security situation perception model is applied, the security situation of the hydrological information platform at the future moment can be predicted, so that the security of the hydrological information platform is guaranteed, and the development and application of the hydrological information platform are promoted.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic diagram of a network architecture of a hydrological information platform;
fig. 2 is a schematic flowchart of a training method for a security situation awareness model of a hydrological information platform according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an RBF neural network;
fig. 4 is a schematic diagram of a predicted value of a security situation of a hydrological information platform obtained when validity of model situation awareness is verified in an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The hydrologic information platform is an informatization platform for linking various monitoring devices and various monitoring systems (collectively called monitoring terminals) with a background processing system (a cloud platform can be adopted), and can realize information interaction between the monitoring devices and the monitoring systems and the information processing platform. The hydrological information platform realizes an information intercommunication function through intelligent networking of various monitoring systems, collects various hydrological information, transmits multi-source information to the information processing platform through a communication network, analyzes, processes and shares information data, and then assists relevant departments and personnel to make decisions according to intelligent analysis of various hydrological information, wherein the network architecture of the hydrological information platform is shown in figure 1. Therefore, the hydrologic information platform is an information interaction process from the monitoring terminal to the communication network and then to the cloud platform, and information safety problems exist in all links of the hydrologic information platform system.
The monitoring terminal mainly comprises various sensor systems, an information storage and communication system and the like, and has the main function of transmitting relevant data collected by the sensors to the cloud platform by using a communication network or transmitting a processing command of the cloud platform to the relevant control system, so that the monitoring terminal can automatically collect and feed back hydrological information. The system comprises various monitoring terminals, a comprehensive information system, an analysis and control system and the like, wherein the systems have larger security risks, and the parts of the operating systems, the application software, the firmware and the like have security holes, so that the operating systems, the application software, the firmware and the like are easily attacked maliciously, the collection, the transmission and the control of hydrologic information are interfered, the hydrologic information is incomplete, the misjudgment and the missing of key information are finally caused, further, serious safety accidents are caused, and the life and property safety of people cannot be guaranteed.
The communication network consists of two parts, namely the inside of each system device and a hydrologic information platform. The internal network of each system device is mainly connected with various monitoring devices in the vehicle by a CAN bus through a broadcasting mechanism to realize the communication among all the connecting parts. The hydrologic information platform communication network connects various monitoring devices and monitoring subsystems with the platform through a communication technology to realize cloud communication. The T-BOX is connected with the CAN bus, and CAN realize the information transmission between each subsystem and the hydrologic information platform. The On-Board Diagnostics (OBD) may be connected to an ECU (Electronic Control Unit) via a CAN bus to access the fault information. The security problem existing in the communication network system mainly relates to signal stealing, interference and the like in the wireless communication field.
The hydrologic information platform-acquired cloud platform is a central part of data analysis and processing of the whole system, can collect, process and monitor information of various monitoring devices, and provides accurate hydrologic information for decision makers. However, the cloud platform has security problems such as inherent vulnerability threats of the operating system, and in the aspect of access control, an attacker can interfere with acquisition and transmission of hydrological information by attacking the sensing node to access platform information and interfering information access or changing transmission information. Therefore, the cloud platform should pay attention to security problems such as system vulnerabilities, interface access, account passwords and the like.
Therefore, the hydrologic information platform has the characteristics of large equipment base number, complex structure, frequent information transmission, long online time and the like, so that the hydrologic monitoring terminal and the hydrologic information platform are very easy to attack, and the effective identification and defense of large-range security events can be realized by sensing the security situation of the hydrologic information platform system. In order to identify the security threat of a hydrological information platform system in advance and realize effective response, the application provides a hydrological information platform security situation perception model based on big data analysis and a training and application method of the model. The model collects and processes the safety situation data of the hydrological information platform by applying a big data analysis technology; then, evaluating and predicting the security situation by using a hierarchical analysis model and a neural network algorithm; finally, experimental data are used to verify the scientificity of the model. The result shows that the model can realize effective perception of the overall security situation of the hydrological information platform and provide reference basis for safety protection and timely response of the hydrological information platform. The details of the embodiment are described below by way of examples.
Examples
Referring to fig. 2, fig. 2 is a schematic flowchart of a training method for a security situation awareness model of a hydrological information platform according to an embodiment of the present application. As shown in fig. 2, the method mainly includes the following steps:
s101: acquiring information security situation data of each subsystem of the hydrological information platform by applying a big data collection technology; the subsystem comprises a monitoring terminal, a communication network and a cloud platform;
specifically, the information security posture data of each subsystem refers to data related to security events occurring in the corresponding subsystem, such as whether malicious operations are detected, protocol hijacking or unauthorized operations, and the like.
In a specific embodiment, step S101: the process of acquiring information security situation data of each subsystem of the hydrological information platform by applying a big data collection technology may include: acquiring information security situation data corresponding to each security element in the element sets based on a plurality of element sets constructed in advance by applying a big data collection technology; wherein the plurality of element sets are respectively constructed for the safety elements related to each subsystem.
That is, first, for each subsystem, a component library is constructed separately considering the related security components, and then, for the components in each component library, the corresponding data is sequentially acquired. The monitoring terminal mainly relates to safety elements such as an ECU (electronic control unit), an IVI (In-Vehicle information system), a sensor, an operating system and information transmission, so that the element set can be U1 ═ sensor (v1), ECU (v2), IVI (v3), operating system (v4) and information transmission (v 5); the communication network mainly relates to the safety elements of components such as a CAN bus, a T-BOX, an OBD, and the like, so the element set thereof may be U2 ═ { CAN bus (c1), T-BOX (c2), OBD (c3) }; the cloud platform security mainly comprises the problems of illegal access, modification, damage and the like of information resources, and relates to system security, data security, content security and behavior security of the cloud platform, so that the element set can be U3 ═ system (y1), data (y2), content (y3) and behavior (y4) }.
By the method of establishing the element set in advance and acquiring the corresponding element data based on the element set, all necessary data can be accurately acquired, and omission is avoided.
It should be noted that, besides the monitoring terminal, the communication network and the cloud platform, the hydrologic information platform may further include other subsystems, but the monitoring terminal, the communication network and the cloud platform are usually mainly used, and therefore the present embodiment and the subsequent embodiments are all described in detail by taking the three as examples, but the present application is not limited thereto.
S102: analyzing and evaluating the information security situation data of each subsystem to obtain security element evaluation vectors of each subsystem at different moments;
specifically, the function of the security element evaluation vector is to evaluate the meaning indicated by the corresponding element.
In a specific embodiment, step S102: analyzing and evaluating the information security situation data of each subsystem to obtain the security element evaluation vectors of each subsystem at different times, wherein the process can comprise the following steps: respectively determining the probability of each safety factor in each safety level according to a plurality of preset safety levels; and aiming at each safety element, obtaining a corresponding safety element evaluation vector based on the probability of each safety element in each safety level.
Namely, the overall information safety state of the hydrological information platform is divided into a plurality of safety levels through analysis. For example, the preset security levels include: safe, safer, substantially safe, unsafe, and dangerous 5 levels. These 5 levels are used as a comment set V ═ safe, safer, basically safe, unsafe, and dangerous, and are used to evaluate the safety factor data at each time. Then, the safety state of the single safety element is analyzed to obtain the safety element evaluation vector. For example, assuming that the ECU currently has a probability of 50% safety, a probability of 30% more normal, a basic safety of 10%, an unsafe state of 5%, and a risk of 5%, the safety element evaluation vector of the available ECU is v1 ═ 0.5,0.3,0.1,0.05, and 0.05. And finally, obtaining safety element evaluation vectors at different moments to provide data preparation for the hydrologic information platform safety situation perception.
S103: calculating the safety situation of each subsystem and the whole hydrological information platform based on the safety factor evaluation vector to obtain the safety situation value of each subsystem and the whole hydrological information platform;
specifically, the calculation and evaluation of the security situation value are key links of a security situation perception model, and whether situation perception is accurate or not is determined according to the evaluation effect. The situation assessment is carried out by adopting a hierarchical analysis model. The fuzzy comprehensive evaluation is a common method in a hierarchical evaluation model, and can realize qualitative and quantitative combination. The analytic hierarchy process to calculate weights can translate qualitative descriptions into quantitative values. Therefore, the analytic hierarchy process is used as a weight calculation method of the fuzzy comprehensive evaluation method, and a more scientific safety situation evaluation model can be realized.
In some embodiments, the specific evaluation process, that is, the specific process of step S103 may include:
s1031: respectively constructing fuzzy evaluation matrixes of each subsystem based on each safety element evaluation vector, and sequentially recording the fuzzy evaluation matrixes of the monitoring terminal, the communication network and the cloud platform as R1, R2 and R3; the specific construction principle and the specific construction process of the fuzzy evaluation matrix are the prior art, so detailed description is omitted;
s1032: respectively constructing judgment matrixes for determining the importance of each safety element of each subsystem, and sequentially recording fuzzy evaluation matrixes of the monitoring terminal, the communication network and the cloud platform as U1, U2 and U3; the construction principle and the process of the judgment matrix are also the prior art and are not detailed;
s1033: based on the constructed judgment matrix, respectively calculating the maximum eigenvalue of each judgment matrix by using the following formula;
Figure BDA0003188259690000091
in the formula, λmaxM is the maximum eigenvalue, m is the number of security elements, W is the mean value of each row of the judgment matrix, a is the judgment matrix, i.e. U1 or U2 or U3;
s1034: on the basis of the maximum eigenvalue, consistency judgment is carried out on each judgment matrix; the consistency judgment can be carried out by calculating consistency indexes CI and CR of each judgment matrix U, and if CR is less than 0.1, the U meets the consistency requirement; wherein, the calculation formula is:
Figure BDA0003188259690000092
in the formula, n is the number of the safety elements, and RI can be obtained by looking up a table through an average random consistency table in the following table 1;
TABLE 1 average random consistency Table
n 1 2 3 4 5 6 7 8 9
RI - 0 0.58 0.9 1.12 1.24 1.32 1.14 1.45
If the judgment result is that the consistency requirement is met, taking the mean value W of each row of the judgment matrix as a weight vector of the corresponding safety element; if the consistency requirement is not met, the judgment matrix needs to be reconstructed, and consistency judgment is carried out again until the judgment result is that the consistency requirement is met;
s1035: normalizing each obtained weight vector; the numerical values after normalization are all between 0 and 1, so that calculation is facilitated;
s1036: carrying out weighted synthesis operation on the normalized weight vector and the corresponding fuzzy evaluation matrix to obtain a safety situation value of each subsystem; wherein, the calculation formula is:
S=K·M(W,R)T (3)
wherein S is the safety situation value of a single subsystem, M (W, R)TFor the result of the synthesis operation, K is a weight vector, and in this embodiment, K is (0.4,0.3,0.2,0.1, 0);
s1037: and calculating the safety situation value of the whole hydrologic information platform based on the safety situation value of each subsystem according to the weight of each subsystem in the whole hydrologic information platform.
Specifically, let the weight occupied by the monitoring terminal, the communication network and the cloud platform be w respectively1,w2,w3(w1+w2+w31), the overall security situation value T of the hydrologic information platform is:
Figure BDA0003188259690000101
in the formula, wiIs the weight of the ith subsystem, SiIs the security posture value of the ith subsystem.
Thus, through steps S1031 to S1037, the security situation values of the subsystems and the entire hydrologic information platform can be obtained.
Furthermore, in some embodiments, the security situation level corresponding to each security situation value may also be determined according to a preset situation awareness level table.
For example, for different preset security levels, the preset situation awareness level table may be as shown in table 2:
TABLE 2 situation awareness class Table
Safety situation value 0~0.15 0.15~0.3 0.3~0.65 0.65~0.85 0.85~1
Level of security Danger of Is not safe Basic security Is safer Secure
Based on this, for example, when the calculated security situation value of the cloud platform is 0.25, through table 2, the user can visually see that the cloud platform is in an "unsafe" state, and further can take specific measures to change the state.
S104: and based on a neural network algorithm, training to obtain a security situation perception model by using the security situation value as a training sample.
Specifically, the final purpose of the hydrology information platform security situation perception is to discover possible security problems as early as possible, take preventive measures in time and reduce loss. Therefore, predicting based on the security situation awareness model and improving the accuracy of the prediction result are important problems of situation awareness. And according to the safety situation data characteristics, adopting a neural network to predict the situation. Further, in this embodiment, a Radial Basis Function (RBF) neural network is used as a basis for model training, and the RBF neural network has a fast learning speed and a strong function approximation capability, so that accurate prediction of a security situation can be achieved. As shown in FIG. 3, the RBF neural network is composed of an input layer, a hidden layer and an output layer. The hidden layer comprises radial basis functions, nonlinear conversion between data can be achieved, and the output layer performs mathematical processing on output signals of the hidden layer to generate output signals.
Wherein, the RBF neural network input is X ═ X1,x2,…xn)T∈RnThe output is Y ═ Y1,y2,…ym)T∈RnThe hidden layer output is phi ═ phi12,…Φq)T,ΦqIs a radial basis function. From hiddenThe output after linear weighting from the inclusion layer to the output layer is:
Figure BDA0003188259690000111
in the formula, ymFor the weighted output, wjkWeights between hidden layer and output layer neurons.
Of course, it should be understood that instead of using an RBF neural network, other neural network algorithms may be used, the principles of which are similar and therefore not described one by one.
The safety situation values at different moments are used as training samples, the constructed RBF network structure is input, parameters of the RBF network structure are continuously set and adjusted, and finally the required safety situation perception model can be obtained through training.
On this basis, the embodiment of the present application further provides an application method of a security situation awareness model of a hydrological information platform, where the security situation awareness model is obtained by training using the above method, and the application method includes: inputting historical information security situation data into the security situation perception model to obtain security situation values of all subsystems and the whole hydrologic information platform at a future moment; and determining the safety situation of the whole hydrological information platform and each subsystem based on the obtained safety situation value.
Therefore, the security situation perception model obtained by training in the steps can monitor the current information security condition of the hydrological information platform, can predict the change trend of the future security state of the hydrological information platform, provides a reference basis for guaranteeing the information security of the hydrological information platform, and realizes effective response to network attacks.
In order to verify the effectiveness of the situation awareness of the model, test platform experimental data of the research on the problem of the relevant information security mechanism is used as test data. Data information from monitoring terminals, communication networks, cloud platforms and the like is collected. Relevant information (including bugs, threats, events and the like) is obtained and processed by adopting a big data collection and mining technology, and basic information such as attack entities, source ip addresses, target ip addresses, security event types and the like in unit time is extracted, as shown in table 4. Then, the actual situation of each element in the security situation perception is counted, and as shown in table 5, the element states are analyzed and evaluated according to the expert experience, so that the evaluation vector of the security element is obtained.
Table 3 event basic information
ID Attacking entity Source IP address Destination IP address Event type
1 T-BOX 120.1.43.76 172.116.181.1 Protocol hijacking
2 OBD 140.205.172.5 172.116.181.3 Malicious operations
3 Ultrasonic wave 123.125.115.1 172.116.181.2 Control sensor
4 GPS 221.196.0.0 172.116.181.31 Control sensor
5 Cloud platform 60.195.153.98 172.116.114.15 Is not authorized
6 IVI 172.117.65.37 172.116.181.15 Malicious operations
TABLE 4 statistics of Security events at time t (t is the statistical window time)
Figure BDA0003188259690000121
Figure BDA0003188259690000131
(1) Take time t as an example, generalAnd evaluating each safety factor evaluation vector of the monitoring terminal through statistical information and expert experience. Constructing a fuzzy evaluation matrix R of the monitoring terminal at the time t according to the safety element evaluation vector of the monitoring terminal1
Figure BDA0003188259690000132
(2) For the hydrological information platform, the larger the influence degree of the network threat on the safety of the whole hydrological information platform is, the higher the danger degree is, and the larger the occupied weight is. Thus, an importance judgment matrix U of the evaluation target is obtained1And normalizing the judgment matrix.
Figure BDA0003188259690000133
(3) According to equation (1), weight vectors and feature roots are calculated:
W1=[0.614,0.134,0.104,0.088,0.052],λmax=5.153。
(4) the consistency check is performed on the weight vector according to the formula (2), and the following results are obtained: CI is 0.038, RI is 1.12, and CR is 0.034< 0.1. Thus, a CR <0.1 passes the consistency test.
(5) Calculating a synthetic evaluation result according to the formula (3) to obtain a safety situation value S of the monitoring terminal at the time t10.238. Similarly, according to the calculation process, the security situation values of the communication network and the cloud platform at the t moment are S respectively2=0.203,S3=0.176。
(6) The weight vector of the monitoring terminal, the communication network and the cloud platform in the overall situation value obtained through analysis is w ═ 0.3, 0.4,0.3, and the overall safety situation value of the hydrological information platform at the time t is calculated according to the formula (4) and is as follows:
Figure BDA0003188259690000141
the safety situation data at different moments are collected through a big data technology, and the safety situation value of the hydrological information platform at any moment can be obtained according to the calculation process. The overall security situation values of the monitoring terminal, the communication network, the cloud platform and the hydrologic information platform system at different moments are shown in table 5:
TABLE 5 hydrologic information platform safety situation values at each time
Time of day Monitoring terminal Communication network Cloud platform Integral body
T1 0.238 0.203 0.176 0.205
T2 0.238 0.203 0.170 0.204
T3 0.238 0.203 0.181 0.207
T4 0.208 0.201 0.172 0.194
T5 0.208 0.199 0.175 0.195
T6 0.198 0.198 0.174 0.191
T7 0.198 0.199 0.172 0.191
And selecting safety situation time sequence data with the length of 60. The 60 time series were divided, the first 50 as training data and the last 10 as test data. And (3) setting parameters of the RBF neural network according to the time sequence data characteristics, and predicting the overall security situation of the monitoring terminal, the communication network, the cloud platform and the hydrological information platform by applying an RBF neural network algorithm, wherein the result is shown in figure 4, the situation predicted value is close to the actual situation value and basically coincides with the actual situation trend, and the situation perception of the hydrological information platform can be realized. According to the situation awareness level table in table 2, it can be known that the security situation of the hydrological information platform in the time period belongs to an insecure state (the security situation value is within a range of 0.17 to 0.24), and attention needs to be paid to the security state of each part of the hydrological information platform, especially the cloud platform part. Therefore, the information security situation perception model of the hydrological information platform can monitor the current information security situation and predict the change trend of the future security state, provides a reference basis for guaranteeing the information security of the hydrological information platform, and realizes effective response to network attacks.
According to the technical scheme provided by the embodiment of the application, big data collection technology is applied to obtain information security situation data of each subsystem of the hydrological information platform; analyzing and evaluating the information security situation data of each subsystem to obtain security element evaluation vectors of each subsystem at different moments; then, calculating the safety situation of each subsystem and the whole hydrologic information platform based on the safety factor evaluation vector to obtain the safety situation value of each subsystem and the whole hydrologic information platform; and finally, based on a neural network algorithm, training by using the security situation value as a training sample to obtain a security situation perception model. Therefore, the big data analysis technology is used for evaluating and predicting the system security situation, the security situation of each subsystem of the hydrological information platform is analyzed respectively, the overall control of the security situation of the hydrological information platform is realized, compared with the prior art, when a large-scale information security event occurs, threats can be recognized in time and effective responses can be carried out in time, and then the security situation perception model is applied, the security situation of the hydrological information platform at the future moment can be predicted, so that the security of the hydrological information platform is guaranteed, and the development and application of the hydrological information platform are promoted.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (8)

1. A training method for a security situation awareness model of a hydrological information platform is characterized by comprising the following steps:
acquiring information security situation data of each subsystem of the hydrological information platform by applying a big data collection technology; the subsystem comprises a monitoring terminal, a communication network and a cloud platform;
analyzing and evaluating the information security situation data of each subsystem to obtain security element evaluation vectors of each subsystem at different moments;
calculating the safety situation of each subsystem and the whole hydrological information platform based on the safety factor evaluation vector to obtain the safety situation value of each subsystem and the whole hydrological information platform;
and based on a neural network algorithm, training to obtain a security situation perception model by using the security situation value as a training sample.
2. The method according to claim 1, wherein the applying big data collection technology to obtain information security situation data of each subsystem of the hydrologic information platform comprises:
acquiring information security situation data corresponding to each security element in the element sets based on a plurality of element sets constructed in advance by applying a big data collection technology; wherein the plurality of element sets are respectively constructed for the safety elements related to each subsystem.
3. The method according to claim 2, wherein the analyzing and evaluating the information security situation data of each subsystem to obtain the security element evaluation vector of each subsystem at different time includes:
respectively determining the probability of each safety factor in each safety level according to a plurality of preset safety levels;
and aiming at each safety element, obtaining a corresponding safety element evaluation vector based on the probability of each safety element in each safety level.
4. The method of claim 3, wherein the predetermined plurality of security levels comprises: safe, safer, substantially safe, unsafe, and dangerous.
5. The method according to claim 1, wherein the calculating the security posture of each subsystem and the entire hydrologic information platform based on the security element evaluation vector to obtain the security posture value of each subsystem and the entire hydrologic information platform comprises:
respectively constructing fuzzy evaluation matrixes of the subsystems based on the safety factor evaluation vectors;
respectively constructing judgment matrixes for determining the importance of each safety element of each subsystem, and respectively calculating the maximum eigenvalue of each judgment matrix by using the following formula;
Figure FDA0003188259680000021
in the formula, λmaxTaking the maximum eigenvalue, m is the number of safety elements, W is the average value of each row of the judgment matrix, and A is the judgment matrix;
on the basis of the maximum eigenvalue, consistency judgment is carried out on each judgment matrix;
if the judgment result is that the consistency requirement is met, taking the mean value W of each row of the judgment matrix as a weight vector of the corresponding safety element;
normalizing each obtained weight vector;
carrying out weighted synthesis operation on the normalized weight vector and the corresponding fuzzy evaluation matrix to obtain a safety situation value of each subsystem;
and calculating the safety situation value of the whole hydrologic information platform based on the safety situation value of each subsystem according to the weight of each subsystem in the whole hydrologic information platform.
6. The method of claim 1, further comprising:
and determining the security situation level corresponding to each security situation value based on a preset situation perception level table.
7. The method of claim 1, wherein the neural network algorithm comprises a radial basis function neural network.
8. An application method of a security situation awareness model of a hydrological information platform, wherein the security situation awareness model is obtained by training according to the method of any one of claims 1 to 7, and the application method comprises:
inputting historical information security situation data into the security situation perception model to obtain security situation values of all subsystems and the whole hydrologic information platform at a future moment;
and determining the safety situation of the whole hydrological information platform and each subsystem based on the obtained safety situation value.
CN202110868787.3A 2021-07-30 2021-07-30 Training method and application method of security situation perception model of hydrological information platform Withdrawn CN113554330A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110868787.3A CN113554330A (en) 2021-07-30 2021-07-30 Training method and application method of security situation perception model of hydrological information platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110868787.3A CN113554330A (en) 2021-07-30 2021-07-30 Training method and application method of security situation perception model of hydrological information platform

Publications (1)

Publication Number Publication Date
CN113554330A true CN113554330A (en) 2021-10-26

Family

ID=78104923

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110868787.3A Withdrawn CN113554330A (en) 2021-07-30 2021-07-30 Training method and application method of security situation perception model of hydrological information platform

Country Status (1)

Country Link
CN (1) CN113554330A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114528558A (en) * 2022-03-18 2022-05-24 深圳市永达电子信息股份有限公司 Situation awareness method based on improved neural network and readable storage medium
CN116341994A (en) * 2023-05-29 2023-06-27 珠江水利委员会珠江水利科学研究院 River water ecological treatment method and system based on passenger water diversion

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114528558A (en) * 2022-03-18 2022-05-24 深圳市永达电子信息股份有限公司 Situation awareness method based on improved neural network and readable storage medium
CN114528558B (en) * 2022-03-18 2022-08-23 深圳市永达电子信息股份有限公司 Situation awareness method based on improved neural network and readable storage medium
CN116341994A (en) * 2023-05-29 2023-06-27 珠江水利委员会珠江水利科学研究院 River water ecological treatment method and system based on passenger water diversion
CN116341994B (en) * 2023-05-29 2023-09-01 珠江水利委员会珠江水利科学研究院 River water ecological treatment method and system based on passenger water diversion

Similar Documents

Publication Publication Date Title
CN113965404B (en) Network security situation self-adaptive active defense system and method
Liu et al. An intrusion detection method for internet of things based on suppressed fuzzy clustering
Tharewal et al. Intrusion detection system for industrial Internet of Things based on deep reinforcement learning
Selim et al. Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms
CN114584405B (en) Electric power terminal safety protection method and system
CN111629006B (en) Malicious flow updating method fusing deep neural network and hierarchical attention mechanism
CN104348827A (en) Feature based three stage neural networks intrusion detection method and system
CN111669384B (en) Malicious flow detection method integrating deep neural network and hierarchical attention mechanism
CN113554330A (en) Training method and application method of security situation perception model of hydrological information platform
Al-Janabi Pragmatic miner to risk analysis for intrusion detection (PMRA-ID)
CN110830467A (en) Network suspicious asset identification method based on fuzzy prediction
CN113269389A (en) Network security situation assessment and situation prediction modeling method based on deep belief network
CN112165470B (en) Intelligent terminal access safety early warning system based on log big data analysis
CN106951776A (en) A kind of Host Anomaly Detection method and system
Panahnejad et al. APT-Dt-KC: advanced persistent threat detection based on kill-chain model
Gonaygunta Machine learning algorithms for detection of cyber threats using logistic regression
CN111726351B (en) Bagging-improved GRU parallel network flow abnormity detection method
CN111669385A (en) Malicious traffic monitoring system fusing deep neural network and hierarchical attention mechanism
CN105827611A (en) Distributed rejection service network attack detection method and system based on fuzzy inference
CN117056951A (en) Data security management method for digital platform
CN111784404B (en) Abnormal asset identification method based on behavior variable prediction
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
CN115987544A (en) Network security threat prediction method and system based on threat intelligence
Wen et al. A network security situation awareness method based on GRU in big data environment
CN112804247A (en) Industrial control system network intrusion detection method and system based on ternary concept analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20211026

WW01 Invention patent application withdrawn after publication