CN114201956B - Security protection method and system for industrial Internet - Google Patents
Security protection method and system for industrial Internet Download PDFInfo
- Publication number
- CN114201956B CN114201956B CN202111461682.2A CN202111461682A CN114201956B CN 114201956 B CN114201956 B CN 114201956B CN 202111461682 A CN202111461682 A CN 202111461682A CN 114201956 B CN114201956 B CN 114201956B
- Authority
- CN
- China
- Prior art keywords
- cloud computing
- industrial internet
- feature vector
- computing platform
- word
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 239000013598 vector Substances 0.000 claims abstract description 33
- 230000005059 dormancy Effects 0.000 claims abstract description 5
- 238000012098 association analyses Methods 0.000 claims description 3
- 238000000354 decomposition reaction Methods 0.000 claims description 3
- 238000003062 neural network model Methods 0.000 claims description 3
- 238000012502 risk assessment Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000001788 irregular Effects 0.000 abstract description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000007958 sleep Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
- G06F40/211—Syntactic parsing, e.g. based on context-free grammar [CFG] or unification grammars
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Machine Translation (AREA)
Abstract
The invention provides a safety protection method and a safety protection system for an industrial Internet, which are characterized in that a cloud computing platform is built, industrial Internet data streams are obtained, similar objects are clustered according to similarity clustering of object identification characters, a cluster structure with a direction is obtained by combining a timestamp, feature vectors are further subjected to syntactic analysis and semantic analysis, and large categories of information and topics are obtained, so that whether compliance is easy to judge, cloud computing traceability is called for an irregular data stream, two different entity servers of edges and centers are utilized, and the terminal equipment is informed of dormancy when the fact that the corresponding terminal equipment is judged to be non-compliance is judged.
Description
Technical Field
The application relates to the field of network multimedia, in particular to a safety protection method and system of an industrial Internet.
Background
Current network technology is rapidly developed in industrial scenes, and with the continuous expansion of industrial internet boundaries, the brought security problem is also attracting more and more attention in the industry. Because of the specificity of the industrial Internet scene, a large amount of scattered data, such as various sensor data, exist, so that the scattered data is easily mixed with hidden attack information, and great difficulty is brought to safety protection.
Therefore, there is an urgent need for a method and system for targeted industrial internet security protection.
Disclosure of Invention
The invention aims to provide a safety protection method and system for an industrial Internet, which are characterized in that a cloud computing platform is built, industrial Internet data streams are obtained, similar objects are clustered according to similarity of object identification characters, cluster structures with directions are obtained by combining time stamps, feature vectors are further subjected to syntactic analysis and semantic analysis, and large categories of information and topics are obtained, so that whether compliance is easy to judge, cloud computing tracing is called for non-compliance data streams, two different entity servers of edges and centers are utilized, and when the fact that corresponding terminal equipment is not compliance is judged, the terminal equipment is informed to sleep.
In a first aspect, the present application provides a method for protecting industrial internet, the method comprising:
Building a cloud computing platform on a cluster server, and building a syntax model and a semantic analysis model, wherein the syntax model and the semantic analysis model are respectively positioned on different core entities of the cloud computing platform, and the verification body is an entity server in a central position in the cloud computing platform;
according to an acquisition strategy, acquiring a data stream transmitted in the industrial Internet, inquiring an identifier of source equipment from a cluster server, extracting a feature vector and an object identifier of the data stream, converting the object identifier into a character string, carrying out hash operation on the feature vector and the identifier of the source equipment to obtain a first vector, and inputting the first vector into a syntactic model to break sentences to obtain word components;
according to the character strings of the character decomposition object identifiers, clustering is carried out according to the similarity of the characters, a plurality of object identifiers with similarity higher than a threshold value form clusters, the similarity and the time stamp form tracks, and the clusters and the tracks form a cluster structure with directions;
Inputting the word components into a semantic analysis model, outputting word meanings, namely sentences with words of a large class, which are simple and unique in meaning, except for words of a Chinese language, and reconstructing the word meanings into new sentences, and vectorizing to obtain a second feature vector;
Calculating the similarity among a plurality of second feature vectors, wherein the second feature vectors with the similarity higher than a second threshold value form a class;
judging whether the word meaning comprises a designated keyword or not, if so, continuing to judge whether a sentence in which the word meaning is located forms the designated meaning or not, and if so, recognizing that a corresponding second feature vector belongs to the situation of needing to be alarmed, and sending an alarm message aiming at the class to which the second feature vector belongs; if the statement does not form a specified meaning, the corresponding second feature vector compliance is determined;
The cloud computing platform calls an entity server of an edge position, backups corresponding word components and the cluster structure, sends suspected tracks and suspected source points to the entity server of a central position, the entity server of the central position calls computing capacity of the cloud computing platform, determines source points of corresponding data streams, inquires equipment terminals corresponding to the source points from the cluster server, and informs the equipment terminals of dormancy.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the tracing further includes risk assessment, attack association analysis, and situation awareness.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the acquiring a data stream transmitted internally to the industrial internet includes encoding and decoding the data stream.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the kernels of the semantic analysis model and the syntax model use a neural network model.
In a second aspect, the present application provides an industrial internet security system, the system comprising a processor and a memory:
The memory is used for storing program codes and transmitting the program codes to the processor;
The processor is configured to perform the method according to any one of the four possible aspects of the first aspect according to instructions in the program code.
In a third aspect, the present application provides a computer readable storage medium for storing program code for performing the method of any one of the four possibilities of the first aspect.
The invention provides a safety protection method and a safety protection system for an industrial Internet, which are characterized in that a cloud computing platform is built, industrial Internet data streams are obtained, similar objects are clustered according to similarity clustering of object identification characters, a cluster structure with a direction is obtained by combining a timestamp, feature vectors are further subjected to syntactic analysis and semantic analysis, and large categories of information and topics are obtained, so that whether compliance is easy to judge, cloud computing traceability is called for an irregular data stream, two different entity servers of edges and centers are utilized, and the terminal equipment is informed of dormancy when the fact that the corresponding terminal equipment is judged to be non-compliance is judged.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art, thereby making clear and defining the scope of the present invention.
Fig. 1 is a flowchart of a method for protecting industrial internet security, which includes:
Building a cloud computing platform on a cluster server, and building a syntax model and a semantic analysis model, wherein the syntax model and the semantic analysis model are respectively positioned on different core entities of the cloud computing platform, and the verification body is an entity server in a central position in the cloud computing platform;
according to an acquisition strategy, acquiring a data stream transmitted in the industrial Internet, inquiring an identifier of source equipment from a cluster server, extracting a feature vector and an object identifier of the data stream, converting the object identifier into a character string, carrying out hash operation on the feature vector and the identifier of the source equipment to obtain a first vector, and inputting the first vector into a syntactic model to break sentences to obtain word components;
according to the character strings of the character decomposition object identifiers, clustering is carried out according to the similarity of the characters, a plurality of object identifiers with similarity higher than a threshold value form clusters, the similarity and the time stamp form tracks, and the clusters and the tracks form a cluster structure with directions;
Inputting the word components into a semantic analysis model, outputting word meanings, namely sentences with words of a large class, which are simple and unique in meaning, except for words of a Chinese language, and reconstructing the word meanings into new sentences, and vectorizing to obtain a second feature vector;
Calculating the similarity among a plurality of second feature vectors, wherein the second feature vectors with the similarity higher than a second threshold value form a class;
judging whether the word meaning comprises a designated keyword or not, if so, continuing to judge whether a sentence in which the word meaning is located forms the designated meaning or not, and if so, recognizing that a corresponding second feature vector belongs to the situation of needing to be alarmed, and sending an alarm message aiming at the class to which the second feature vector belongs; if the statement does not form a specified meaning, the corresponding second feature vector compliance is determined;
The cloud computing platform calls an entity server of an edge position, backups corresponding word components and the cluster structure, sends suspected tracks and suspected source points to the entity server of a central position, the entity server of the central position calls computing capacity of the cloud computing platform, determines source points of corresponding data streams, inquires equipment terminals corresponding to the source points from the cluster server, and informs the equipment terminals of dormancy.
In some preferred embodiments, the tracing further includes risk assessment, attack association analysis, and situational awareness.
In some preferred embodiments, the obtaining a data stream for industrial internet internal transmission includes encoding and decoding the data stream.
In some preferred embodiments, the kernels of the semantic analysis model and the syntactic model both use neural network models.
The application provides a safety protection system of an industrial Internet, which comprises the following components: the system includes a processor and a memory:
The memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to any of the embodiments of the first aspect according to instructions in the program code.
The present application provides a computer readable storage medium for storing program code for performing the method of any one of the embodiments of the first aspect.
In a specific implementation, the present invention also provides a computer storage medium, where the computer storage medium may store a program, where the program may include some or all of the steps in the various embodiments of the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
It will be apparent to those skilled in the art that the techniques of embodiments of the present invention may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present invention.
The same or similar parts between the various embodiments of the present description are referred to each other. In particular, for the embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference should be made to the description of the method embodiments for the matters.
The embodiments of the present invention described above do not limit the scope of the present invention.
Claims (6)
1. A method for protecting the safety of an industrial internet, comprising:
Building a cloud computing platform on a cluster server, and building a syntax model and a semantic analysis model, wherein the syntax model and the semantic analysis model are respectively positioned on different core entities of the cloud computing platform, and the verification body is an entity server in a central position in the cloud computing platform;
according to an acquisition strategy, acquiring a data stream transmitted in the industrial Internet, inquiring an identifier of source equipment from a cluster server, extracting a feature vector and an object identifier of the data stream, converting the object identifier into a character string, carrying out hash operation on the feature vector and the identifier of the source equipment to obtain a first vector, and inputting the first vector into a syntactic model to break sentences to obtain word components;
according to the character strings of the character decomposition object identifiers, clustering is carried out according to the similarity of the characters, a plurality of object identifiers with the similarity higher than a threshold value form clusters, tracks are formed according to the similarity and the time stamp, and the clusters and the tracks form a cluster structure with a direction;
Inputting the word components into a semantic analysis model, outputting word meanings, namely sentences with words of a large class, which are simple and unique in meaning, except for words of a Chinese language, and reconstructing the word meanings into new sentences, and vectorizing to obtain a second feature vector;
Calculating the similarity among a plurality of second feature vectors, wherein the second feature vectors with the similarity higher than a second threshold value form a class;
judging whether the word meaning comprises a designated keyword or not, if so, continuing to judge whether a sentence in which the word meaning is located forms the designated meaning or not, and if so, recognizing that a corresponding second feature vector belongs to the situation of needing to be alarmed, and sending an alarm message aiming at the class to which the second feature vector belongs; if the statement does not form a specified meaning, the corresponding second feature vector compliance is determined;
The cloud computing platform calls an entity server of an edge position, backups corresponding word components and the cluster structure, sends suspected tracks and suspected source points to the entity server of a central position, the entity server of the central position calls computing capacity of the cloud computing platform, determines source points of corresponding data streams, inquires equipment terminals corresponding to the source points from the cluster server, and informs the equipment terminals of dormancy.
2. The method according to claim 1, characterized in that: the traceability also comprises risk assessment, attack association analysis and situation awareness.
3. The method according to any one of claims 1-2, wherein: the acquisition of the data stream for industrial internet internal transmission includes encoding and decoding the data stream.
4. A method according to claim 3, characterized in that: the kernels of the semantic analysis model and the syntax model both use a neural network model.
5. A system for safeguarding the industrial internet, said system comprising a processor and a memory:
The memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to any of the claims 1-4 according to instructions in the program code.
6. A computer readable storage medium, characterized in that the computer readable storage medium is for storing a program code for performing a method implementing any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111461682.2A CN114201956B (en) | 2021-12-02 | 2021-12-02 | Security protection method and system for industrial Internet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111461682.2A CN114201956B (en) | 2021-12-02 | 2021-12-02 | Security protection method and system for industrial Internet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114201956A CN114201956A (en) | 2022-03-18 |
CN114201956B true CN114201956B (en) | 2024-07-05 |
Family
ID=80650234
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111461682.2A Active CN114201956B (en) | 2021-12-02 | 2021-12-02 | Security protection method and system for industrial Internet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114201956B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107679144A (en) * | 2017-09-25 | 2018-02-09 | 平安科技(深圳)有限公司 | News sentence clustering method, device and storage medium based on semantic similarity |
CN110909165A (en) * | 2019-11-25 | 2020-03-24 | 杭州网易再顾科技有限公司 | Data processing method, device, medium and electronic equipment |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9645993B2 (en) * | 2006-10-10 | 2017-05-09 | Abbyy Infopoisk Llc | Method and system for semantic searching |
US8078450B2 (en) * | 2006-10-10 | 2011-12-13 | Abbyy Software Ltd. | Method and system for analyzing various languages and constructing language-independent semantic structures |
US11227002B2 (en) * | 2015-11-30 | 2022-01-18 | International Business Machines Corporation | Method and apparatus for identifying semantically related records |
CN108509411B (en) * | 2017-10-10 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Semantic analysis method and device |
KR20190133931A (en) * | 2018-05-24 | 2019-12-04 | 한국과학기술원 | Method to response based on sentence paraphrase recognition for a dialog system |
KR102149701B1 (en) * | 2018-12-27 | 2020-08-31 | 포항공과대학교 산학협력단 | A method for mapping a natural language sentence to an SQL query |
CN111917792B (en) * | 2020-08-10 | 2021-11-26 | 武汉思普崚技术有限公司 | Method and system for analyzing and mining flow safety |
CN113505293B (en) * | 2021-06-15 | 2024-03-19 | 深圳追一科技有限公司 | Information pushing method and device, electronic equipment and storage medium |
-
2021
- 2021-12-02 CN CN202111461682.2A patent/CN114201956B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107679144A (en) * | 2017-09-25 | 2018-02-09 | 平安科技(深圳)有限公司 | News sentence clustering method, device and storage medium based on semantic similarity |
CN110909165A (en) * | 2019-11-25 | 2020-03-24 | 杭州网易再顾科技有限公司 | Data processing method, device, medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN114201956A (en) | 2022-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106709345B (en) | Method, system and equipment for deducing malicious code rules based on deep learning method | |
CN113055386B (en) | Method and device for identifying and analyzing attack organization | |
CN108509793A (en) | A kind of user's anomaly detection method and device based on User action log data | |
CN111586695A (en) | Short message identification method and related equipment | |
CN114422271B (en) | Data processing method, device, equipment and readable storage medium | |
CN111190873B (en) | Log mode extraction method and system for log training of cloud native system | |
CN115495744A (en) | Threat information classification method, device, electronic equipment and storage medium | |
CN114201956B (en) | Security protection method and system for industrial Internet | |
CN111209750A (en) | Internet of vehicles threat intelligence modeling method, device and readable storage medium | |
CN111383660A (en) | Website bad information monitoring system and monitoring method thereof | |
CN116862243A (en) | Enterprise risk analysis prediction method, system and medium based on neural network | |
CN114201955B (en) | Internet flow platform monitoring method and system | |
CN111723182A (en) | Key information extraction method and device for vulnerability text | |
CN114168731B (en) | Internet media flow safety protection method and system | |
CN113094706A (en) | WebShell detection method, device, equipment and readable storage medium | |
CN115563296A (en) | Fusion detection method and system based on content semantics | |
CN116028842A (en) | Abnormal user identification method and device, electronic equipment and storage medium | |
CN115391674A (en) | Method, device, equipment and storage medium for efficiently suppressing false information of network community | |
CN116822491A (en) | Log analysis method and device, equipment and storage medium | |
CN114662496A (en) | Information identification method, device, equipment, storage medium and product | |
CN115809460A (en) | Attack detection method, device, equipment and storage medium | |
CN112883703A (en) | Method and device for identifying associated text, electronic equipment and storage medium | |
CN110019772B (en) | Text emotion classification method and system | |
CN115526178A (en) | Improved flow platform monitoring method and system | |
CN114519357B (en) | Natural language processing method and system based on machine learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 607a, 6 / F, No. 31, Fuchengmenwai street, Xicheng District, Beijing 100037 Applicant after: Beijing Guorui Digital Intelligence Technology Co.,Ltd. Address before: 607a, 6 / F, No. 31, Fuchengmenwai street, Xicheng District, Beijing 100037 Applicant before: Beijing Zhimei Internet Technology Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |