CN114726502A - Safety system based on Internet of things and big data - Google Patents

Safety system based on Internet of things and big data Download PDF

Info

Publication number
CN114726502A
CN114726502A CN202210235267.3A CN202210235267A CN114726502A CN 114726502 A CN114726502 A CN 114726502A CN 202210235267 A CN202210235267 A CN 202210235267A CN 114726502 A CN114726502 A CN 114726502A
Authority
CN
China
Prior art keywords
data
module
user
things
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210235267.3A
Other languages
Chinese (zh)
Inventor
闫正
缪鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gaozhesai Technology Nantong Co ltd
Original Assignee
Gaozhesai Technology Nantong Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gaozhesai Technology Nantong Co ltd filed Critical Gaozhesai Technology Nantong Co ltd
Priority to CN202210235267.3A priority Critical patent/CN114726502A/en
Publication of CN114726502A publication Critical patent/CN114726502A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a security system based on the Internet of things and big data, which comprises a data input classification module, a cloud storage module and a multi-stage identity verification module, wherein the data input classification module is used for acquiring original data of the power Internet of things to input and preprocess the data, the cloud storage module is used for classifying the preprocessed data through random forests and then classifying and encrypting the preprocessed data, the multi-stage identity verification module is used for performing security verification at different levels when a user accesses different data of the power Internet of things, the data input classification module is electrically connected with the cloud storage module, the cloud storage module is electrically connected with the multi-stage identity verification module, the data generated by equipment of the power Internet of things is classified into sensitive data and non-sensitive data through the random forests, the data is encrypted by using a lightweight symmetric encryption algorithm, and meanwhile, a trust institution verifies through a multi-stage identity verification certificate of the user, the invention has the characteristics of light-weight symmetric encryption and multi-stage identity authentication.

Description

Safety system based on Internet of things and big data
Technical Field
The invention relates to the technical field of data security of power internet of things, in particular to a security system based on the internet of things and big data.
Background
The power internet of things is a concrete expression of related technologies such as application coordination networking, cloud computing and the like in the power system industry, connects users, power grid and power generation enterprises and suppliers of a power system with corresponding equipment, people and things, the generated data is shared, the modern information technologies such as 'big cloud thing moving intelligent chain' and the advanced communication technologies are fully utilized, the interconnection and the man-machine interaction of each part of the power system are realized, the capabilities of automatic data acquisition, automatic acquisition and flexible application are greatly improved, along with the continuous construction of the power internet of things, the access of the terminals of the sensing layer is more and more, so that a lot of technology is promoted and convenient, terminal equipment in each operation link always generates a huge amount of data, and the data security problem of the Internet of things in the cloud computing environment is synchronously generated in a large amount.
In the existing solution, the security of the internet of things is effectively improved through corresponding modeling or data encryption by using a secret key and a public key together, but the encryption of data is a single algorithm or has the problem of less identity authentication, while the classic encryption algorithm of the advanced encryption standard emphasizes on providing high-level encryption performance without excessively considering the problem of hardware resource overhead, but the hardware resources in the power internet of things equipment are limited and are not suitable for adopting the high-performance and high-energy-consumption encryption algorithm, so that the design of a security system based on the internet of things and big data for light-weight symmetric encryption algorithm and multi-level identity authentication is necessary.
Disclosure of Invention
The invention aims to provide a security system based on the Internet of things and big data so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: safety coefficient based on thing networking and big data, including data input classification module, cloud storage module and multistage authentication module, data input classification module is used for acquireing electric power thing networking raw data and carries out data input and preliminary treatment, cloud storage module is used for classifying the encryption again after passing through random forest classification to the preliminary treatment data, multistage authentication module is used for the security verification of the different grades that goes on when the user visits the different data of electric power thing networking, data input classification module is connected with cloud storage module electricity, cloud storage module is connected with multistage authentication module electricity.
According to the technical scheme, the data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, the electric power original data acquisition module is used for acquiring original data from recorded electric power internet of things equipment generation data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data to accelerate training speed, the electric power original data acquisition module is electrically connected with the random forest classification module, and the random forest classification module is electrically connected with the data preprocessing module.
According to the technical scheme, the cloud storage module comprises a predictor establishing module, a grid searching and cross verifying module, a feature importance ordering module and a cloud storage encryption module, wherein the predictor establishing module is used for predicting the accuracy of output results of a training set and a testing set, the grid searching and cross verifying module is used for setting, adjusting and classifying parameter data, the feature importance ordering module is used for outputting importance ordering results and data type classification results of each parameter, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, the predictor establishing module is electrically connected with the grid searching and cross verifying module, and the feature importance ordering module is electrically connected with the cloud storage encryption module;
the cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, the private cloud encryption module is used for carrying out grouping encryption on sensitive data classified through random forests, the public cloud encryption module is used for carrying out grouping encryption on non-sensitive data classified through random forests, and the cloud encryption module is electrically connected with the public cloud encryption module.
According to the technical scheme, the multi-stage identity authentication module comprises a first-stage identity authentication module, a second-stage identity authentication module and a third-stage identity authentication module, the first-stage identity authentication module is used for first-stage certificate authentication when a user requests to access data in a public cloud, the second-stage identity authentication module is used for second-stage certificate authentication when the user requests to access and downloads the data in the public cloud, the third-stage identity authentication module is used for third-stage user certificate authentication when the user accesses and downloads power data of the internet of things in a private cloud, and the first-stage identity authentication module, the second-stage identity authentication module and the third-stage identity authentication module are electrically connected.
According to the technical scheme, the power data security verification method of the security system based on the Internet of things and the big data comprises the following steps:
step S1: reading various original data sets generated by the power Internet of things equipment, and taking the data sets as the input of a random forest network, wherein the random forest is a classifier which trains and predicts samples by utilizing a plurality of decision trees, and the output category of the random forest is determined by the mode of the output category of an individual decision tree;
step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to instantiate the data, setting a numerical value and an optional depth value of a decision tree, adding cross validation, and replacing and classifying the obtained training set for output;
step S3: calculating information gain of each feature by a random forest, outputting feature importance sorting results, classifying to obtain output data of sensitive and non-sensitive equipment types, and encrypting the two types of data respectively by using different algorithms;
step S4: the user provides three levels of authentication by the trust authority for secure access to stored data by providing possession credential information.
According to the above technical solution, the step S1 further includes the following steps:
step S11: the input data set is divided into 3: 1, dividing the ratio into a training set and a test set, and setting corresponding labels, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of data sets with labels into each decision tree for training, and outputting training results of the decision trees according to each parameter of input data;
step S13: after training, the test data for the test model is input as a test data set without a label, and the decision tree outputs the classification result by using the importance of each parameter of the input data on the result.
According to the above technical solution, the step S2 further includes the following steps:
step S21: preprocessing the data using normalization, using mathematical expectations of the various parameters EXiAnd standard deviation SiCalculating to obtain a normalized value ZijThe calculation formula is as follows:
Figure BDA0003539775910000041
in the formula, XijFor the jth value of the ith parameter, due to different magnitude levels of all parameters of the data set, preprocessing operation needs to be performed on the data in order to improve the accuracy of the model and accelerate the training speed;
step S22: establishing a random forest predictor, inputting the training set and the test set into the predictor, and outputting a prediction result and the accuracy rate of the prediction result;
step S23: respectively setting the number of decision trees in the random forest as N1,N2,N3,N4,N5The selectable depths of the decision tree are respectively set to H1,H2,H3,H4,H5Dividing the existing training set into a training set and a verification set, and adding 10-fold cross verification;
step S24: dividing the data into 10 parts, wherein 1 part is used as a verification set, then through 10 times of tests, changing different verification sets each time to obtain results of 10 groups of models, and taking an average value as a final result.
According to the above technical solution, the step S3 further includes the following steps:
step S31: outputting importance sorting results of the parameters according to the information gain of the parameters on each decision tree of the random forest, calculating the number of votes obtained for each prediction result according to the prediction results, and outputting the prediction result with the highest number of votes as the final prediction of the random forest;
step S32: the decision tree obtains output data classification results of sensitive data and non-sensitive data of the power internet of things according to the mode of each parameter classification result in the input data;
step S33: the data are encrypted by using three lightweight symmetric encryption algorithms with low requirements on hardware resources, sensitive data are encrypted by using RC6 and Fiestel encryption algorithms, and non-sensitive data are encrypted by using SM4 algorithm.
According to the above technical solution, the step S33 further includes the following steps:
step S331: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data are stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, the registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in a private cloud;
step S332: the Fiestel algorithm is used for encrypting another part of sensitive data, and for the original data input in the Fiestel, a multi-round sub-key x is utilized according to an encrypted round function F0,x1,x2,x3The partial data is divided into two equal parts K0And K1Outputting the part of the ciphertext through function calculation;
step S333: the SM4 algorithm is used for encrypting non-sensitive data, a plaintext packet and a ciphertext packet are averagely divided into 128 bits, each packet is divided into four equal parts, the length of an encryption key is 128 bits, the encryption key is responsible for generating round keys, the key sequence in encryption is controlled to be opposite to the key sequence in the decryption process, multiple rounds of nonlinear iteration control are carried out, and the output is stored in a public cloud.
According to the above technical solution, the step S4 further includes the following steps:
step S41: the user provides credentials to the trust authority at each level by means of a level-by-level authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
step S42: reading a data file from a public cloud requires first-level authentication, namely, a user sends a request to a trust authority to request to read the data file from the public cloud and send a user ID and a password of the user, the trust authority judges whether a registered credential is matched with a credential provided by the user, if so, the trust authority grants the authority of reading the file in the public cloud, and a key for decrypting the data is given to the user;
step S43: the user sending a request to a trust authority requesting to download a data file from the public cloud and sending its own biometric credential, the trust authority verifying the received credential against the registered credential after obtaining the credential from the user, the trust authority allowing the user to download the requested file from the public cloud and sending a key required to decrypt the file when the registered and received credentials match;
step S43: after the first-level authentication and the second-level authentication are successfully completed, the user can enter the third-level authentication, the user needs to send a private cloud request and credentials of the user, the trust authority receives the user ID, the password and the biological characteristic credentials from the user, the trust authority provides the authority of reading and downloading files from the private cloud after being matched with the registered credentials, and otherwise, the user request is rejected.
Compared with the prior art, the invention has the following beneficial effects: according to the invention, the data generated by the power Internet of things equipment is classified into sensitive data and non-sensitive data through the random forest network by arranging the data input classification module, the cloud storage module and the multi-stage identity verification module, the data is encrypted by using three lightweight symmetric encryption algorithms with lower requirements on hardware resources, the sensitive data is encrypted by using RC6 and a Fiestel encryption algorithm, the non-sensitive data is encrypted by using an SM4 algorithm, and meanwhile, in order to protect the cloud-stored data from being damaged by malicious users, a trust organization verifies through multi-stage identity verification certificates of the users.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of the system module composition of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: the safety system based on the Internet of things and the big data comprises a data input classification module, a cloud storage module and a multi-stage identity verification module, wherein the data input classification module is used for obtaining original data of the electric power Internet of things to perform data input and preprocessing, the cloud storage module is used for classifying and encrypting the preprocessed data after random forest classification, the multi-stage identity verification module is used for performing safety verification at different levels when a user accesses different data of the electric power Internet of things, the data input classification module is electrically connected with the cloud storage module, and the cloud storage module is electrically connected with the multi-stage identity verification module.
The data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, the electric power original data acquisition module is used for acquiring original data from recorded electric power Internet of things equipment generated data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data to accelerate training speed, and the electric power original data acquisition module is electrically connected with the random forest classification module and the data preprocessing module.
The cloud storage module comprises a predictor establishing module, a grid searching and cross verifying module, a characteristic importance ordering module and a cloud storage encryption module, wherein the predictor establishing module is used for predicting the accuracy of the output results of the training set and the testing set, the grid searching and cross verifying module is used for setting, adjusting and classifying parameter data, the characteristic importance ordering module is used for outputting the importance ordering results and the data type classification results of each parameter, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, the predictor establishing module is electrically connected with the grid searching and cross verifying module, and the characteristic importance ordering module is electrically connected with the cloud storage encryption module;
the cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, the private cloud encryption module is used for carrying out grouping encryption on the sensitive data classified through the random forest, the public cloud encryption module is used for carrying out grouping encryption on the non-sensitive data classified through the random forest, and the cloud encryption module is electrically connected with the public cloud encryption module.
The multi-stage identity authentication module comprises a first-stage identity authentication module, a second-stage identity authentication module and a third-stage identity authentication module, wherein the first-stage identity authentication module is used for first-stage certificate authentication when a user requests to access data in the public cloud, the second-stage identity authentication module is used for second-stage certificate authentication when the user requests to access and download the data in the public cloud, the third-stage identity authentication module is used for third-time user certificate authentication when the user accesses and downloads power data of the internet of things in the private cloud, and the first-stage identity authentication module, the second-stage identity authentication module and the third-stage identity authentication module are electrically connected.
The electric power data safety verification method of the safety system based on the Internet of things and the big data comprises the following steps:
step S1: reading various original data sets generated by the power Internet of things equipment, taking the data sets as input of a random forest network, wherein the random forest is a classifier for training and predicting samples by utilizing a plurality of decision trees, the output category of the random forest is determined by the mode of the output category of individual decision trees, the data generated by the power Internet of things equipment can be effectively classified by using the random forest, and different types of data are encrypted by using different encryption algorithms, so that the efficiency of encrypting the power Internet of things data is effectively improved;
step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to instantiate the data, setting a numerical value and an optional depth value of a decision tree, adding cross validation, and replacing and classifying the obtained training set for output;
step S3: calculating information gain of each characteristic by a random forest, outputting a characteristic importance sorting result, classifying to obtain output data of sensitive and non-sensitive equipment types, and respectively encrypting the two types of data by using different algorithms, wherein the sensitive data refers to data which are not suitable for publishing by an electric power internet of things company and relate to economic benefits and network safety, and comprises a network structure, an IP address list and data such as temperature and voltage during power grid operation of the company;
step S4: the user provides three levels of authentication by the trust authority for secure access to stored data by providing possession credential information.
Step S1 further includes the steps of:
step S11: the input data set is divided into 3: 1, dividing the ratio into a training set and a test set, and setting corresponding labels, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of the labeled data sets into each decision tree for training, and outputting training results of the decision trees according to each parameter of the input data;
step S13: after training, the test data for the test model is input as a test data set without a label, and the decision tree outputs the classification result by using the importance of each parameter of the input data on the result.
Step S2 further includes the steps of:
step S21: preprocessing the data using normalization, using mathematical expectations of the various parameters EXiAnd standard deviation SiCalculating to obtain a normalized value ZijCalculating the formulaComprises the following steps:
Figure BDA0003539775910000091
in the formula, XijFor the jth value of the ith parameter, due to different magnitude levels of all parameters of the data set, preprocessing operation needs to be performed on the data in order to improve the accuracy of the model and accelerate the training speed;
step S22: establishing a random forest predictor, inputting the training set and the test set into the predictor, and outputting a prediction result and the accuracy rate of the prediction result;
step S23: respectively setting the number of decision trees in the random forest as N1,N2,N3,N4
N5The selectable depths of the decision tree are respectively set to H1,H2,H3,H4,H5Dividing the existing training set into a training set and a verification set, adding 10-fold cross validation, wherein 10-fold cross validation means dividing the data set into ten parts, training 1 part of the data set for validation by 9 parts of the data set in turn, and taking the average value of 10-time results as the estimation of the algorithm precision, and generally, carrying out 10-fold cross validation for multiple times to obtain the average value, namely 10-fold cross validation for 10 times, so as to ensure the accuracy;
step S24: dividing the data into 10 parts, wherein 1 part is taken as a verification set, then 10 times of tests are carried out, different verification sets are replaced each time, results of 10 groups of models are obtained, an average value is taken as a final result, most samples are taken out from a given modeling sample to be modeled, a small part of samples are reserved for forecasting by using the just-built model, forecasting errors of the small part of samples are solved, the square sum of the small part of samples is recorded, the process is carried out until all samples are forecasted once and are forecasted only once, and the forecasting errors of each sample are summed up in square.
Step S3 further includes the steps of:
step S31: outputting importance sorting results of the parameters according to the information gain of the parameters on each decision tree of the random forest, calculating the ticket number of each prediction result through the prediction results, and taking the prediction result with the highest ticket number as the final prediction output of the random forest;
step S32: the decision tree obtains output data classification results of sensitive data and non-sensitive data of the power internet of things according to the mode of each parameter classification result in the input data;
step S33: the data are encrypted by using three lightweight symmetric encryption algorithms with low requirements on hardware resources, sensitive data are encrypted by using RC6 and Fiestel encryption algorithms, non-sensitive data are encrypted by using SM4 algorithms, and RC6, Fiestel encryption algorithms and SM4 algorithms are all block ciphers.
Step S33 further includes the steps of:
step S331: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data are stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, the registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in a private cloud;
step S332: the Fiestel algorithm is used for encrypting another part of sensitive data, and for the original data input in the Fiestel, a multi-round sub-key x is utilized according to an encrypted round function F0,x1,x2,x3The partial data is divided into two equal parts K0And K1Outputting the part of the ciphertext through function calculation;
step S333: using SM4 algorithm to encrypt non-sensitive data, equally dividing plaintext packet and ciphertext packet into 128 bits, dividing each packet into four equal parts, the length of encryption key is 128 bits, which is responsible for generating round key, controlling the key sequence in encryption to be reverse to the key sequence in decryption, performing multi-round non-linear iteration control, outputting and storing in public cloud, in order to balance data transmission efficiency, using SM4 symmetric encryption algorithm to encrypt non-sensitive data, during encryption and decryption, the keys are identical, both encryption algorithm and key expansion algorithm use multi-round non-linear iteration structure, because SM4 uses symmetric key, i.e. the information security depends on the protection degree of key, using dynamic update encryption strategy, the key is only valid once under dynamic key update encryption strategy, if attacker does not obtain complete information of key, the original data must be analyzed through 2n attacks, and under the security condition of the current SM4, the security is further improved through a dynamic updating mechanism, so that an attacker cannot obtain the next encrypted content after cracking a single key.
Step S4 further includes the steps of:
step S41: the user provides credentials to the trust authority at each level by means of a level-by-level authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
step S42: reading a data file from a public cloud requires first-level authentication, namely, a user sends a request to a trust authority to request to read the data file from the public cloud and send a user ID and a password of the user, the trust authority judges whether a registered credential is matched with a credential provided by the user, if so, the trust authority grants the authority of reading the file in the public cloud, and a key for decrypting the data is given to the user;
step S43: the user sending a request to a trust authority requesting to download a data file from the public cloud and sending its own biometric credential, the trust authority verifying the received credential against the registered credential after obtaining the credential from the user, the trust authority allowing the user to download the requested file from the public cloud and sending a key required to decrypt the file when the registered and received credentials match;
step S43: after the first-level authentication and the second-level authentication are successfully completed, the user can enter the third-level authentication, the user needs to send a private cloud request and credentials of the user, the trust authority receives the user ID, the password and the biological characteristic credentials from the user, the trust authority provides the authority of reading and downloading files from the private cloud after being matched with the registered credentials, and otherwise, the user request is rejected.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described above, or equivalents may be substituted for elements thereof. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. Safety coefficient based on thing networking and big data, including data input classification module, cloud storage module and multistage authentication module, its characterized in that: the data input classification module is used for acquiring original data of the power internet of things to perform data input and preprocessing, the cloud storage module is used for classifying and encrypting the preprocessed data after random forest classification, the multistage identity verification module is used for performing safety verification at different levels when a user accesses different data of the power internet of things, the data input classification module is electrically connected with the cloud storage module, and the cloud storage module is electrically connected with the multistage identity verification module.
2. The internet of things and big data based security system of claim 1, wherein: the data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, the electric power original data acquisition module is used for acquiring original data from recorded electric power Internet of things equipment generation data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data to accelerate training speed, the electric power original data acquisition module is electrically connected with the random forest classification module, and the random forest classification module is electrically connected with the data preprocessing module.
3. The internet of things and big data based security system of claim 2, wherein: the cloud storage module comprises a predictor establishing module, a grid searching and cross verifying module, a characteristic importance ordering module and a cloud storage encryption module, wherein the predictor establishing module is used for predicting the accuracy of output results of a training set and a test set, the grid searching and cross verifying module is used for setting, adjusting and classifying parameter data, the characteristic importance ordering module is used for outputting importance ordering results and data type classification results of each parameter, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, the predictor establishing module is electrically connected with the grid searching and cross verifying module, and the characteristic importance ordering module is electrically connected with the cloud storage encryption module;
the cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, the private cloud encryption module is used for carrying out grouping encryption on the sensitive data classified through the random forest, the public cloud encryption module is used for carrying out grouping encryption on the non-sensitive data classified through the random forest, and the cloud encryption module is electrically connected with the public cloud encryption module.
4. An internet of things and big data based security system as claimed in claim 3, characterized in that: the multi-stage identity authentication module comprises a first-stage identity authentication module, a second-stage identity authentication module and a third-stage identity authentication module, the first-stage identity authentication module is used for first-stage certificate authentication when a user requests to access data in the public cloud, the second-stage identity authentication module is used for second-stage certificate authentication when the user requests to access and downloads data in the public cloud, the third-stage identity authentication module is used for third-stage user certificate authentication when the user accesses and downloads power data of the internet of things in the private cloud, and the first-stage identity authentication module, the second-stage identity authentication module and the third-stage identity authentication module are electrically connected.
5. A power data security verification method based on the Internet of things and big data based security system of any one of claims 1-4, the method comprising the steps of:
step S1: reading various original data sets generated by the power Internet of things equipment, and taking the data sets as the input of a random forest network, wherein the random forest is a classifier which trains and predicts samples by utilizing a plurality of decision trees, and the output category of the random forest is determined by the mode of the output category of an individual decision tree;
step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to instantiate the standardized value, setting a numerical value and an optional depth value of a decision tree, adding cross validation, and replacing and classifying the obtained training set for output;
step S3: calculating information gain of each feature by a random forest, outputting feature importance sorting results, classifying to obtain output data of sensitive and non-sensitive equipment types, and encrypting the two types of data respectively by using different algorithms;
step S4: the user provides three levels of authentication by the trust authority for secure access to stored data by providing possession credential information.
6. The internet of things and big data based security system of claim 5, wherein: the step S1 further includes the steps of:
step S11: the input data set is divided into 3: 1, dividing the ratio into a training set and a test set, and setting corresponding labels, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of data sets with labels into each decision tree for training, and outputting training results of the decision trees according to each parameter of input data;
step S13: after training, the test data for the test model is input as a test data set without a label, and the decision tree outputs the classification result by using the importance of each parameter of the input data on the result.
7. The internet of things and big data based security system of claim 6, wherein: the step S2 further includes the steps of:
step S21: preprocessing the data using normalization, using mathematical expectations of the various parameters EXiAnd standard deviation SiCalculating to obtain a normalized value ZijThe calculation formula is as follows:
Figure FDA0003539775900000031
in the formula, XijFor the jth value of the ith parameter, due to different magnitude levels of all parameters of the data set, preprocessing operation needs to be performed on the data in order to improve the accuracy of the model and accelerate the training speed;
step S22: establishing a random forest predictor, inputting the training set and the test set into the predictor, and outputting a prediction result and the accuracy rate of the prediction result;
step S23: respectively setting the number of decision trees in the random forest as N1,N2,N3,N4,N5The selectable depths of the decision tree are respectively set to H1,H2,H3,H4,H5Dividing the existing training set into a training set and a verification set, and adding 10-fold cross verification;
step S24: the data are divided into 10 parts, wherein 1 part is used as a verification set, then 10 times of tests are carried out, different verification sets are replaced each time, results of 10 groups of models are obtained, and the average value is taken as a final result.
8. The internet of things and big data based security system of claim 7, wherein: the step S3 further includes the steps of:
step S31: outputting importance sorting results of the parameters according to the information gain of the parameters on each decision tree of the random forest, calculating the number of votes obtained for each prediction result according to the prediction results, and outputting the prediction result with the highest number of votes as the final prediction of the random forest;
step S32: the decision tree obtains output data classification results of sensitive data and non-sensitive data of the power internet of things according to the mode of each parameter classification result in the input data;
step S33: the data are encrypted by using three lightweight symmetric encryption algorithms with low requirements on hardware resources, sensitive data are encrypted by using RC6 and Fiestel encryption algorithms, and non-sensitive data are encrypted by using SM4 algorithm.
9. The internet of things and big data based security system of claim 8, wherein: the step S33 further includes the steps of:
step S331: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data are stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, the registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in a private cloud;
step S332: the Fiestel algorithm is used for encrypting another part of sensitive data, and for the original data input in the Fiestel, a multi-round sub-key x is utilized according to an encrypted round function F0,x1,x2,x3The partial data is divided into two equal parts K0And K1Outputting the part of the ciphertext through function calculation;
step S333: the SM4 algorithm is used for encrypting non-sensitive data, a plaintext packet and a ciphertext packet are averagely divided into 128 bits, each packet is divided into four equal parts, the length of an encryption key is 128 bits, the encryption key is responsible for generating round keys, the key sequence in encryption is controlled to be opposite to the key sequence in the decryption process, multiple rounds of nonlinear iteration control are carried out, and the output is stored in a public cloud.
10. The internet of things and big data based security system of claim 9, wherein: the step S4 further includes the steps of:
step S41: the user provides credentials to the trust authority at each level by means of a level-by-level authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
step S42: reading a data file from a public cloud requires first-level authentication, namely, a user sends a request to a trust authority to request to read the data file from the public cloud and send a user ID and a password of the user, the trust authority judges whether a registered credential is matched with a credential provided by the user, if so, the trust authority grants the authority of reading the file in the public cloud, and a key for decrypting the data is given to the user;
step S43: the user sending a request to a trust authority requesting to download a data file from the public cloud and sending its own biometric credential, the trust authority verifying the received credential against the registered credential after obtaining the credential from the user, the trust authority allowing the user to download the requested file from the public cloud and sending a key required to decrypt the file when the registered and received credentials match;
step S43: after the first-level authentication and the second-level authentication are successfully completed, the user can enter the third-level authentication, the user needs to send a private cloud request and credentials of the user, the trust authority receives the user ID, the password and the biological characteristic credentials from the user, the trust authority provides the authority of reading and downloading files from the private cloud after being matched with the registered credentials, and otherwise, the user request is rejected.
CN202210235267.3A 2022-03-10 2022-03-10 Safety system based on Internet of things and big data Pending CN114726502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210235267.3A CN114726502A (en) 2022-03-10 2022-03-10 Safety system based on Internet of things and big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210235267.3A CN114726502A (en) 2022-03-10 2022-03-10 Safety system based on Internet of things and big data

Publications (1)

Publication Number Publication Date
CN114726502A true CN114726502A (en) 2022-07-08

Family

ID=82237781

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210235267.3A Pending CN114726502A (en) 2022-03-10 2022-03-10 Safety system based on Internet of things and big data

Country Status (1)

Country Link
CN (1) CN114726502A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117174233A (en) * 2023-11-02 2023-12-05 山东大数据医疗科技有限公司 Management platform based on health big data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117174233A (en) * 2023-11-02 2023-12-05 山东大数据医疗科技有限公司 Management platform based on health big data
CN117174233B (en) * 2023-11-02 2024-02-09 山东大数据医疗科技有限公司 Management platform based on health big data

Similar Documents

Publication Publication Date Title
CN107547530A (en) On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment
CN112187712B (en) Anonymous authentication method and system for trust in de-center mobile crowdsourcing
US8995655B2 (en) Method for creating asymmetrical cryptographic key pairs
Asfia et al. Energy trading of electric vehicles using blockchain and smart contracts
CN114884680B (en) Multi-server sustainable trust evaluation method based on context authentication
Coelho et al. Federation of attribute providers for user self-sovereign identity
CN115333755A (en) Multi-attribute identity authentication method based on continuous trust evaluation
CN112291062B (en) Voting method and device based on block chain
CN115208628B (en) Data integrity verification method based on block chain
CN113742764A (en) Trusted data secure storage method, retrieval method and equipment based on block chain
CN114726502A (en) Safety system based on Internet of things and big data
CN115314889A (en) Multi-level security authentication method and system for power regulation and control terminal, memory and equipment
Li et al. $\bm {P}^{\bm {3}} $: Privacy-Preserving Prediction of Real-Time Energy Demands in EV Charging Networks
CN117097476B (en) Data processing method, equipment and medium based on industrial Internet
KR102381389B1 (en) System and Method for Controlling Multi Factor Access Prioritized
Wen et al. A data aggregation scheme with fine-grained access control for the smart grid
CN113010909A (en) Data security classification method and device for scientific data sharing platform
Yang et al. Accountable and verifiable secure aggregation for federated learning in IoT networks
Wang et al. Blockchain-Enabled Lightweight Fine-Grained Searchable Knowledge Sharing for Intelligent IoT
CN116208340A (en) Trusted data flow platform system method based on privacy calculation and blockchain
CN112702159B (en) Online expert scoring method and system based on block chain
CN113726763A (en) Challenge response identity authentication technology based on mobile phone number
CN117034356B (en) Privacy protection method and device for multi-operation flow based on hybrid chain
CN114866236B (en) Data sharing method of Internet of things in cloud based on alliance chain
CN116561182B (en) Power data storage method and system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination