CN114726502B - Security system based on Internet of things and big data - Google Patents
Security system based on Internet of things and big data Download PDFInfo
- Publication number
- CN114726502B CN114726502B CN202210235267.3A CN202210235267A CN114726502B CN 114726502 B CN114726502 B CN 114726502B CN 202210235267 A CN202210235267 A CN 202210235267A CN 114726502 B CN114726502 B CN 114726502B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- user
- encryption
- random forest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 claims abstract description 80
- 238000007637 random forest analysis Methods 0.000 claims abstract description 48
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 39
- 238000007781 pre-processing Methods 0.000 claims abstract description 21
- 230000007246 mechanism Effects 0.000 claims abstract description 18
- 238000012549 training Methods 0.000 claims description 38
- 238000003066 decision tree Methods 0.000 claims description 30
- 238000012360 testing method Methods 0.000 claims description 24
- 238000000034 method Methods 0.000 claims description 19
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 4
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000002087 whitening effect Effects 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims 1
- 238000010606 normalization Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000010248 power generation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a security system based on the Internet of things and big data, which comprises a data input classification module, a cloud storage module and a multi-stage identity verification module, wherein the data input classification module is used for acquiring original data of the Internet of things of electric power, inputting and preprocessing the data, the cloud storage module is used for classifying and encrypting the preprocessed data after classifying the preprocessed data through a random forest, the multi-stage identity verification module is used for carrying out security verification of different levels when a user accesses different data of the Internet of things of electric power, the data input classification module is electrically connected with the cloud storage module, the cloud storage module is electrically connected with the multi-stage identity verification module, classifying the data generated by the Internet of things of electric power into sensitive data and insensitive data through a random forest network, encrypting the data by using a lightweight symmetric encryption algorithm, and verifying a trust mechanism through a multi-stage identity verification credential of the user.
Description
Technical Field
The invention relates to the technical field of data security of the Internet of things of electric power, in particular to a security system based on the Internet of things and big data.
Background
The electric power internet of things is a concrete expression of related technologies such as application collaboration networks, cloud computing and the like in the electric power system industry, users, power grids and power generation enterprises, suppliers and corresponding devices, people and things of the electric power system are connected together, generated data are shared, the users, the power grids, the power generation, the suppliers and government society are served, modern information technologies such as 'cloud object intelligent shift chains' and advanced communication technologies are fully utilized, interconnection and man-machine interaction of all parts of the electric power system are realized, the capabilities of automatic data acquisition, automatic data acquisition and flexible application are greatly improved, as the electric power internet of things is continuously built, the perception layer terminals are connected more and more, a great amount of data are always generated by each link of terminal equipment operated, and the data security problem of the internet of things in a cloud computing environment is synchronously and massively generated.
In the existing solution, the security of the internet of things is effectively improved by corresponding modeling or encrypting data by utilizing a secret key and a public key together, but the encryption of the data is a single algorithm or has the problem of less identity authentication, while the classical encryption algorithm of the advanced encryption standard focuses on providing high-level encryption performance, and the problem of hardware resource overhead is not considered too much, but the hardware resources in the electric internet of things equipment are limited, and the encryption algorithm with high performance and high energy consumption is not suitable for being adopted, so that the design of the lightweight symmetric encryption algorithm and the multi-level identity authentication based internet of things and large data security system is necessary.
Disclosure of Invention
The invention aims to provide a security system based on the Internet of things and big data, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: the security system based on the Internet of things and big data comprises a data input classification module, a cloud storage module and a multi-stage identity verification module, wherein the data input classification module is used for acquiring electric power Internet of things original data to carry out data input and preprocessing, the cloud storage module is used for classifying and encrypting the preprocessed data after classifying the preprocessed data through a random forest, the multi-stage identity verification module is used for carrying out security verification of different levels when a user accesses different data of the electric power Internet of things, the data input classification module is electrically connected with the cloud storage module, and the cloud storage module is electrically connected with the multi-stage identity verification module.
According to the technical scheme, the data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, wherein the electric power original data acquisition module is used for acquiring original data from recorded electric power internet of things equipment generated data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data so as to accelerate training speed, the electric power original data acquisition module is electrically connected with the random forest classification module, and the electric power original data acquisition module is electrically connected with the random forest classification module and the data preprocessing module.
According to the technical scheme, the cloud storage module comprises a predictor building module, a grid searching and cross verifying module, a characteristic importance sorting module and a cloud storage encryption module, wherein the predictor building module is used for predicting the accuracy of output results of a training set and a testing set, the grid searching and cross verifying module is used for setting optimization classification on parameter data, the characteristic importance sorting module is used for outputting importance sorting results and data type classification results of all parameters, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, the predictor building module is electrically connected with the grid searching and cross verifying module, and the characteristic importance sorting module is electrically connected with the cloud storage encryption module;
The cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, wherein the private cloud encryption module is used for carrying out grouping encryption on sensitive data classified by random forests, the public cloud encryption module is used for carrying out grouping encryption on non-sensitive data classified by random forests, and the cloud encryption module is electrically connected with the public cloud encryption module.
According to the technical scheme, the multi-stage identity verification module comprises a first-stage identity verification module, a second-stage identity verification module and a third-stage identity verification module, wherein the first-stage identity verification module is used for first-stage credential verification performed when a user requests access to data in public cloud, the second-stage identity verification module is used for second-stage credential verification performed when the user requests access to and downloads data in public cloud, the third-stage identity verification module is used for third-time user credential verification performed when the user accesses to and downloads the internet of things power data in private cloud, and the first-stage identity verification module, the second-stage identity verification module and the third-stage identity verification module are electrically connected.
According to the technical scheme, the electric power data security verification method of the security system based on the Internet of things and big data comprises the following steps:
step S1: reading various original data sets generated by electric power Internet of things equipment, and taking the data sets as input of a random forest network, wherein the random forest is a classifier for training and predicting samples by utilizing a plurality of decision trees, and the output class of the classifier is determined by the mode of the output class of an individual decision tree;
Step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to normalize the data, setting the number value and the optional depth value of a decision tree, adding cross verification, and replacing, classifying and outputting the obtained training set;
Step S3: calculating information gain of each feature by using a random forest, outputting a feature importance sorting result, classifying to obtain output data of sensitive and non-sensitive equipment types, and encrypting the two types of data by using different algorithms;
Step S4: the user provides three levels of authentication by the trust authority for secure access to the stored data by providing owned credential information.
According to the above technical solution, the step S1 further includes the following steps:
step S11: the input dataset was written with 3:1 is divided into a training set and a testing set, and corresponding labels are arranged, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of the data set with the labels into each decision tree for training, and outputting a training result of the decision tree according to each parameter of the input data;
Step S13: after training, the test data for the test model is input as a test data set without labels, and the decision tree outputs the classification result by utilizing the importance of each parameter of the input data.
According to the above technical solution, the step S2 further includes the following steps:
Step S21: the standardized data are preprocessed, and the standardized value Z ij is obtained by calculation by using the mathematical expectation E Xi and the standard deviation S i of each parameter, wherein the calculation formula is as follows:
In the formula, X ij is the j value of the i parameter, and the data sets are different in magnitude, so that the accuracy of the model is improved, the training speed is increased, and the data needs to be preprocessed;
step S22: establishing a random forest predictor, inputting a training set and a testing set into the predictor, and outputting a prediction result and the accuracy of the prediction result;
Step S23: the number of decision trees in the random forest is respectively set as N 1,N2,N3,N4,N5, the optional depth of the decision trees is respectively set as H 1,H2,H3,H4,H5, the existing training set is divided into a training set and a verification set, and 10-fold cross verification is added;
Step S24: the data were divided into 10 parts, 1 part of which was used as a validation set, and then 10 times of testing was performed, with each time a different validation set was replaced, resulting in the results of 10 sets of models, and the average was taken as the final result.
According to the above technical solution, the step S3 further includes the following steps:
Step S31: according to the information gain of each parameter on each decision tree of the random forest, outputting importance sequencing results of each parameter, calculating the ticket number of each prediction result through the prediction result, and taking the prediction result with the highest ticket number as the final prediction output of the random forest;
step S32: the decision tree obtains output data classification results of the sensitive data and the non-sensitive data of the electric power Internet of things according to the modes in the classification results of the parameters in the input data;
Step S33: three lightweight symmetrical encryption algorithms with low requirements on hardware resources are used for encrypting data, sensitive data is encrypted by using RC6 and Fiestel encryption algorithms, and non-sensitive data is encrypted by using SM4 algorithm.
According to the above technical solution, the step S33 further includes the following steps:
Step S331: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data is stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, wherein registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in private cloud;
step S332: the Fiestel algorithm is used for encrypting another part of the sensitive data, dividing the part of the original data input in Fiestel into two equal parts K 0 and K 1 by utilizing a multi-round subkey x 0,x1,x2,x3 according to an encrypted round function F, and outputting the part of ciphertext through function calculation;
step S333: and encrypting the non-sensitive data by using an SM4 algorithm, equally dividing a plaintext packet and a ciphertext packet into 128 bits, dividing each packet into four equal parts, wherein the length of an encryption key is 128 bits, and the encryption key is responsible for generating a round key, controlling the key sequence in encryption to be opposite to the key sequence in decryption, performing multi-round nonlinear iteration control, and outputting and storing in public cloud.
According to the above technical solution, the step S4 further includes the following steps:
Step S41: providing credentials to a trust authority in each level by way of a stepwise authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
Step S42: reading a data file from a public cloud requires first-level authentication, namely a user sends a request to a trust mechanism, the request is that the data file is read from the public cloud and a user ID and a password of the user are sent, the trust mechanism judges whether registered credentials are matched with credentials provided by the user, if so, the authority of reading the file in the public cloud is granted, and a secret key for decrypting the data is given to the user;
step S43: the user sends a request to the trust authority to download the data file from the public cloud and send the own biological characteristic certificate, after obtaining the certificate from the user, the trust authority verifies the received certificate against the registered certificate, when the registered and the received certificate are matched, the trust authority allows the user to download the requested file from the public cloud and send the key required for decrypting the file;
Step S43: after the first-level and second-level authentication is successfully completed, the user can enter a third-level authentication, the user needs to send a private cloud request and credentials thereof, the trust mechanism receives the user ID, the password and the biometric credentials from the user, and after the trust mechanism is matched with the registered credentials, the trust mechanism provides the authority to read and download files from the private cloud, otherwise, the user request is refused.
Compared with the prior art, the invention has the following beneficial effects: according to the invention, the data generated by the electric power Internet of things equipment is classified into the sensitive data and the non-sensitive data through the random forest network by arranging the data input classification module, the cloud storage module and the multi-level identity verification module, three lightweight symmetrical encryption algorithms with low requirements on hardware resources are used for encrypting the data, the RC6 and Fiestel encryption algorithms are used for encrypting the sensitive data, the SM4 algorithm is used for encrypting the non-sensitive data, and meanwhile, in order to protect the cloud stored data from being damaged by malicious users, the trust mechanism verifies through the multi-level identity verification credentials of the users.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of the system module composition of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the present invention provides the following technical solutions: the security system based on the Internet of things and big data comprises a data input classification module, a cloud storage module and a multi-level identity verification module, wherein the data input classification module is used for acquiring electric power Internet of things original data to carry out data input and preprocessing, the cloud storage module is used for classifying and encrypting the preprocessed data after classifying the preprocessed data through a random forest, the multi-level identity verification module is used for carrying out security verification of different levels when a user accesses different data of the electric power Internet of things, the data input classification module is electrically connected with the cloud storage module, and the cloud storage module is electrically connected with the multi-level identity verification module.
The data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, wherein the electric power original data acquisition module is used for acquiring original data from recorded electric power internet of things equipment generated data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data so as to accelerate training speed, and the electric power original data acquisition module is electrically connected with the random forest classification module and is electrically connected with the data preprocessing module.
The cloud storage module comprises a predictor establishing module, a grid searching and cross verifying module, a characteristic importance sorting module and a cloud storage encryption module, wherein the predictor establishing module is used for predicting the output result accuracy of a training set and a testing set, the grid searching and cross verifying module is used for setting, optimizing and classifying parameter data, the characteristic importance sorting module is used for outputting the importance sorting result and the data type sorting result of each parameter, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, and the predictor establishing module is electrically connected with the grid searching and cross verifying module;
The cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, wherein the private cloud encryption module is used for carrying out grouping encryption on sensitive data classified by random forests, the public cloud encryption module is used for carrying out grouping encryption on non-sensitive data classified by random forests, and the cloud encryption module is electrically connected with the public cloud encryption module.
The multi-level identity verification module comprises a first-level identity verification module, a second-level identity verification module and a third-level identity verification module, wherein the first-level identity verification module is used for first-level credential verification performed when a user requests to access data in public cloud, the second-level identity verification module is used for second-level credential verification performed when the user requests to access and downloads data in public cloud, the third-level identity verification module is used for third-time user credential verification performed when the user accesses and downloads internet of things power data in private cloud, and the first-level identity verification module, the second-level identity verification module and the third-level identity verification module are electrically connected.
The electric power data security verification method of the security system based on the Internet of things and big data comprises the following steps:
Step S1: various original data sets generated by the electric power internet of things equipment are read, the data sets are used as input of a random forest network, the random forest is a classifier which trains and predicts samples by utilizing a plurality of decision trees, the output types of the classifier are determined by the mode of the output types of individual decision trees, the data generated by the electric power internet of things equipment can be effectively classified by using the random forest, and then different types of data are encrypted by using different encryption algorithms, so that the efficiency of encrypting the electric power internet of things data is effectively improved;
Step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to normalize the data, setting the number value and the optional depth value of a decision tree, adding cross verification, and replacing, classifying and outputting the obtained training set;
Step S3: calculating information gain of each feature by random forest, outputting a feature importance sorting result, classifying to obtain output data of sensitive and non-sensitive equipment types, and respectively encrypting the two types of data by using different algorithms, wherein the sensitive data refer to data which are not suitable for an electric power Internet of things company and relate to economic benefits and network safety, and comprise network structures, IP address lists of the company, temperature, voltage and the like when a power grid runs;
Step S4: the user provides three levels of authentication by the trust authority for secure access to the stored data by providing owned credential information.
Step S1 further comprises the steps of:
step S11: the input dataset was written with 3:1 is divided into a training set and a testing set, and corresponding labels are arranged, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of the data set with the labels into each decision tree for training, and outputting a training result of the decision tree according to each parameter of the input data;
Step S13: after training, the test data for the test model is input as a test data set without labels, and the decision tree outputs the classification result by utilizing the importance of each parameter of the input data.
Step S2 further comprises the steps of:
Step S21: the standardized data are preprocessed, and the standardized value Z ij is obtained by calculation by using the mathematical expectation E Xi and the standard deviation S i of each parameter, wherein the calculation formula is as follows:
In the formula, X ij is the j value of the i parameter, and the data sets are different in magnitude, so that the accuracy of the model is improved, the training speed is increased, and the data needs to be preprocessed;
step S22: establishing a random forest predictor, inputting a training set and a testing set into the predictor, and outputting a prediction result and the accuracy of the prediction result;
step S23: the number of decision trees in the random forest is respectively set as N 1,N2,N3,N4,
N 5, the optional depth of the decision tree is set as H 1,H2,H3,H4,H5 respectively, the existing training set is divided into a training set and a verification set, 10-fold cross verification is added, the 10-fold cross verification refers to dividing the data set into ten parts, 9 parts of the data set are trained for 1 part of verification in turn, the average value of 10 results is used as the estimation of algorithm precision, and generally, the average value is required to be obtained through 10-fold cross verification for many times, namely 10-fold cross verification is carried out for 10 times, so that the accuracy is ensured;
Step S24: dividing data into 10 parts, wherein 1 part is used as a verification set, then, through 10 times of testing, changing different verification sets each time to obtain the results of 10 groups of models, taking an average value as a final result, taking out most of the samples in a given modeling sample to build the models, leaving a small part of the samples to forecast by the newly built models, solving the forecast errors of the small part of the samples, recording the sum of squares of the small part of the samples, and carrying out the process until all the samples are forecasted once and only once, and summing the squares of the forecast errors of each sample.
Step S3 further comprises the steps of:
Step S31: according to the information gain of each parameter on each decision tree of the random forest, outputting importance sequencing results of each parameter, calculating the ticket number of each prediction result through the prediction result, and taking the prediction result with the highest ticket number as the final prediction output of the random forest;
step S32: the decision tree obtains output data classification results of the sensitive data and the non-sensitive data of the electric power Internet of things according to the modes in the classification results of the parameters in the input data;
Step S33: three lightweight symmetrical encryption algorithms with low requirements on hardware resources are used for encrypting data, sensitive data is encrypted by using RC6 and Fiestel encryption algorithms, non-sensitive data is encrypted by using SM4 algorithm, and RC6, fiestel encryption algorithms and SM4 algorithm are all block ciphers.
Step S33 further includes the steps of:
Step S331: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data is stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, wherein registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in private cloud;
step S332: the Fiestel algorithm is used for encrypting another part of the sensitive data, dividing the part of the original data input in Fiestel into two equal parts K 0 and K 1 by utilizing a multi-round subkey x 0,x1,x2,x3 according to an encrypted round function F, and outputting the part of ciphertext through function calculation;
Step S333: the encryption method comprises the steps of encrypting non-sensitive data by using an SM4 algorithm, equally dividing a plaintext packet and a ciphertext packet into 128 bits, dividing each packet into four equal parts, enabling the length of an encryption key to be 128 bits, generating a round key, controlling a key sequence in encryption to be opposite to a key sequence in a decryption process, performing multi-round nonlinear iteration control, outputting and storing the key sequence in public cloud, encrypting the non-sensitive data by using an SM4 symmetric encryption algorithm for balancing data transmission efficiency, and enabling the key to be consistent in the encryption and decryption processes, wherein the encryption algorithm and the key expansion algorithm both adopt multi-round nonlinear iterative structures, and because the SM4 uses symmetric keys, namely information safety depends on the protection degree of the key, a dynamic update encryption strategy is adopted, under the dynamic key update encryption strategy, the key is only effective once, if an attacker does not obtain complete information of the key, the key has to analyze original data through 2n times of attacks, and under the safety condition of the current SM4, the safety is further improved through a dynamic update mechanism, so that the attacker cannot obtain next encrypted content after cracking the single key.
Step S4 further comprises the steps of:
Step S41: providing credentials to a trust authority in each level by way of a stepwise authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
Step S42: reading a data file from a public cloud requires first-level authentication, namely a user sends a request to a trust mechanism, the request is that the data file is read from the public cloud and a user ID and a password of the user are sent, the trust mechanism judges whether registered credentials are matched with credentials provided by the user, if so, the authority of reading the file in the public cloud is granted, and a secret key for decrypting the data is given to the user;
step S43: the user sends a request to the trust authority to download the data file from the public cloud and send the own biological characteristic certificate, after obtaining the certificate from the user, the trust authority verifies the received certificate against the registered certificate, when the registered and the received certificate are matched, the trust authority allows the user to download the requested file from the public cloud and send the key required for decrypting the file;
Step S43: after the first-level and second-level authentication is successfully completed, the user can enter a third-level authentication, the user needs to send a private cloud request and credentials thereof, the trust mechanism receives the user ID, the password and the biometric credentials from the user, and after the trust mechanism is matched with the registered credentials, the trust mechanism provides the authority to read and download files from the private cloud, otherwise, the user request is refused.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. Safety coefficient based on thing networking and big data, including data input classification module, cloud storage module and multistage identity verification module, its characterized in that: the data input classification module is used for acquiring the original data of the electric power Internet of things, inputting and preprocessing the data, the cloud storage module is used for classifying and encrypting the preprocessed data through a random forest, the multi-level identity verification module is used for carrying out different-level security verification when a user accesses different data of the electric power Internet of things, the data input classification module is electrically connected with the cloud storage module, and the cloud storage module is electrically connected with the multi-level identity verification module;
The cloud storage module comprises a cloud storage encryption module, the cloud storage encryption module comprises a private cloud encryption module and a public cloud encryption module, the private cloud encryption module is used for carrying out grouping encryption on sensitive data classified by a random forest, the public cloud encryption module is used for carrying out grouping encryption on non-sensitive data classified by the random forest, and the cloud encryption module is electrically connected with the public cloud encryption module;
the method for encrypting the sensitive data and the non-sensitive data comprises the following steps:
step a: the RC6 algorithm is used for encrypting a part of sensitive data, the sensitive data is stored in four w-bit RC6 registers of the ABCD, calculated values are stored by using different variables, wherein registers B and D undergo pre-whitening execution inner loop, the four registers perform left rotation, right rotation and addition operation, and ciphertext converted from plaintext is output and stored in private cloud;
step b: fiestel algorithm is used to encrypt another part of sensitive data, and to utilize multiple rounds of subkeys for the original data entered in Fiestel according to the encrypted round function F Dividing the partial data into two equal partsAnd/>Outputting the partial ciphertext through function calculation;
step c: and encrypting the non-sensitive data by using an SM4 algorithm, equally dividing a plaintext packet and a ciphertext packet into 128 bits, dividing each packet into four equal parts, wherein the length of an encryption key is 128 bits, and the encryption key is responsible for generating a round key, controlling the key sequence in encryption to be opposite to the key sequence in decryption, performing multi-round nonlinear iteration control, and outputting and storing in public cloud.
2. The internet of things and big data based security system of claim 1, wherein: the data input classification module comprises an electric power original data acquisition module, a random forest classification module and a data preprocessing module, wherein the electric power original data acquisition module is used for acquiring original data from recorded electric power internet of things equipment generated data, the random forest classification module is used for inputting the data into a random network for classification, the data preprocessing module is used for preprocessing the data so as to accelerate training speed, the electric power original data acquisition module is electrically connected with the random forest classification module, and the electric power original data acquisition module is electrically connected with the random forest classification module and the data preprocessing module.
3. The internet of things and big data based security system of claim 2, wherein: the cloud storage module comprises a predictor building module, a grid searching and cross verifying module and a characteristic importance sorting module, wherein the predictor building module is used for predicting the accuracy of output results of a training set and a testing set, the grid searching and cross verifying module is used for setting, optimizing and sorting parameter data, the characteristic importance sorting module is used for outputting importance sorting results and data type sorting results of all parameters, the cloud storage encryption module is used for encrypting and decrypting different types of data by using different grouping algorithms, the predictor building module is electrically connected with the grid searching and cross verifying module, and the characteristic importance sorting module is electrically connected with the cloud storage encryption module.
4. A security system based on internet of things and big data according to claim 3, characterized in that: the multistage identity verification module comprises a first-stage identity verification module, a second-stage identity verification module and a third-stage identity verification module, wherein the first-stage identity verification module is used for first-stage credential verification performed when a user requests access to data in public cloud, the second-stage identity verification module is used for second-stage credential verification performed when the user requests access to and downloads data in public cloud, the third-stage identity verification module is used for third-time user credential verification performed when the user accesses to and downloads internet of things power data in private cloud, and the first-stage identity verification module, the second-stage identity verification module and the third-stage identity verification module are electrically connected.
5. A power data security verification method based on the internet of things and big data based security system of any one of claims 1-4, the method comprising the steps of:
step S1: reading various original data sets generated by electric power Internet of things equipment, and taking the data sets as input of a random forest network, wherein the random forest is a classifier for training and predicting samples by utilizing a plurality of decision trees, and the output class of the classifier is determined by the mode of the output class of an individual decision tree;
Step S2: preprocessing data by adopting standardization to obtain a standardized value, establishing a random forest predictor to normalize the data, setting the number value and the optional depth value of a decision tree, adding cross verification, and replacing, classifying and outputting the obtained training set;
step S3: calculating information gain of each feature by using a random forest, outputting a feature importance sorting result, classifying to obtain sensitive and non-sensitive output data, and encrypting the two types of data by using different algorithms;
Step S4: the user provides three levels of authentication by the trust authority for secure access to the stored data by providing owned credential information.
6. The power data security verification method according to claim 5, wherein: the step S1 further comprises the steps of:
step S11: the input dataset was written with 3:1 is divided into a training set and a testing set, and corresponding labels are arranged, wherein one part is used for training a model, and the other part is used for testing the model;
step S12: respectively inputting part of the data set with the labels into each decision tree for training, and outputting a training result of the decision tree according to each parameter of the input data;
Step S13: after training, the test data for the test model is input as a test data set without labels, and the decision tree outputs the classification result by utilizing the importance of each parameter of the input data.
7. The power data security verification method according to claim 6, wherein: the step S2 further comprises the steps of:
Step S21: preprocessing data using normalization, exploiting mathematical expectations of individual parameters And standard deviation/>Calculating to obtain a normalized value/>The calculation formula is as follows:
,
In the method, in the process of the invention, As for the j value of the i parameter, because the magnitudes of the parameters of the data set are different, in order to improve the accuracy of the model and speed up training, preprocessing operation is needed to be carried out on the data;
step S22: establishing a random forest predictor, inputting a training set and a testing set into the predictor, and outputting a prediction result and the accuracy of the prediction result;
step S23: the number of decision trees in the random forest is respectively set as The selectable depths of the decision tree are set to/>, respectivelyDividing the existing training set into a training set and a verification set, and adding 10-fold cross verification;
Step S24: the data were divided into 10 parts, 1 part of which was used as a validation set, and then 10 times of testing was performed, with each time a different validation set was replaced, resulting in the results of 10 sets of models, and the average was taken as the final result.
8. The power data security verification method according to claim 7, wherein: the step S3 further includes the steps of:
Step S31: according to the information gain of each parameter on each decision tree of the random forest, outputting importance sequencing results of each parameter, calculating the ticket number of each prediction result through the prediction result, and taking the prediction result with the highest ticket number as the final prediction output of the random forest;
step S32: the decision tree obtains output data classification results of the sensitive data and the non-sensitive data of the electric power Internet of things according to the modes in the classification results of the parameters in the input data;
Step S33: three lightweight symmetrical encryption algorithms with low requirements on hardware resources are used for encrypting data, sensitive data is encrypted by using RC6 and Fiestel encryption algorithms, and non-sensitive data is encrypted by using SM4 algorithm.
9. The power data security verification method according to claim 8, wherein: the step S4 further includes the steps of:
Step S41: providing credentials to a trust authority in each level by way of a stepwise authentication to securely access data stored in the hybrid cloud, the required level of authentication being based on the type of file access the user wishes to perform;
Step S42: reading a data file from a public cloud requires first-level authentication, namely a user sends a request to a trust mechanism, the request is that the data file is read from the public cloud and a user ID and a password of the user are sent, the trust mechanism judges whether registered credentials are matched with credentials provided by the user, if so, the authority of reading the file in the public cloud is granted, and a secret key for decrypting the data is given to the user;
step S43: the user sends a request to the trust authority to download the data file from the public cloud and send the own biological characteristic certificate, after obtaining the certificate from the user, the trust authority verifies the received certificate against the registered certificate, when the registered and the received certificate are matched, the trust authority allows the user to download the requested file from the public cloud and send the key required for decrypting the file;
Step S43: after the first-level and second-level authentication is successfully completed, the user can enter a third-level authentication, the user needs to send a private cloud request and credentials thereof, the trust mechanism receives the user ID, the password and the biometric credentials from the user, and after the trust mechanism is matched with the registered credentials, the trust mechanism provides the authority to read and download files from the private cloud, otherwise, the user request is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210235267.3A CN114726502B (en) | 2022-03-10 | 2022-03-10 | Security system based on Internet of things and big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210235267.3A CN114726502B (en) | 2022-03-10 | 2022-03-10 | Security system based on Internet of things and big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114726502A CN114726502A (en) | 2022-07-08 |
| CN114726502B true CN114726502B (en) | 2024-06-21 |
Family
ID=82237781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210235267.3A Active CN114726502B (en) | 2022-03-10 | 2022-03-10 | Security system based on Internet of things and big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114726502B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116566731A (en) * | 2023-06-15 | 2023-08-08 | 华能信息技术有限公司 | Data exchange method and equipment |
| CN117174233B (en) * | 2023-11-02 | 2024-02-09 | 山东大数据医疗科技有限公司 | Management platform based on health big data |
| CN118264488A (en) * | 2024-05-31 | 2024-06-28 | 福建智联万物科技有限公司 | Data security management system based on Internet of things |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10726153B2 (en) * | 2015-11-02 | 2020-07-28 | LeapYear Technologies, Inc. | Differentially private machine learning using a random forest classifier |
| CN107507038B (en) * | 2017-09-01 | 2021-03-19 | 美林数据技术股份有限公司 | Electricity charge sensitive user analysis method based on stacking and bagging algorithms |
| US10817619B1 (en) * | 2017-12-05 | 2020-10-27 | Jagannadha babu Kolli | Method and system for securing data stored in a cloud-based software system |
| CN110008470B (en) * | 2019-03-19 | 2023-05-26 | 创新先进技术有限公司 | Sensitivity grading method and device for report forms |
| CN113111364A (en) * | 2021-04-12 | 2021-07-13 | 浙江永旗区块链科技有限公司 | Block chain data privacy protection system and protection method thereof |
-
2022
- 2022-03-10 CN CN202210235267.3A patent/CN114726502B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| 基于物联网的智慧城市电表数据加密方法研究;谢林利;;科技视界;20200215(第05期);全文 * |
| 基于非平衡数据的随机森林分类算法改进;魏正韬;杨有龙;白婧;;重庆大学学报;20180415(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114726502A (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114726502B (en) | Security system based on Internet of things and big data | |
| Moinet et al. | Blockchain based trust & authentication for decentralized sensor networks | |
| Li et al. | Privacy-preserving public auditing protocol for low-performance end devices in cloud | |
| CN112187712B (en) | Anonymous authentication method and system for trust in de-center mobile crowdsourcing | |
| CN105164971A (en) | Verification system and method with extra security for lower-entropy input records | |
| Asfia et al. | Energy trading of electric vehicles using blockchain and smart contracts | |
| CN116703304B (en) | Goods asset supervision method and system based on Internet of things | |
| CN115314889A (en) | Multi-level security authentication method and system for power regulation and control terminal, memory and equipment | |
| CN114679332A (en) | APT detection method of distributed system | |
| CN115333755A (en) | Multi-attribute identity authentication method based on continuous trust evaluation | |
| CN115208628A (en) | Data integrity verification method based on block chain | |
| CN110661816B (en) | Cross-domain authentication method based on block chain and electronic equipment | |
| Lu et al. | Speeding at the edge: An efficient and secure redactable blockchain for IoT-based smart grid systems | |
| Alshomrani et al. | PUFDCA: A Zero‐Trust‐Based IoT Device Continuous Authentication Protocol | |
| Wang et al. | Blockchain-Enabled Lightweight Fine-Grained Searchable Knowledge Sharing for Intelligent IoT | |
| CN113836447A (en) | Safe track similarity query method and system under cloud platform | |
| Wen et al. | A data aggregation scheme with fine-grained access control for the smart grid | |
| KR102381389B1 (en) | System and Method for Controlling Multi Factor Access Prioritized | |
| Liu et al. | ATRC: An anonymous traceable and revocable credential system using blockchain for VANETs | |
| Kebede et al. | Reshaping IOT Through Blockchain | |
| Krichen et al. | Short survey on using blockchain technology in modern wireless networks, iot and smart grids | |
| CN114866236B (en) | Data sharing method of Internet of things in cloud based on alliance chain | |
| CN116432192A (en) | Multi-mechanism, revocable and liability attribute encryption method and system based on OBDD | |
| Banerjee et al. | Identity management with hybrid blockchain approach: A deliberate extension with federated-inverse-reinforcement learning | |
| Mishra et al. | Fibonacci tree structure based privacy preserving public auditing for IoT enabled data in cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |