CN115086074A - Network security virus identification and blocking system with internal operation monitoring function - Google Patents

Network security virus identification and blocking system with internal operation monitoring function Download PDF

Info

Publication number
CN115086074A
CN115086074A CN202210854849.XA CN202210854849A CN115086074A CN 115086074 A CN115086074 A CN 115086074A CN 202210854849 A CN202210854849 A CN 202210854849A CN 115086074 A CN115086074 A CN 115086074A
Authority
CN
China
Prior art keywords
module
virus
network
data
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210854849.XA
Other languages
Chinese (zh)
Inventor
谭金彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Teke Power Technology Co ltd
Original Assignee
Shenzhen Teke Power Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Teke Power Technology Co ltd filed Critical Shenzhen Teke Power Technology Co ltd
Priority to CN202210854849.XA priority Critical patent/CN115086074A/en
Publication of CN115086074A publication Critical patent/CN115086074A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/088Non-supervised learning, e.g. competitive learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Analysis (AREA)
  • Medical Informatics (AREA)
  • Algebra (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Molecular Biology (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security virus identification and blocking system with an internal operation monitoring function, which relates to the technical field of measurement and solves the technical problems of network security virus identification and blocking, wherein network security virus information is monitored through a monitoring module, network security virus data information is identified through a virus identification module, and network data information is input through a network information input module; generating network security protection virus data information through a generation model; judging security data information through a GAN algorithm model time network; analyzing the network security virus data information through a risk analysis module; blocking the network security anti-virus data information through a blocking module; and the network security protection virus data information is visually displayed through the visual display module. The invention can improve the identification, calculation and monitoring capabilities of network security virus information and improve the application capability of network security.

Description

Network security virus identification and blocking system with internal operation monitoring function
Technical Field
The invention relates to the technical field of measurement, in particular to a network security virus identification and blocking system with an internal operation monitoring function.
Background
The prior art provides certain defense measures for defending network threats, such as encryption in the information interaction process, although threat information defense can also be improved, continuous encryption and decryption are required in the application process, and the application process is troublesome.
In order to prevent the electric power monitoring system from being affected by security holes and malicious programs, ensure the data security in the communication process of the system, establish a communication security protection system of the electric power monitoring system, arrange encryption equipment, an isolation device, an anti-virus gateway and a firewall in the system, and improve the security protection level of the system communication, a novel method is needed to realize network security protection virus information identification, calculation and monitoring.
Disclosure of Invention
Aiming at the defects of the technology, the invention discloses a measuring system for a building material for radian marking in the mobile measuring process, which can improve the identification, calculation and monitoring capabilities of network security virus information and the application capability of network security.
In order to achieve the technical effects, the invention adopts the following technical scheme:
a network security protection virus identification and blocking system with an internal operation monitoring function comprises:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network security protection module and a security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network and comprises a network information input module used for inputting network data information; generating a model for generating network security protection virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of a generated model, the output end of the generated model is connected with the input end of a learning model, the output end of the learning model is connected with the input end of a judgment module, and the output end of the judgment module is connected with the input end of an early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
As a further technical solution of the present invention, the custom bus controller includes a total data channel module and a sub data channel module, wherein the total data channel module includes a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register, and a receiving logic module, the receiving logic module is connected to the register, the packet header cache module, and the read response data module, and the sending logic module and the receiving logic module are respectively connected to the sending logic module and the receiving logic module of the sub data channel module.
As a further technical scheme of the invention, the GAN algorithm model realizes the virus judgment of the network data information by the following method;
step one, setting a network data information transfer function:
Figure 574640DEST_PATH_IMAGE001
(1)
in the formula (1), the first and second groups,
Figure 837126DEST_PATH_IMAGE002
representing the virus data information input module in the GAN algorithm model,
Figure 206927DEST_PATH_IMAGE003
representing a virus data information generation model in a GAN algorithm model,
Figure 972889DEST_PATH_IMAGE004
representing the real distribution of the parameter identification of the input network security protection virus information,
Figure 769944DEST_PATH_IMAGE005
representing the distribution of the noise data of the input network security protection virus information,
Figure 254146DEST_PATH_IMAGE006
representing the sampling process of the network security protection virus information data,
Figure 427638DEST_PATH_IMAGE007
representing the distribution probability of the real data of the network security virus information data,
Figure 313686DEST_PATH_IMAGE008
noise data in the network security protection virus information parameter identification data are represented, a game for resisting the network is generated by virus data information through a formula (1), a generation model samples from real data, and a learning model learns according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector is
Figure 281642DEST_PATH_IMAGE009
The corresponding network state is represented as
Figure 229702DEST_PATH_IMAGE010
(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
Figure 941306DEST_PATH_IMAGE011
(2)
in the formula (2), the first and second groups,
Figure 681860DEST_PATH_IMAGE012
is shown in
Figure 820718DEST_PATH_IMAGE013
Time of day
Figure 279512DEST_PATH_IMAGE014
The value of the individual network parameter(s),
Figure 529228DEST_PATH_IMAGE015
representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, for
Figure 389867DEST_PATH_IMAGE016
Normalization is performed, the normalization function being expressed as:
Figure 699626DEST_PATH_IMAGE017
(3)
in the formula (3), the first and second groups,
Figure 645716DEST_PATH_IMAGE018
information indicating network virus occurrenceThe large value, the formula (3) ensures that the input network parameters are worth similar dynamic range, and when the virus information appears in the judgment module, the objective function is recorded as:
Figure 699123DEST_PATH_IMAGE019
(4)
in the formula (4), the first and second groups,
Figure 414269DEST_PATH_IMAGE020
representing the distribution of data generated by the decision module,
Figure 894929DEST_PATH_IMAGE021
indicating that the original network parameters have had a data distribution,
Figure 62737DEST_PATH_IMAGE022
representing the input network security protection virus data set,
Figure 919834DEST_PATH_IMAGE023
a penalty parameter representing a diagnostic model of the presence of virus information,
Figure 489487DEST_PATH_IMAGE024
a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
Figure 141048DEST_PATH_IMAGE025
(5)
in the formula (5), the first and second groups of the chemical reaction materials are selected from the group consisting of,
Figure 389627DEST_PATH_IMAGE026
a predicted value representing the output of the model,
Figure 332306DEST_PATH_IMAGE027
the actual value representing the current network state is calculated and predicted according to the formula (5)The difference therebetween; substituting the predicted value into the loss function to obtain:
Figure 881099DEST_PATH_IMAGE028
(6)
in the formula (6), the first and second groups of the compound,
Figure 844507DEST_PATH_IMAGE029
represents the final loss value of the virus information appearing diagnosis model,
Figure 111540DEST_PATH_IMAGE030
the leaf nodes of the representation model are,
Figure 310441DEST_PATH_IMAGE031
representing the number of leaf nodes of the model,
Figure 589106DEST_PATH_IMAGE032
a regularization parameter is represented as a function of,
Figure 848049DEST_PATH_IMAGE033
Figure 477745DEST_PATH_IMAGE034
and (3) representing the structural parameters of the model, calculating a final loss value through a formula (6), and calculating a network security virus identification result according to the loss value.
As a further technical scheme of the invention, the classification module is a decision tree, the classification attributes of the decision tree are communication nodes, data communication properties, transmission protocols and data transmission quantity, the decision tree nodes are divided by converting decision tree data information into each child node of a decision tree with a binary tree structure, and the conversion method is
Figure 418019DEST_PATH_IMAGE035
Figure 941404DEST_PATH_IMAGE036
Figure 918719DEST_PATH_IMAGE037
And
Figure 894765DEST_PATH_IMAGE038
respectively representing data transmission data information, therein
Figure 435468DEST_PATH_IMAGE039
Figure 954305DEST_PATH_IMAGE040
And
Figure 289471DEST_PATH_IMAGE041
respectively representing the root nodes of the decision tree.
As a further technical scheme of the invention, the isolation module comprises a PFGA main control module, an embedded memory connected with the PFGA main control module, an information filtering module and a communication network interface.
The invention has the following positive beneficial effects: monitoring network security virus information through a monitoring module, controlling network security in real time, identifying network security virus data information through a virus identification module to acquire unsafe factors in a network, and inputting network data information through a network information input module in a specific application process; generating network security protection virus data information through a generation model; learning network security protection virus data information through a learning model; judging whether virus information exists in the input information through a judging module; predicting the input network data information through an early warning module, reminding a user when judging that the network data information has viruses, and transmitting the received data information to a next program when judging that the network data information has no viruses; when information is judged, judging security data information through a GAN algorithm model time network; analyzing the network security virus data information through a risk analysis module; blocking the network security anti-virus data information through a blocking module; and the network security protection virus data information is visually displayed through the visual display module.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without inventive exercise, wherein:
FIG. 1 is a schematic diagram of the overall architecture of the system of the present invention;
FIG. 2 is a schematic diagram of the principle structure of the monitoring module of the present invention;
FIG. 3 is a schematic diagram of the structure of the custom bus controller according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, and it should be understood that the embodiments described herein are merely for the purpose of illustrating and explaining the present invention and are not intended to limit the present invention.
As shown in fig. 1 to fig. 3, a network security virus identification and blocking system with an internal operation monitoring function includes:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network information input module and a network security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network; generating a model for generating network security protection virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of the generated model, the output end of the generated model is connected with the input end of the learning model, the output end of the learning model is connected with the input end of the judging module, and the output end of the judging module is connected with the input end of the early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
As shown in FIG. 2, in the specific embodiment, the ARM control module is an ARM STC12C5A60S2 single-chip microcomputer control module, and the FPGA control module is XC7K325T-2FFG 900C.
The communication controller can simultaneously support a plurality of controllers, point-to-point communication is completed through the communication module and the power supply equipment layer to carry out real-time control, and the control period can reach 500 us. The controller hardware adopts an ARM + FPGA design mode, the main controller uses an STC12C5A60S2 single chip microcomputer, and a 64K program memory and four sixteen-bit timers are integrated inside the main controller.
The FPGA module uses XC7K325T-2FFG900C chips and is provided with 16 high-speed transceivers, each digital channel is provided with two high-speed transceivers, and one FPGA controls the test of 8 digital channels. The development board is provided with 8 GPIO LED indicating lamps, a CPU reset button, 4 DIP switches and a drive rotary encoder switch. The communication module uses a CC2530 communication chip, and internally comprises a high-quality RF transceiver and a 51 kernel, and the internal data storage capacity is 8 KB. The data channel controller in the communication controller combines the self-defined communication protocol, the data sent by the data sender comprises a data head of a control signal and a protocol data packet, and the writing data and the writing address are output from the communication sub-template.
In a specific embodiment, the custom bus controller includes a total data channel module and a sub data channel module, where the total data channel module includes a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register, and a receiving logic module, where the receiving logic module is connected to the register, the packet header cache module, and the read response data module, and the sending logic module and the receiving logic module are respectively connected to the sending logic module and the receiving logic module of the sub data channel module.
As shown in fig. 2, the custom data channel controller includes a timeout detection module, a register, a sending logic module, a receiving logic module, and a buffer module. The overtime detection module is responsible for detecting whether the response time of the data channel is overtime or not and judging whether the channel submodule receives a read-write operation signal in the data channel or not [13] And returning a feedback signal, wherein the register is used for storing the check code of the DATA channel, and when the check code is at TX _ WRI =1 and REQ _ READ =0, the logic state is converted into TX _ DATA, and then the check code is sent to the channel submodule.
As shown in fig. 3, the GAN algorithm model realizes virus judgment of network data information by the following method;
step one, setting a network data information transfer function:
Figure 221655DEST_PATH_IMAGE001
(1)
in the formula (1), the first and second groups of the compound,
Figure 300470DEST_PATH_IMAGE042
representing the virus data information input module in the GAN algorithm model,
Figure 345917DEST_PATH_IMAGE043
representing a virus data information generation model in a GAN algorithm model,
Figure 851985DEST_PATH_IMAGE044
representing the real distribution of the parameter identification of the input network security protection virus information,
Figure 271465DEST_PATH_IMAGE045
representing the distribution of the noise data of the input network security protection virus information,
Figure 153970DEST_PATH_IMAGE046
representing the sampling process of the network security protection virus information data,
Figure 53924DEST_PATH_IMAGE047
representing the real data distribution probability of the network security virus information data,
Figure 996472DEST_PATH_IMAGE048
representing noise data in the network security protection virus information parameter identification data, completing virus data information generation game of the anti-network through a formula (1), sampling a generation model from real data, and learning the learning model according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector is
Figure 309773DEST_PATH_IMAGE049
The corresponding network state is represented as
Figure 730390DEST_PATH_IMAGE050
(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
Figure 406222DEST_PATH_IMAGE051
(2)
in the formula (2), the first and second groups,
Figure 254093DEST_PATH_IMAGE052
is shown in
Figure 726793DEST_PATH_IMAGE013
Time of day
Figure 951101DEST_PATH_IMAGE014
The value of the individual network parameter(s),
Figure 481440DEST_PATH_IMAGE015
representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, for
Figure 641157DEST_PATH_IMAGE053
Normalization is performed, the normalization function being expressed as:
Figure 53684DEST_PATH_IMAGE054
(3)
in the formula (3), the first and second groups,
Figure 363573DEST_PATH_IMAGE055
the maximum value of the network virus information is represented, the dynamic range of the input network parameter values is ensured to be similar through a formula (3), and when the virus information appears in a judgment module, an objective function is recorded as:
Figure 545156DEST_PATH_IMAGE056
(4)
in the formula (4), the first and second groups,
Figure 203670DEST_PATH_IMAGE020
representing the distribution of data generated by the decision module,
Figure 103493DEST_PATH_IMAGE021
indicating that the original network parameters have had a data distribution,
Figure 217074DEST_PATH_IMAGE022
representing the input network security protection virus data set,
Figure 253163DEST_PATH_IMAGE057
a penalty parameter representing a diagnostic model of the presence of virus information,
Figure 82579DEST_PATH_IMAGE024
a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
Figure 469698DEST_PATH_IMAGE025
(5)
in the formula (5), the first and second groups,
Figure 449286DEST_PATH_IMAGE026
a predicted value representing the output of the model,
Figure 605461DEST_PATH_IMAGE027
the difference between the actual value representing the current network state and the predicted value is calculated through a formula (5); substituting the predicted value into the loss function to obtain:
Figure 949986DEST_PATH_IMAGE058
(6)
in the formula (6), the first and second groups,
Figure 762084DEST_PATH_IMAGE029
the final loss value of the diagnostic model representing the virus information,
Figure 935576DEST_PATH_IMAGE030
the leaf nodes of the representation model are,
Figure 821624DEST_PATH_IMAGE059
representing the number of leaf nodes of the model,
Figure 789580DEST_PATH_IMAGE060
a regularization parameter is represented as a function of,
Figure 784516DEST_PATH_IMAGE061
Figure 230541DEST_PATH_IMAGE062
and (3) representing the structural parameters of the model, calculating a final loss value through a formula (6), and calculating a network security virus identification result according to the loss value.
In a specific embodiment, a Generative Adaptive Networks (GAN) is a deep Generative model based on antagonistic learning, and conventional Generative models such as naive bayes, HMMs, and the like, which adopt a shallow structure, tend to perform poorly when encountering some complex problems involving natural signals (such as human language, natural images, and visual scenes) due to their limited modeling and representing capabilities. In a particular embodiment, the training process for GAN is implemented as follows.
Figure 236674DEST_PATH_IMAGE063
In other embodiments, a convolution structure can be introduced into the generator and the discriminator to improve network security virus identification. In the original GAN network, compared with other generative models, the competing method of GAN does not require an assumed data distribution any more, i.e., does not need formulation p (x), but directly samples and samples using a distribution, thereby really achieving the advantage that the GAN can completely approximate real data theoretically, which is also the largest advantage of GAN. And generating corresponding numbers according to the label condition information. The input of the generative model is a 100-dimensional noise vector subject to uniform distribution, and the condition variable y is the one hot code of the class label. Noise z and label y are mapped to hidden layers (200 and 1000 units, respectively) and all units are joined before mapping to the second layer. There is finally an output (784 dimensions) of the sigmoid-generated model, i.e. a single-channel image of 28 x 28. The convolutional network is introduced into the generative model to perform unsupervised training, and the learning effect of the generative network is improved by utilizing the strong feature extraction capability of the convolutional network. Except for the output layer of the generator model and the input layer of the discriminator model, BatchNormal is used on other layers of the network, and BN is used for stable learning, thereby being beneficial to processing training problems caused by poor initialization.
In the above embodiment, the classification module is a decision tree, the classification attributes of the decision tree are communication nodes, data communication properties, transmission protocols and data transmission amounts, the decision tree nodes are divided by converting decision tree data information into each child node of a decision tree with a binary tree structure, and the conversion method is
Figure 375531DEST_PATH_IMAGE064
Wherein
Figure 506429DEST_PATH_IMAGE036
Figure 756145DEST_PATH_IMAGE037
And
Figure 944681DEST_PATH_IMAGE038
respectively representing data transmission data information, therein
Figure 254439DEST_PATH_IMAGE039
Figure 200530DEST_PATH_IMAGE040
And
Figure 253937DEST_PATH_IMAGE041
respectively representing the decision tree root nodes.
In a specific embodiment, for example, a calculation formula of the similarity degree Simn of the non-numerical network security protection virus data information elements is shown in formula 7:
Figure 969083DEST_PATH_IMAGE065
(7)
in the formula (7), the first and second groups,
Figure 449743DEST_PATH_IMAGE066
representing the similarity degree of non-numerical network security protection virus data information elements,
Figure 617550DEST_PATH_IMAGE067
and representing data information nodes in the network book interaction process.
The calculation formula of the element similarity Simn performed with respect to the numerical element is shown in formula 2:
Figure 474648DEST_PATH_IMAGE068
(8)
in the formula (8), wherein
Figure 44300DEST_PATH_IMAGE069
And
Figure 571228DEST_PATH_IMAGE070
is a numerical value expressed by the vertical discriminant as the upper and lower limits,
Figure 616544DEST_PATH_IMAGE071
the maximum similarity that the security network data communication can tolerate is represented.
The similarity of the sub-schemes of the decision tree can be calculated by calculating the average value of the similarity of each element
Figure 887120DEST_PATH_IMAGE072
As shown in equation 9:
Figure 435913DEST_PATH_IMAGE073
(9)
in equation (9), the similarity equation of the two decision trees can be calculated by calculating the similarity of the sub-schemes, as shown in equation 10:
Figure 399320DEST_PATH_IMAGE074
(10)
in equation (10), the similarity between any two decision trees can be established by calculating the similarity between all decision trees in the random forest algorithm, as shown in equation 11:
Figure 666354DEST_PATH_IMAGE075
(11)
in equation (11), where the matrix can be found by observing the random forest algorithm similarity matrix
Figure 475041DEST_PATH_IMAGE076
In (A) represents
Figure 143920DEST_PATH_IMAGE077
And
Figure 278229DEST_PATH_IMAGE078
the similarity of the decision trees and the similarity matrix of the algorithm are analyzed, so that a better result can be selected to realize the integration of the decision trees. And measuring the data condition of the network security protection virus data information element in the transmission process according to the data information of the set root node or the child node.
In the above embodiment, the isolation module includes a PFGA master control module, and an embedded memory, an information filtering module, and a communication network interface that are connected to the PFGA master control module.
The invention uses EP4CE115F29C7N as a main control chip of an isolating device, has 594 embedded memories, has up to 20 global clock networks and carries 2 communication network interfaces
The network security control system and the monitoring information system carry out virus information isolation communication by using an isolation module, and communication messages are sent out by a client of the control system and input through an Ethernet port. The sending module packages the communication data, sends the communication data to the sending FIFO module after verification, and finally sends the communication data to the management system client through the Ethernet port.
The receiving module in the one-way isolation channel is used for receiving messages sent by a monitoring side or a control side of the network security control system, analyzing the received message information, judging whether the structure and the format of the data meet the requirements or not, and receiving and caching the data meeting the requirements into the receiving FIFO module. The receiving FIFO module buffers continuous data flow in the system to prevent data loss, and the storage process does not directly carry out writing and reading operations on the message data without any processing. The CRC is used in the check module, the detection capability is stronger, the application is wider, the transmitted user data bit sequence is used as the coefficient of a polynomial, and the generated polynomial is different in the residue when the transmission is wrong. The data sent by the sending end is
Figure 766979DEST_PATH_IMAGE079
Generating a polynomial to shift the polynomial of the information code by k bits to the left, performing bitwise addition and subtraction operation, and obtaining a remainder as a check code, which can be expressed as:
Figure 644936DEST_PATH_IMAGE080
(12)
in the formula (12), the first and second groups,
Figure 168322DEST_PATH_IMAGE081
in order to generate the polynomial expression,
Figure 207953DEST_PATH_IMAGE082
in order to check the code, the code is checked,
Figure 449578DEST_PATH_IMAGE083
in order to be a quotient,
Figure 865647DEST_PATH_IMAGE084
the highest power value of the production polynomial. And an output interface of the sending module is used as a receiving interface of the checking module, and the checking code is generated and then output to the data sending module. Isolation ofThe module plays an important role in the one-way isolation channel and judges communication data. And judging the range of the source IP address, and inquiring whether the received IP address is in a credible safe communication range. Judging the message type and the danger level according to the received communication message, and replacing the user communication data with the user communication data if the message type is a high-risk instruction
Figure 243539DEST_PATH_IMAGE085
The output of (2) is sent out after passing through the check module.
Although specific embodiments of the present invention have been described above, it will be understood by those skilled in the art that these specific embodiments are merely illustrative and that various omissions, substitutions and changes in the form of the detail of the methods and systems described above may be made by those skilled in the art without departing from the spirit and scope of the invention. For example, it is within the scope of the present invention to combine the steps of the above-described methods to perform substantially the same function in substantially the same way to achieve substantially the same result. Accordingly, the scope of the invention is to be limited only by the following claims.

Claims (5)

1. The utility model provides a network security protection virus identification hinders system with inside operation monitoring function which characterized in that: the method comprises the following steps:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network security protection module and a security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network and comprises a network information input module used for inputting network data information; generating a model for generating network security virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of the generated model, the output end of the generated model is connected with the input end of the learning model, the output end of the learning model is connected with the input end of the judging module, and the output end of the judging module is connected with the input end of the early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
2. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the custom bus controller comprises a total data channel module and a sub-data channel module, wherein the total data channel module comprises a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register and a receiving logic module, the receiving logic module is connected with the register, the packet header cache module and a read response data module, and the sending logic module and the receiving logic module are respectively connected with the sending logic module and the receiving logic module of the sub-data channel module.
3. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the GAN algorithm model realizes virus judgment of network data information by the following method;
step one, setting a network data information transfer function:
Figure 328594DEST_PATH_IMAGE001
(1)
in the formula (1), the first and second groups of the compound,
Figure 245735DEST_PATH_IMAGE002
representing the virus data information input module in the GAN algorithm model,
Figure 900838DEST_PATH_IMAGE003
representing a virus data information generation model in a GAN algorithm model,
Figure 296047DEST_PATH_IMAGE004
representing the real distribution of the parameter identification of the input network security protection virus information,
Figure 985786DEST_PATH_IMAGE005
representing the distribution of the noise data of the input network security protection virus information,
Figure 683615DEST_PATH_IMAGE006
showing the sampling process of the network security virus information data,
Figure 950648DEST_PATH_IMAGE007
representing the distribution probability of the real data of the network security virus information data,
Figure 24914DEST_PATH_IMAGE008
representing noise data in the network security protection virus information parameter identification data, completing virus data information generation game of the anti-network through a formula (1), sampling a generation model from real data, and learning the learning model according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector is
Figure 569159DEST_PATH_IMAGE009
The corresponding network state is represented as
Figure 562523DEST_PATH_IMAGE010
(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
Figure 192219DEST_PATH_IMAGE011
(2)
in the formula (2), the first and second groups of the compound,
Figure 929230DEST_PATH_IMAGE012
is shown in
Figure 327982DEST_PATH_IMAGE013
Time of day
Figure 757826DEST_PATH_IMAGE014
The value of the individual network parameter(s),
Figure 874818DEST_PATH_IMAGE015
representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, for
Figure 149941DEST_PATH_IMAGE016
Normalization is performed, the normalization function being expressed as:
Figure 668779DEST_PATH_IMAGE017
(3)
in the formula (3), the first and second groups,
Figure 3945DEST_PATH_IMAGE018
the maximum value of the network virus information is represented, the dynamic range of the input network parameter values is ensured to be similar through a formula (3), and when the virus information appears in a judgment module, an objective function is recorded as:
Figure 608233DEST_PATH_IMAGE019
(4)
in the formula (4), the first and second groups of the chemical reaction are shown in the specification,
Figure 687047DEST_PATH_IMAGE020
representing the distribution of data generated by the decision module,
Figure 60391DEST_PATH_IMAGE021
indicating that the original network parameters have had a data distribution,
Figure 832038DEST_PATH_IMAGE022
representing the input network security protection virus data set,
Figure 658042DEST_PATH_IMAGE023
a penalty parameter representing a diagnostic model of the presence of virus information,
Figure 540548DEST_PATH_IMAGE024
a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
Figure 768398DEST_PATH_IMAGE025
(5)
in the formula (5), the first and second groups,
Figure 710946DEST_PATH_IMAGE026
a predicted value representing the output of the model,
Figure 24247DEST_PATH_IMAGE027
the difference between the actual value representing the current network state and the predicted value is calculated through a formula (5); substituting the predicted value into the loss function to obtain:
Figure 444864DEST_PATH_IMAGE028
(6)
in the formula (6), the first and second groups,
Figure 792800DEST_PATH_IMAGE029
the final loss value of the diagnostic model representing the virus information,
Figure 906249DEST_PATH_IMAGE030
the leaf nodes of the representation model are,
Figure 706846DEST_PATH_IMAGE031
representing the number of leaf nodes of the model,
Figure 931154DEST_PATH_IMAGE032
a regularization parameter is represented as a function of,
Figure 844580DEST_PATH_IMAGE033
Figure 4297DEST_PATH_IMAGE034
representation modelThe final loss value is calculated through the formula (6), and the network security virus identification result is calculated according to the loss value.
4. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the classification module is decision tree, the classification attribute of the decision tree is communication node, data communication property, transmission protocol and data transmission quantity, the method for dividing the decision tree node is that each child node of the decision tree with binary tree structure is converted from decision tree data information, and the conversion method is that
Figure 416824DEST_PATH_IMAGE035
Wherein
Figure 320189DEST_PATH_IMAGE036
Figure 501771DEST_PATH_IMAGE037
And
Figure 566810DEST_PATH_IMAGE038
respectively representing data transmission data information, therein
Figure 466633DEST_PATH_IMAGE039
Figure 908110DEST_PATH_IMAGE040
And
Figure 209778DEST_PATH_IMAGE041
respectively representing the decision tree root nodes.
5. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the isolation module comprises a PFGA main control module, an embedded memory connected with the PFGA main control module, an information filtering module and a communication network interface.
CN202210854849.XA 2022-07-20 2022-07-20 Network security virus identification and blocking system with internal operation monitoring function Pending CN115086074A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210854849.XA CN115086074A (en) 2022-07-20 2022-07-20 Network security virus identification and blocking system with internal operation monitoring function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210854849.XA CN115086074A (en) 2022-07-20 2022-07-20 Network security virus identification and blocking system with internal operation monitoring function

Publications (1)

Publication Number Publication Date
CN115086074A true CN115086074A (en) 2022-09-20

Family

ID=83258987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210854849.XA Pending CN115086074A (en) 2022-07-20 2022-07-20 Network security virus identification and blocking system with internal operation monitoring function

Country Status (1)

Country Link
CN (1) CN115086074A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288086A1 (en) * 2017-04-03 2018-10-04 Royal Bank Of Canada Systems and methods for cyberbot network detection
US20210211438A1 (en) * 2020-01-07 2021-07-08 International Business Machines Corporation Providing network security through autonomous simulated environments
CN113158190A (en) * 2021-04-30 2021-07-23 河北师范大学 Malicious code countermeasure sample automatic generation method based on generation type countermeasure network
CN114726634A (en) * 2022-04-14 2022-07-08 北京金睛云华科技有限公司 Hacker attack scene construction method and equipment based on knowledge graph

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288086A1 (en) * 2017-04-03 2018-10-04 Royal Bank Of Canada Systems and methods for cyberbot network detection
US20210211438A1 (en) * 2020-01-07 2021-07-08 International Business Machines Corporation Providing network security through autonomous simulated environments
CN113158190A (en) * 2021-04-30 2021-07-23 河北师范大学 Malicious code countermeasure sample automatic generation method based on generation type countermeasure network
CN114726634A (en) * 2022-04-14 2022-07-08 北京金睛云华科技有限公司 Hacker attack scene construction method and equipment based on knowledge graph

Non-Patent Citations (11)

* Cited by examiner, † Cited by third party
Title
ALEC RADFORD ETAL.: "Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks", 《ARXIV》 *
BIXIWEN_LIU: "GAN:生成式对抗网络介绍和其优缺点以及研究现状", 《CSDN博客》 *
IAN J. GOODFELLOW ETAL.: "Generative Adversarial Networks", 《ARXIV》 *
MICROSEMI: "PB0115", 《PRODUCT BRIEF SMARTFUSION2 SOC FPGA》 *
SOLOMON1588: "生成式对抗网络GAN研究进展(二)——原始GAN", 《CSDN博客》 *
朱晓荣: "基于GAN的异构无线网络故障检测与诊断算法", 《通信学报》 *
李波: "应用计算机技术实现临床医学信息分析的方法", 《信息技术》 *
熊峰: "基于FPGA的工业网络数据监控隔离装置研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 *
王代华著: "《PIC单片机及其嵌入式应用》", 1 January 2013, 国防工业出版社 *
陈小虾: "GAN的系列经典模型讲解", 《CSDN博客》 *
鲁俊良: "基于深度学习的URL检测与生成技术的研究与实现", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 *

Similar Documents

Publication Publication Date Title
CN111262722B (en) Safety monitoring method for industrial control system network
EP3635914B1 (en) Anomaly detection in computer networks
WO2022052476A1 (en) Training method for detection model, system, device, and storage medium
WO2022037130A1 (en) Network traffic anomaly detection method and apparatus, and electronic apparatus and storage medium
CN112333194B (en) GRU-CNN-based comprehensive energy network security attack detection method
Wei et al. Federated learning empowered end-edge-cloud cooperation for 5G HetNet security
Shang et al. Modbus/TCP communication anomaly detection based on PSO-SVM
CN111181930A (en) DDoS attack detection method, device, computer equipment and storage medium
CN112385196A (en) System and method for reporting computer security incidents
Hameed et al. IOTA-based Mobile crowd sensing: detection of fake sensing using logit-boosted machine learning algorithms
CN115567269A (en) Internet of things anomaly detection method and system based on federal learning and deep learning
Gao et al. Federated learning based on CTC for heterogeneous internet of things
CN115086074A (en) Network security virus identification and blocking system with internal operation monitoring function
Guo et al. FullSight: A feasible intelligent and collaborative framework for service function chains failure detection
CN115189863A (en) E-commerce transaction information management system based on block chain network architecture
Sathar et al. Mitigating IEC-60870-5-104 vulnerabilities: Anomaly detection in smart grid based on LSTM autoencoder
CN113938292A (en) Vulnerability attack flow detection method and detection system based on concept drift
CN106354100A (en) Operation-maintenance auditing method and device for numerical control machine tool
Ezeh et al. An SDN controller-based framework for anomaly detection using a GAN ensemble algorithm
CN116743508B (en) Method, device, equipment and medium for detecting network attack chain of power system
CN111142493A (en) Heterogeneous data acquisition device and method for industrial safety supervision
JP2004153810A (en) Method for managing memory resource in data network testing device
CN112511558B (en) Electromechanical device measurement and control system based on Internet of things
Huang et al. Research on Big Data Center System Based on Computer Internet Technology
CN114861834B (en) Method for continuously updating data information of big data storage system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220920

RJ01 Rejection of invention patent application after publication