CN115086074A - Network security virus identification and blocking system with internal operation monitoring function - Google Patents
Network security virus identification and blocking system with internal operation monitoring function Download PDFInfo
- Publication number
- CN115086074A CN115086074A CN202210854849.XA CN202210854849A CN115086074A CN 115086074 A CN115086074 A CN 115086074A CN 202210854849 A CN202210854849 A CN 202210854849A CN 115086074 A CN115086074 A CN 115086074A
- Authority
- CN
- China
- Prior art keywords
- module
- virus
- network
- data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 138
- 238000012544 monitoring process Methods 0.000 title claims abstract description 31
- 230000000903 blocking effect Effects 0.000 title claims abstract description 30
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 20
- 238000012502 risk assessment Methods 0.000 claims abstract description 14
- 230000000007 visual effect Effects 0.000 claims abstract description 9
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 6
- 230000006854 communication Effects 0.000 claims description 41
- 238000004891 communication Methods 0.000 claims description 40
- 230000006870 function Effects 0.000 claims description 28
- 238000003066 decision tree Methods 0.000 claims description 24
- 238000000034 method Methods 0.000 claims description 23
- 238000009826 distribution Methods 0.000 claims description 20
- 238000002955 isolation Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000015654 memory Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000005070 sampling Methods 0.000 claims description 5
- 150000001875 compounds Chemical class 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 abstract description 5
- 238000005259 measurement Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 239000000872 buffer Substances 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000007637 random forest analysis Methods 0.000 description 2
- 102000002274 Matrix Metalloproteinases Human genes 0.000 description 1
- 108010000684 Matrix Metalloproteinases Proteins 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000003042 antagnostic effect Effects 0.000 description 1
- 239000004566 building material Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000009827 uniform distribution Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/088—Non-supervised learning, e.g. competitive learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Databases & Information Systems (AREA)
- Mathematical Analysis (AREA)
- Medical Informatics (AREA)
- Algebra (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Molecular Biology (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security virus identification and blocking system with an internal operation monitoring function, which relates to the technical field of measurement and solves the technical problems of network security virus identification and blocking, wherein network security virus information is monitored through a monitoring module, network security virus data information is identified through a virus identification module, and network data information is input through a network information input module; generating network security protection virus data information through a generation model; judging security data information through a GAN algorithm model time network; analyzing the network security virus data information through a risk analysis module; blocking the network security anti-virus data information through a blocking module; and the network security protection virus data information is visually displayed through the visual display module. The invention can improve the identification, calculation and monitoring capabilities of network security virus information and improve the application capability of network security.
Description
Technical Field
The invention relates to the technical field of measurement, in particular to a network security virus identification and blocking system with an internal operation monitoring function.
Background
The prior art provides certain defense measures for defending network threats, such as encryption in the information interaction process, although threat information defense can also be improved, continuous encryption and decryption are required in the application process, and the application process is troublesome.
In order to prevent the electric power monitoring system from being affected by security holes and malicious programs, ensure the data security in the communication process of the system, establish a communication security protection system of the electric power monitoring system, arrange encryption equipment, an isolation device, an anti-virus gateway and a firewall in the system, and improve the security protection level of the system communication, a novel method is needed to realize network security protection virus information identification, calculation and monitoring.
Disclosure of Invention
Aiming at the defects of the technology, the invention discloses a measuring system for a building material for radian marking in the mobile measuring process, which can improve the identification, calculation and monitoring capabilities of network security virus information and the application capability of network security.
In order to achieve the technical effects, the invention adopts the following technical scheme:
a network security protection virus identification and blocking system with an internal operation monitoring function comprises:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network security protection module and a security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network and comprises a network information input module used for inputting network data information; generating a model for generating network security protection virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of a generated model, the output end of the generated model is connected with the input end of a learning model, the output end of the learning model is connected with the input end of a judgment module, and the output end of the judgment module is connected with the input end of an early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
As a further technical solution of the present invention, the custom bus controller includes a total data channel module and a sub data channel module, wherein the total data channel module includes a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register, and a receiving logic module, the receiving logic module is connected to the register, the packet header cache module, and the read response data module, and the sending logic module and the receiving logic module are respectively connected to the sending logic module and the receiving logic module of the sub data channel module.
As a further technical scheme of the invention, the GAN algorithm model realizes the virus judgment of the network data information by the following method;
step one, setting a network data information transfer function:
in the formula (1), the first and second groups,representing the virus data information input module in the GAN algorithm model,representing a virus data information generation model in a GAN algorithm model,representing the real distribution of the parameter identification of the input network security protection virus information,representing the distribution of the noise data of the input network security protection virus information,representing the sampling process of the network security protection virus information data,representing the distribution probability of the real data of the network security virus information data,noise data in the network security protection virus information parameter identification data are represented, a game for resisting the network is generated by virus data information through a formula (1), a generation model samples from real data, and a learning model learns according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector isThe corresponding network state is represented as(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
in the formula (2), the first and second groups,is shown inTime of dayThe value of the individual network parameter(s),representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, forNormalization is performed, the normalization function being expressed as:
in the formula (3), the first and second groups,information indicating network virus occurrenceThe large value, the formula (3) ensures that the input network parameters are worth similar dynamic range, and when the virus information appears in the judgment module, the objective function is recorded as:
in the formula (4), the first and second groups,representing the distribution of data generated by the decision module,indicating that the original network parameters have had a data distribution,representing the input network security protection virus data set,a penalty parameter representing a diagnostic model of the presence of virus information,a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
in the formula (5), the first and second groups of the chemical reaction materials are selected from the group consisting of,a predicted value representing the output of the model,the actual value representing the current network state is calculated and predicted according to the formula (5)The difference therebetween; substituting the predicted value into the loss function to obtain:
in the formula (6), the first and second groups of the compound,represents the final loss value of the virus information appearing diagnosis model,the leaf nodes of the representation model are,representing the number of leaf nodes of the model,a regularization parameter is represented as a function of,、and (3) representing the structural parameters of the model, calculating a final loss value through a formula (6), and calculating a network security virus identification result according to the loss value.
As a further technical scheme of the invention, the classification module is a decision tree, the classification attributes of the decision tree are communication nodes, data communication properties, transmission protocols and data transmission quantity, the decision tree nodes are divided by converting decision tree data information into each child node of a decision tree with a binary tree structure, and the conversion method is,、Andrespectively representing data transmission data information, therein、Andrespectively representing the root nodes of the decision tree.
As a further technical scheme of the invention, the isolation module comprises a PFGA main control module, an embedded memory connected with the PFGA main control module, an information filtering module and a communication network interface.
The invention has the following positive beneficial effects: monitoring network security virus information through a monitoring module, controlling network security in real time, identifying network security virus data information through a virus identification module to acquire unsafe factors in a network, and inputting network data information through a network information input module in a specific application process; generating network security protection virus data information through a generation model; learning network security protection virus data information through a learning model; judging whether virus information exists in the input information through a judging module; predicting the input network data information through an early warning module, reminding a user when judging that the network data information has viruses, and transmitting the received data information to a next program when judging that the network data information has no viruses; when information is judged, judging security data information through a GAN algorithm model time network; analyzing the network security virus data information through a risk analysis module; blocking the network security anti-virus data information through a blocking module; and the network security protection virus data information is visually displayed through the visual display module.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without inventive exercise, wherein:
FIG. 1 is a schematic diagram of the overall architecture of the system of the present invention;
FIG. 2 is a schematic diagram of the principle structure of the monitoring module of the present invention;
FIG. 3 is a schematic diagram of the structure of the custom bus controller according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, and it should be understood that the embodiments described herein are merely for the purpose of illustrating and explaining the present invention and are not intended to limit the present invention.
As shown in fig. 1 to fig. 3, a network security virus identification and blocking system with an internal operation monitoring function includes:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network information input module and a network security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network; generating a model for generating network security protection virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of the generated model, the output end of the generated model is connected with the input end of the learning model, the output end of the learning model is connected with the input end of the judging module, and the output end of the judging module is connected with the input end of the early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
As shown in FIG. 2, in the specific embodiment, the ARM control module is an ARM STC12C5A60S2 single-chip microcomputer control module, and the FPGA control module is XC7K325T-2FFG 900C.
The communication controller can simultaneously support a plurality of controllers, point-to-point communication is completed through the communication module and the power supply equipment layer to carry out real-time control, and the control period can reach 500 us. The controller hardware adopts an ARM + FPGA design mode, the main controller uses an STC12C5A60S2 single chip microcomputer, and a 64K program memory and four sixteen-bit timers are integrated inside the main controller.
The FPGA module uses XC7K325T-2FFG900C chips and is provided with 16 high-speed transceivers, each digital channel is provided with two high-speed transceivers, and one FPGA controls the test of 8 digital channels. The development board is provided with 8 GPIO LED indicating lamps, a CPU reset button, 4 DIP switches and a drive rotary encoder switch. The communication module uses a CC2530 communication chip, and internally comprises a high-quality RF transceiver and a 51 kernel, and the internal data storage capacity is 8 KB. The data channel controller in the communication controller combines the self-defined communication protocol, the data sent by the data sender comprises a data head of a control signal and a protocol data packet, and the writing data and the writing address are output from the communication sub-template.
In a specific embodiment, the custom bus controller includes a total data channel module and a sub data channel module, where the total data channel module includes a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register, and a receiving logic module, where the receiving logic module is connected to the register, the packet header cache module, and the read response data module, and the sending logic module and the receiving logic module are respectively connected to the sending logic module and the receiving logic module of the sub data channel module.
As shown in fig. 2, the custom data channel controller includes a timeout detection module, a register, a sending logic module, a receiving logic module, and a buffer module. The overtime detection module is responsible for detecting whether the response time of the data channel is overtime or not and judging whether the channel submodule receives a read-write operation signal in the data channel or not [13] And returning a feedback signal, wherein the register is used for storing the check code of the DATA channel, and when the check code is at TX _ WRI =1 and REQ _ READ =0, the logic state is converted into TX _ DATA, and then the check code is sent to the channel submodule.
As shown in fig. 3, the GAN algorithm model realizes virus judgment of network data information by the following method;
step one, setting a network data information transfer function:
in the formula (1), the first and second groups of the compound,representing the virus data information input module in the GAN algorithm model,representing a virus data information generation model in a GAN algorithm model,representing the real distribution of the parameter identification of the input network security protection virus information,representing the distribution of the noise data of the input network security protection virus information,representing the sampling process of the network security protection virus information data,representing the real data distribution probability of the network security virus information data,representing noise data in the network security protection virus information parameter identification data, completing virus data information generation game of the anti-network through a formula (1), sampling a generation model from real data, and learning the learning model according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector isThe corresponding network state is represented as(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
in the formula (2), the first and second groups,is shown inTime of dayThe value of the individual network parameter(s),representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, forNormalization is performed, the normalization function being expressed as:
in the formula (3), the first and second groups,the maximum value of the network virus information is represented, the dynamic range of the input network parameter values is ensured to be similar through a formula (3), and when the virus information appears in a judgment module, an objective function is recorded as:
in the formula (4), the first and second groups,representing the distribution of data generated by the decision module,indicating that the original network parameters have had a data distribution,representing the input network security protection virus data set,a penalty parameter representing a diagnostic model of the presence of virus information,a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
in the formula (5), the first and second groups,a predicted value representing the output of the model,the difference between the actual value representing the current network state and the predicted value is calculated through a formula (5); substituting the predicted value into the loss function to obtain:
in the formula (6), the first and second groups,the final loss value of the diagnostic model representing the virus information,the leaf nodes of the representation model are,representing the number of leaf nodes of the model,a regularization parameter is represented as a function of,、and (3) representing the structural parameters of the model, calculating a final loss value through a formula (6), and calculating a network security virus identification result according to the loss value.
In a specific embodiment, a Generative Adaptive Networks (GAN) is a deep Generative model based on antagonistic learning, and conventional Generative models such as naive bayes, HMMs, and the like, which adopt a shallow structure, tend to perform poorly when encountering some complex problems involving natural signals (such as human language, natural images, and visual scenes) due to their limited modeling and representing capabilities. In a particular embodiment, the training process for GAN is implemented as follows.
In other embodiments, a convolution structure can be introduced into the generator and the discriminator to improve network security virus identification. In the original GAN network, compared with other generative models, the competing method of GAN does not require an assumed data distribution any more, i.e., does not need formulation p (x), but directly samples and samples using a distribution, thereby really achieving the advantage that the GAN can completely approximate real data theoretically, which is also the largest advantage of GAN. And generating corresponding numbers according to the label condition information. The input of the generative model is a 100-dimensional noise vector subject to uniform distribution, and the condition variable y is the one hot code of the class label. Noise z and label y are mapped to hidden layers (200 and 1000 units, respectively) and all units are joined before mapping to the second layer. There is finally an output (784 dimensions) of the sigmoid-generated model, i.e. a single-channel image of 28 x 28. The convolutional network is introduced into the generative model to perform unsupervised training, and the learning effect of the generative network is improved by utilizing the strong feature extraction capability of the convolutional network. Except for the output layer of the generator model and the input layer of the discriminator model, BatchNormal is used on other layers of the network, and BN is used for stable learning, thereby being beneficial to processing training problems caused by poor initialization.
In the above embodiment, the classification module is a decision tree, the classification attributes of the decision tree are communication nodes, data communication properties, transmission protocols and data transmission amounts, the decision tree nodes are divided by converting decision tree data information into each child node of a decision tree with a binary tree structure, and the conversion method isWherein、Andrespectively representing data transmission data information, therein、Andrespectively representing the decision tree root nodes.
In a specific embodiment, for example, a calculation formula of the similarity degree Simn of the non-numerical network security protection virus data information elements is shown in formula 7:
in the formula (7), the first and second groups,representing the similarity degree of non-numerical network security protection virus data information elements,and representing data information nodes in the network book interaction process.
The calculation formula of the element similarity Simn performed with respect to the numerical element is shown in formula 2:
in the formula (8), whereinAndis a numerical value expressed by the vertical discriminant as the upper and lower limits,the maximum similarity that the security network data communication can tolerate is represented.
The similarity of the sub-schemes of the decision tree can be calculated by calculating the average value of the similarity of each elementAs shown in equation 9:
in equation (9), the similarity equation of the two decision trees can be calculated by calculating the similarity of the sub-schemes, as shown in equation 10:
in equation (10), the similarity between any two decision trees can be established by calculating the similarity between all decision trees in the random forest algorithm, as shown in equation 11:
in equation (11), where the matrix can be found by observing the random forest algorithm similarity matrixIn (A) representsAndthe similarity of the decision trees and the similarity matrix of the algorithm are analyzed, so that a better result can be selected to realize the integration of the decision trees. And measuring the data condition of the network security protection virus data information element in the transmission process according to the data information of the set root node or the child node.
In the above embodiment, the isolation module includes a PFGA master control module, and an embedded memory, an information filtering module, and a communication network interface that are connected to the PFGA master control module.
The invention uses EP4CE115F29C7N as a main control chip of an isolating device, has 594 embedded memories, has up to 20 global clock networks and carries 2 communication network interfaces
The network security control system and the monitoring information system carry out virus information isolation communication by using an isolation module, and communication messages are sent out by a client of the control system and input through an Ethernet port. The sending module packages the communication data, sends the communication data to the sending FIFO module after verification, and finally sends the communication data to the management system client through the Ethernet port.
The receiving module in the one-way isolation channel is used for receiving messages sent by a monitoring side or a control side of the network security control system, analyzing the received message information, judging whether the structure and the format of the data meet the requirements or not, and receiving and caching the data meeting the requirements into the receiving FIFO module. The receiving FIFO module buffers continuous data flow in the system to prevent data loss, and the storage process does not directly carry out writing and reading operations on the message data without any processing. The CRC is used in the check module, the detection capability is stronger, the application is wider, the transmitted user data bit sequence is used as the coefficient of a polynomial, and the generated polynomial is different in the residue when the transmission is wrong. The data sent by the sending end isGenerating a polynomial to shift the polynomial of the information code by k bits to the left, performing bitwise addition and subtraction operation, and obtaining a remainder as a check code, which can be expressed as:
in the formula (12), the first and second groups,in order to generate the polynomial expression,in order to check the code, the code is checked,in order to be a quotient,the highest power value of the production polynomial. And an output interface of the sending module is used as a receiving interface of the checking module, and the checking code is generated and then output to the data sending module. Isolation ofThe module plays an important role in the one-way isolation channel and judges communication data. And judging the range of the source IP address, and inquiring whether the received IP address is in a credible safe communication range. Judging the message type and the danger level according to the received communication message, and replacing the user communication data with the user communication data if the message type is a high-risk instructionThe output of (2) is sent out after passing through the check module.
Although specific embodiments of the present invention have been described above, it will be understood by those skilled in the art that these specific embodiments are merely illustrative and that various omissions, substitutions and changes in the form of the detail of the methods and systems described above may be made by those skilled in the art without departing from the spirit and scope of the invention. For example, it is within the scope of the present invention to combine the steps of the above-described methods to perform substantially the same function in substantially the same way to achieve substantially the same result. Accordingly, the scope of the invention is to be limited only by the following claims.
Claims (5)
1. The utility model provides a network security protection virus identification hinders system with inside operation monitoring function which characterized in that: the method comprises the following steps:
the monitoring module is used for monitoring network security virus information and controlling network security in real time, and comprises an ARM control module and an FPGA control module, wherein the ARM control module is provided with a clock module, a debugging module, a memory configuration module, a communication serial port and a control interface in a connecting manner, the FPGA control module is provided with a self-defined bus controller, a data flow controller, an SRIO controller and an FIFO interface, and the FPGA control module is also provided with a JTAG interface, a UART bridge, a bus switch, a linear flash memory and a channel connector which are arranged through a channel sub-module in a connecting manner;
the system comprises a virus identification module, a network security protection module and a security protection module, wherein the virus identification module is used for identifying network security protection virus data information so as to acquire unsafe factors in a network and comprises a network information input module used for inputting network data information; generating a model for generating network security virus data information; the learning model is used for learning network security protection virus data information; the judging module is used for judging whether the input information contains virus information or not; the early warning module is used for predicting the input network data information, reminding a user when judging that the network data information has viruses, and transmitting the received data information to the next program when judging that the network data information has no viruses; the judgment module comprises a GAN algorithm model; the output end of the network information input module is connected with the input end of the generated model, the output end of the generated model is connected with the input end of the learning model, the output end of the learning model is connected with the input end of the judging module, and the output end of the judging module is connected with the input end of the early warning module;
the risk analysis module is used for analyzing the network security virus data information; the risk analysis module comprises a classification module;
the blocking module is used for blocking network security and anti-virus data information; the blocking module comprises an isolation module;
the visual display module is used for visually displaying network security and protection virus data information and comprises a display screen and a wireless communication module connected with the display screen;
the output end of the monitoring module is connected with the input end of the virus identification module, the output end of the virus identification module is connected with the input end of the risk analysis module, the output end of the risk analysis module is connected with the input end of the blocking module, and the output end of the blocking module is connected with the input end of the visual display module.
2. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the custom bus controller comprises a total data channel module and a sub-data channel module, wherein the total data channel module comprises a packet header cache module, a write data cache module, a sending logic module, an overtime detection module, a register and a receiving logic module, the receiving logic module is connected with the register, the packet header cache module and a read response data module, and the sending logic module and the receiving logic module are respectively connected with the sending logic module and the receiving logic module of the sub-data channel module.
3. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the GAN algorithm model realizes virus judgment of network data information by the following method;
step one, setting a network data information transfer function:
in the formula (1), the first and second groups of the compound,representing the virus data information input module in the GAN algorithm model,representing a virus data information generation model in a GAN algorithm model,representing the real distribution of the parameter identification of the input network security protection virus information,representing the distribution of the noise data of the input network security protection virus information,showing the sampling process of the network security virus information data,representing the distribution probability of the real data of the network security virus information data,representing noise data in the network security protection virus information parameter identification data, completing virus data information generation game of the anti-network through a formula (1), sampling a generation model from real data, and learning the learning model according to the distribution rule of the real data;
step two, judging the input virus data information;
the network security protection virus information input vector isThe corresponding network state is represented as(ii) a When the network security communication has virus data information, the network state of the virus data information is expressed as follows:
in the formula (2), the first and second groups of the compound,is shown inTime of dayThe value of the individual network parameter(s),representing the occurrence duration of virus information, formula (2) representing the state vector when the virus information occurs in the network, when the vector is input into the GAN algorithm model, forNormalization is performed, the normalization function being expressed as:
in the formula (3), the first and second groups,the maximum value of the network virus information is represented, the dynamic range of the input network parameter values is ensured to be similar through a formula (3), and when the virus information appears in a judgment module, an objective function is recorded as:
in the formula (4), the first and second groups of the chemical reaction are shown in the specification,representing the distribution of data generated by the decision module,indicating that the original network parameters have had a data distribution,representing the input network security protection virus data set,a penalty parameter representing a diagnostic model of the presence of virus information,a penalty term coefficient representing the model is obtained through a formula (4) to obtain an optimized objective function;
step three, comparing the difference between the predicted network state and the real network state, and expressing as:
in the formula (5), the first and second groups,a predicted value representing the output of the model,the difference between the actual value representing the current network state and the predicted value is calculated through a formula (5); substituting the predicted value into the loss function to obtain:
in the formula (6), the first and second groups,the final loss value of the diagnostic model representing the virus information,the leaf nodes of the representation model are,representing the number of leaf nodes of the model,a regularization parameter is represented as a function of,、representation modelThe final loss value is calculated through the formula (6), and the network security virus identification result is calculated according to the loss value.
4. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the classification module is decision tree, the classification attribute of the decision tree is communication node, data communication property, transmission protocol and data transmission quantity, the method for dividing the decision tree node is that each child node of the decision tree with binary tree structure is converted from decision tree data information, and the conversion method is thatWherein、Andrespectively representing data transmission data information, therein、Andrespectively representing the decision tree root nodes.
5. The network security and protection virus identification and blocking system with the internal operation monitoring function according to claim 1, characterized in that: the isolation module comprises a PFGA main control module, an embedded memory connected with the PFGA main control module, an information filtering module and a communication network interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210854849.XA CN115086074A (en) | 2022-07-20 | 2022-07-20 | Network security virus identification and blocking system with internal operation monitoring function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210854849.XA CN115086074A (en) | 2022-07-20 | 2022-07-20 | Network security virus identification and blocking system with internal operation monitoring function |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115086074A true CN115086074A (en) | 2022-09-20 |
Family
ID=83258987
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210854849.XA Pending CN115086074A (en) | 2022-07-20 | 2022-07-20 | Network security virus identification and blocking system with internal operation monitoring function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115086074A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180288086A1 (en) * | 2017-04-03 | 2018-10-04 | Royal Bank Of Canada | Systems and methods for cyberbot network detection |
US20210211438A1 (en) * | 2020-01-07 | 2021-07-08 | International Business Machines Corporation | Providing network security through autonomous simulated environments |
CN113158190A (en) * | 2021-04-30 | 2021-07-23 | 河北师范大学 | Malicious code countermeasure sample automatic generation method based on generation type countermeasure network |
CN114726634A (en) * | 2022-04-14 | 2022-07-08 | 北京金睛云华科技有限公司 | Hacker attack scene construction method and equipment based on knowledge graph |
-
2022
- 2022-07-20 CN CN202210854849.XA patent/CN115086074A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180288086A1 (en) * | 2017-04-03 | 2018-10-04 | Royal Bank Of Canada | Systems and methods for cyberbot network detection |
US20210211438A1 (en) * | 2020-01-07 | 2021-07-08 | International Business Machines Corporation | Providing network security through autonomous simulated environments |
CN113158190A (en) * | 2021-04-30 | 2021-07-23 | 河北师范大学 | Malicious code countermeasure sample automatic generation method based on generation type countermeasure network |
CN114726634A (en) * | 2022-04-14 | 2022-07-08 | 北京金睛云华科技有限公司 | Hacker attack scene construction method and equipment based on knowledge graph |
Non-Patent Citations (11)
Title |
---|
ALEC RADFORD ETAL.: "Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks", 《ARXIV》 * |
BIXIWEN_LIU: "GAN:生成式对抗网络介绍和其优缺点以及研究现状", 《CSDN博客》 * |
IAN J. GOODFELLOW ETAL.: "Generative Adversarial Networks", 《ARXIV》 * |
MICROSEMI: "PB0115", 《PRODUCT BRIEF SMARTFUSION2 SOC FPGA》 * |
SOLOMON1588: "生成式对抗网络GAN研究进展(二)——原始GAN", 《CSDN博客》 * |
朱晓荣: "基于GAN的异构无线网络故障检测与诊断算法", 《通信学报》 * |
李波: "应用计算机技术实现临床医学信息分析的方法", 《信息技术》 * |
熊峰: "基于FPGA的工业网络数据监控隔离装置研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 * |
王代华著: "《PIC单片机及其嵌入式应用》", 1 January 2013, 国防工业出版社 * |
陈小虾: "GAN的系列经典模型讲解", 《CSDN博客》 * |
鲁俊良: "基于深度学习的URL检测与生成技术的研究与实现", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111262722B (en) | Safety monitoring method for industrial control system network | |
EP3635914B1 (en) | Anomaly detection in computer networks | |
WO2022052476A1 (en) | Training method for detection model, system, device, and storage medium | |
WO2022037130A1 (en) | Network traffic anomaly detection method and apparatus, and electronic apparatus and storage medium | |
CN112333194B (en) | GRU-CNN-based comprehensive energy network security attack detection method | |
Wei et al. | Federated learning empowered end-edge-cloud cooperation for 5G HetNet security | |
Shang et al. | Modbus/TCP communication anomaly detection based on PSO-SVM | |
CN111181930A (en) | DDoS attack detection method, device, computer equipment and storage medium | |
CN112385196A (en) | System and method for reporting computer security incidents | |
Hameed et al. | IOTA-based Mobile crowd sensing: detection of fake sensing using logit-boosted machine learning algorithms | |
CN115567269A (en) | Internet of things anomaly detection method and system based on federal learning and deep learning | |
Gao et al. | Federated learning based on CTC for heterogeneous internet of things | |
CN115086074A (en) | Network security virus identification and blocking system with internal operation monitoring function | |
Guo et al. | FullSight: A feasible intelligent and collaborative framework for service function chains failure detection | |
CN115189863A (en) | E-commerce transaction information management system based on block chain network architecture | |
Sathar et al. | Mitigating IEC-60870-5-104 vulnerabilities: Anomaly detection in smart grid based on LSTM autoencoder | |
CN113938292A (en) | Vulnerability attack flow detection method and detection system based on concept drift | |
CN106354100A (en) | Operation-maintenance auditing method and device for numerical control machine tool | |
Ezeh et al. | An SDN controller-based framework for anomaly detection using a GAN ensemble algorithm | |
CN116743508B (en) | Method, device, equipment and medium for detecting network attack chain of power system | |
CN111142493A (en) | Heterogeneous data acquisition device and method for industrial safety supervision | |
JP2004153810A (en) | Method for managing memory resource in data network testing device | |
CN112511558B (en) | Electromechanical device measurement and control system based on Internet of things | |
Huang et al. | Research on Big Data Center System Based on Computer Internet Technology | |
CN114861834B (en) | Method for continuously updating data information of big data storage system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220920 |
|
RJ01 | Rejection of invention patent application after publication |