CN115086949A - 5G network security protection method and system - Google Patents

5G network security protection method and system Download PDF

Info

Publication number
CN115086949A
CN115086949A CN202210603972.4A CN202210603972A CN115086949A CN 115086949 A CN115086949 A CN 115086949A CN 202210603972 A CN202210603972 A CN 202210603972A CN 115086949 A CN115086949 A CN 115086949A
Authority
CN
China
Prior art keywords
data
communication data
multivariate
rule
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210603972.4A
Other languages
Chinese (zh)
Inventor
陈彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210603972.4A priority Critical patent/CN115086949A/en
Publication of CN115086949A publication Critical patent/CN115086949A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a 5G network safety protection method and a system, comprising the following steps: collecting multivariate communication data of a 5G network, and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data; based on the safety analysis rule, carrying out safety analysis on the multivariate communication data to obtain a safety trust index; comparing the security trust index with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result, including encryption processing and alarm processing, matching an optimal security analysis rule for the multivariate communication data according to the analysis of the multivariate communication data, and ensuring the efficiency and accuracy of data security analysis so as to obtain an accurate security trust index, and encrypting and alarming the multivariate communication data according to the security trust index, so that the accurate protection of the 5G network security is realized, and the 5G network security protection effect is ensured.

Description

5G network security protection method and system
Technical Field
The invention relates to the technical field of network security, in particular to a 5G network security protection method and system.
Background
The 5G network is a fifth generation mobile communication network, and the peak value theoretical transmission speed can reach 20Gbps, and is higher than the transmission speed of the 4G network by more than 10 times in combination with 2.5GB per second.
The 5G network security means that data in a 5G network system is protected and is not damaged, changed and leaked due to accidental or malicious reasons, so that the system is ensured to continuously, reliably and normally operate, and network service is not interrupted.
The traditional network security protection method has limited computing capability, so that the comprehensiveness and effectiveness of network data detection are difficult to ensure, and the network security protection effect needs to be improved.
Disclosure of Invention
The invention provides a 5G network safety protection method and a system, which ensure the efficiency and accuracy of network data safety analysis and ensure the 5G network safety protection effect.
A5G network security protection method comprises the following steps:
step 1: collecting multivariate communication data of a 5G network, and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
and 2, step: based on the safety analysis rule, carrying out safety analysis on the multivariate communication data to obtain a safety trust index;
and step 3: comparing the security trust index with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result.
Preferably, in step 1, the collecting the multivariate communication data of the 5G network includes:
acquiring a network node structure diagram of the 5G network, and determining a data existence form of the multi-element communication data in a network node based on the network node structure diagram;
determining a data acquisition mode for the network node based on the data existence form;
and according to the data existence mode, carrying out data acquisition on the network node to obtain the multi-element communication data.
Preferably, determining a data acquisition mode for the network node based on the data existence form includes:
if the data exist in a mode of flowing in a plurality of network nodes, the determined data acquisition mode is to acquire the communication data of the specified network nodes at a specific time;
and if the data existing form stably exists in the specific network node, the determined data acquisition mode is to perform collective data acquisition on the specific network node.
Preferably, in step 1, analyzing the multiple communication data to obtain a security analysis rule for the multiple communication data includes:
dividing the multi-element communication data into a plurality of communication data groups according to data types;
and determining a safety analysis rule based on the data type and the corresponding communication data group.
Preferably, determining a security analysis rule based on the data type and the corresponding communication data set includes:
selecting an initial rule for the data type from a rule base;
adding a rule detection node into the initial rule according to the communication data group corresponding to the data type to obtain a target rule;
and adding a data label into the target rule based on the data type, and integrating the target rule according to the data label to obtain a safety analysis rule.
Preferably, in step 2, based on the security analysis rule, performing security analysis on the multivariate communication data to obtain a security trust index, including:
based on the safety analysis rule, establishing a mapping relation of each rule detection node;
inputting the multivariate communication data into corresponding rule detection nodes, and determining the detection values of the multivariate communication data under the corresponding rule detection nodes;
determining node relations among all rule detection nodes under the safety analysis rule, and setting a weight value for each rule detection node based on the node relations;
determining a first safety index corresponding to the detection value under the corresponding rule detection node based on the mapping relation, and weighting the first safety index according to the weight value of the corresponding rule detection node to obtain a second safety index;
judging whether the second safety index is larger than a preset safety index or not;
if so, determining the safety trust index of the multivariate communication data as a first preset trust index;
otherwise, dividing the multi-element communication data according to the service types to obtain a plurality of groups of service communication data;
determining a target rule detection node of each group of service communication data under the safety analysis rule, and determining a third safety index under the target rule detection node;
acquiring target users corresponding to the multiple groups of service communication data, and establishing an access mapping relation based on the access authority of the target users;
determining access values of the multiple groups of service communication data based on the access mapping relation, and determining a fourth security index of the multiple groups of service communication data based on the access values;
and determining a security trust index of the multivariate communication data based on the third security index and the fourth security index.
Preferably, determining the security trust index of the multivariate communication data based on the third security index and the fourth security index comprises:
determining a first comprehensive safety index of the multivariate communication data by combining the third safety index according to the detection importance index of the business communication data at the target rule detection node;
determining a second comprehensive safety index of the multivariate communication data according to the fourth safety index of each group of service communication data and the importance degree of each group of service communication data;
and determining a security trust index of the multivariate communication data based on the first comprehensive security index and the second comprehensive security index.
Preferably, in step 3, the security trust index is compared with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result, wherein the processing comprises the following steps:
comparing the security trust index with a preset trust index range;
if the safety trust index is larger than the preset trust index range, determining that the multivariate communication data has no safety abnormity problem, and not performing any processing on the multivariate communication data;
if the safety trust index is within the preset trust index range, determining to encrypt the multivariate communication data;
and if the safety trust index is smaller than the preset trust index range, determining to perform alarm processing on the multivariate communication data.
Preferably, the encrypting the multiple communication data includes:
obtaining private data according to the user authority of the multi-element communication data, and dividing the private data into communication data of each block;
based on the user authority and the block communication data, block chain processing is carried out on the multi-private data, and the block communication data are stored into corresponding block nodes;
generating an encryption public key and an encryption private key according to the user authority, and encrypting the block node to obtain an encryption node;
based on the user authority, public data in the multi-element communication data are obtained, the public data are stored in a designated block node, and the designated block node is authorized to obtain a public node;
establishing a block chain aiming at the multivariate communication data based on the encryption node and the public node;
matching a data analysis rule corresponding to each block node from a data encryption rule base based on the data attribute of the multivariate communication data in the block chain;
dividing the data stored in the block nodes into a plurality of data segments according to the data analysis rule;
acquiring an encryption field sequence corresponding to the data analysis rule from the data encryption rule base;
sequentially inserting the encrypted field sequence into the data segments according to an insertion rule to obtain an encrypted data stream of a block node, and completing data encryption of the block node;
acquiring a first decryption rule aiming at the encryption node and a second decryption rule aiming at the data encryption;
processing the first decryption rule and the second decryption rule based on the authority of a user group to the encryption node and the data stored by the encryption node to obtain a third decryption rule aiming at a single user in the user group;
and generating the decryption authority aiming at the single user by utilizing the third decryption rule.
A 5G network security protection system, comprising:
the data acquisition and analysis module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring multivariate communication data of a 5G network and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
a safety detection module: the safety analysis rule is used for carrying out safety analysis on the multivariate communication data based on the safety analysis rule to obtain a safety trust index;
the safety protection module: the system is used for comparing the security trust index with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of a 5G network security protection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of collecting multivariate communication data according to an embodiment of the invention;
fig. 3 is a structural diagram of a 5G network security protection system according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it should be understood that they are presented herein only to illustrate and explain the present invention and not to limit the present invention.
Example 1
An embodiment of the present invention provides a 5G network security protection method, as shown in fig. 1, including:
step 1: collecting multivariate communication data of a 5G network, and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
step 2: based on the safety analysis rule, carrying out safety analysis on the multivariate communication data to obtain a safety trust index;
and step 3: and based on the safety trust index, carrying out encryption processing and alarm processing on the multivariate communication data.
In this embodiment, the multivariate communication data includes, for example, interactive communication data, massive data transmission communication data, application communication data, abnormal communication data, and the like.
In this embodiment, the security analysis rule is used for security detection of the multivariate communication data.
In this embodiment, if the security trust index is greater than the preset trust index range, it is determined that the multivariate communication data has no security anomaly problem, and no processing is performed on the multivariate communication data; if the safety trust index is within the preset trust index range, determining to encrypt the multivariate communication data; and if the safety trust index is smaller than the preset trust index range, determining to perform alarm processing on the multivariate communication data.
The beneficial effect of above-mentioned design is: according to the method, the efficiency and the accuracy of data security analysis are guaranteed by matching the optimal security analysis rule for the multivariate communication data according to the analysis of the multivariate communication data, so that an accurate security trust index is obtained, the multivariate communication data is encrypted and alarmed according to the security trust index, the accurate protection of the 5G network security is realized, and the 5G network security protection effect is guaranteed.
Example 2
Based on embodiment 1, an embodiment of the present invention provides a 5G network security protection method, as shown in fig. 2, in step 1, acquiring multivariate communication data of a 5G network, including:
step 1-1: acquiring a network node structure diagram of the 5G network, and determining a data existence form of the multi-element communication data in a network node based on the network node structure diagram;
step 1-2: determining a data acquisition mode for the network node based on the data existence form and the data relationship;
step 1-3: and according to the data existence mode, carrying out data acquisition on the network node to obtain the multi-element communication data.
In this embodiment, the data presence form includes a stable presence at the corresponding network node, flowing to a plurality of network nodes.
In this embodiment, the data relationship is a relationship between data of this network node and data on other network nodes related to the network node, such as a progressive relationship, a parallel relationship, and the like.
In this embodiment, if the data existing form flows to a plurality of network nodes, the network data is collected by collecting a specific network node at a specific time; and if the data existing form stably exists in the corresponding network node, performing data acquisition in a mode of performing collective data acquisition on the corresponding network node.
The beneficial effect of above-mentioned design is: the data existence form is determined according to the network node structure chart of the 5G network, different data acquisition modes are adopted according to different data existence forms, the comprehensiveness and efficiency of data acquisition are guaranteed, and the efficiency of network safety protection is indirectly improved.
Example 3
On the basis of embodiment 2, an embodiment of the present invention provides a 5G network security protection method, which determines a data acquisition manner for a network node based on the data existence form, and includes:
if the data exist in a form flowing to a plurality of network nodes, the determined data acquisition mode is to acquire the communication data of the specified network nodes at a specific time;
and if the data existing form stably exists in the specific network node, the determined data acquisition mode is to perform collective data acquisition on the specific network node.
The beneficial effect of above-mentioned design is: communication data flowing to a plurality of network nodes are collected in a mode of collecting specific network nodes at specific time, so that the repeatability of communication data collection is avoided, and the waste of resources is avoided; the communication data with a stable data existing form existing in the specific network node is acquired in a collective data acquisition mode of the specific network node, so that the acquisition efficiency of the communication data is improved; the comprehensiveness and the efficiency of data acquisition are ensured, and the efficiency of network safety protection is indirectly improved.
Example 4
Based on embodiment 1, an embodiment of the present invention provides a 5G network security protection method, where in step 1, analyzing the multiple communication data to obtain a security analysis rule for the multiple communication data, where the method includes:
dividing the multi-element communication data into a plurality of communication data groups according to data types;
and determining a safety analysis rule based on the data type and the corresponding communication data group.
In this embodiment, the plurality of communication data groups are, for example, interactive communication data, bulk data transfer communication data, application communication data, abnormal communication data, and the like.
The beneficial effect of above-mentioned design is: and according to different data types, determining a safety analysis rule suitable for a communication data group, and ensuring the pertinence and the accuracy of the safety analysis of the communication data.
Example 5
Based on embodiment 4, an embodiment of the present invention provides a 5G network security protection method, where determining a security analysis rule based on the data type and a corresponding communication data group includes:
selecting an initial rule for the data type from a rule base;
adding a rule detection node into the initial rule according to the communication data group corresponding to the data type to obtain a target rule;
and adding a data label into the target rule based on the data type, and integrating the target rule according to the data label to obtain a safety analysis rule.
In this embodiment, the rule detection nodes are determined according to the specific content of the communication data in the communication data group, and the larger the data capacity is, the more corresponding rule detection nodes are.
In this embodiment, the data tag is used to clarify a detection data type corresponding to the target rule, and when a communication data group is obtained, the target rule matched with the communication data group in the security detection rule is determined according to matching between the communication data group and the communication tag.
The beneficial effect of above-mentioned design is: different rules are determined for the communication data set according to different data types, and corresponding rule detection nodes are set according to the content of the communication data set, so that detailed analysis of the communication data set is guaranteed.
Example 6
On the basis of embodiment 1, an embodiment of the present invention provides a 5G network security protection method, where in step 2, based on the security analysis rule, the security analysis is performed on the multivariate communication data to obtain a security trust index, including:
based on the safety analysis rule, establishing a mapping relation of each rule detection node;
inputting the multivariate communication data into corresponding rule detection nodes, and determining the detection values of the multivariate communication data under the corresponding rule detection nodes;
determining node relations among all rule detection nodes under the safety analysis rule, and setting a weight value for each rule detection node based on the node relations;
determining a first safety index corresponding to the detection value under the corresponding rule detection node based on the mapping relation, and weighting the first safety index according to the weight value of the corresponding rule detection node to obtain a second safety index;
judging whether the second safety index is larger than a preset safety index or not;
if so, determining the safety trust index of the multivariate communication data as a first preset trust index;
otherwise, dividing the multi-element communication data according to the service types to obtain a plurality of groups of service communication data;
determining a target rule detection node of each group of service communication data under the safety analysis rule, and determining a third safety index under the target rule detection node;
acquiring target users corresponding to the multiple groups of service communication data, and establishing an access mapping relation based on the access authority of the target users;
determining access values of the multiple groups of business communication data based on the access mapping relation, and determining fourth safety indexes of the multiple groups of business communication data based on the access values;
and determining a security trust index of the multivariate communication data based on the third security index and the fourth security index.
In this embodiment, the mapping relationship is a correspondence relationship between communication data and a detection value under the rule detection node, and the detection value is used for indicating a data security degree of the communication data.
In this embodiment, the different rule detection nodes have different detection emphasis on the communication data, and the node relationship is used to determine the interaction relationship detected by each rule detection node.
In this embodiment, the second security index can take into account the comprehensiveness of the multiple communication data and better embody the security features of the multiple communication data than the first security index.
In this embodiment, the first predetermined trust index is predetermined, indicating that the multivariate communication data is secure.
In this embodiment, after it is determined that the two security indexes are smaller than the preset security index, the security detection of the service level is performed on the multivariate communication data in combination with the service corresponding to the multivariate communication data, and the accuracy of determining the final security trust index is ensured in combination with the security detection of the data itself.
In this embodiment, the access mapping relationship is used to determine a relationship between service communication data and an access value, and the access value is used to represent an access right of the service communication data.
The beneficial effect of above-mentioned design is: the safety analysis is carried out on the multivariate communication data from the data safety according to the safety analysis rule, and the safety analysis of the communication data on the service level is combined, so that the safety of the multivariate communication data can be more accurately represented by the obtained safety trust index, and a basis is provided for further protection of the communication data.
Example 7
Based on embodiment 6, an embodiment of the present invention provides a 5G network security protection method, where the determining a security trust index of the multivariate communication data based on the third security index and the fourth security index includes:
determining a first comprehensive safety index of the multivariate communication data by combining the third safety index according to the detection importance index of the business communication data at the target rule detection node;
the first integrated safety index K 1 The calculation formula of (a) is as follows:
Figure BDA0003670088510000111
wherein n represents the number of the target detection nodes, A i A third safety index representing the ith target detection node, and the value of the third safety index is (0, 1) and beta i The detection significance index of the ith target detection node is expressed, and the value is (0.80, 1.00) and delta i Represents the weight value of the ith target detection node,
Figure BDA0003670088510000112
the average detection importance index is represented by,
Figure BDA0003670088510000113
represents an average weight value;
determining a second comprehensive safety index of the multivariate communication data according to the fourth safety index of each group of service communication data and the importance degree of each group of service communication data;
the second composite safety index K 2 The calculation formula of (c) is as follows:
Figure BDA0003670088510000114
where m represents the number of groups of said traffic data, τ j Representing the importance degree of the jth group service communication data, and taking the value as (0.80, 1.00), s j Indicating the rule detection node contained under the jth group of traffic data,
Figure BDA0003670088510000115
denotes the ω -th group under the jth group of service communication data j The value of a fourth safety index under each rule detection node is (0, 1), and e represents a natural constant and is 2.72;
determining a security trust index of the multivariate communication data based on the first and second integrated security indexes;
the security trust index K A The calculation formula of (a) is as follows:
K A =γ 1 K 12 K 2
wherein, γ 1 Is a first weight, γ 2 Is the second weight.
In this embodiment, the detection importance index of the target rule detection node is related to the service content, and the more important the service data determined by the service content is, the larger the detection importance index of the corresponding target rule detection node is.
In this embodiment, the average detection importance index and the average weight value are determined according to an average value of the target rule detection nodes.
In this embodiment, the importance of each group of service communication data is determined according to the importance of each group of services.
In this embodiment, for the formula
Figure BDA0003670088510000121
It may be for example that,
Figure BDA0003670088510000122
A i when n is 0.8 and n is 10, K is approximately obtained 1 =0.64。
In this embodiment, for the formula
Figure BDA0003670088510000123
It may be for example that,
Figure BDA0003670088510000124
when m is 10, K is approximately obtained 2 =0.63。
In this embodiment, for formula K A =γ 1 K 12 K 2 For example, it may be: the gamma is 1 =0.4,γ 2 =0.6,K A =γ 1 K 12 K 2 =0.63。
The beneficial effect of above-mentioned design is: the safety index calculation is carried out on the multivariate communication data from the data safety, and the safety index calculation of the communication data on the service level is combined, so that the safety of the multivariate communication data can be more accurately represented by the obtained safety trust index, and a basis is provided for further protection of the communication data.
Example 8
On the basis of the embodiment 1, the embodiment of the invention provides a 5G network security protection method, and in the step 3, the security trust index is compared with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result, wherein the processing comprises the following steps:
comparing the security trust index with a preset trust index range;
if the safety trust index is larger than the preset trust index range, determining that the multivariate communication data has no safety abnormity problem, and not performing any processing on the multivariate communication data;
if the safety trust index is within the preset trust index range, determining to encrypt the multivariate communication data;
and if the safety trust index is smaller than the preset trust index range, determining to perform alarm processing on the multivariate communication data.
In this embodiment, after the alarm processing is performed on the multivariate communication data, data destruction, data deletion, data modification, and the like are performed on the multivariate communication data.
The beneficial effect of above-mentioned design is: different processing is carried out on the multivariate communication data according to the specific numerical value of the safety trust index of the multivariate communication data, so that the accurate protection on the 5G network safety is realized, and the 5G network safety protection effect is ensured.
Example 9
On the basis of embodiment 8, an embodiment of the present invention provides a 5G network security protection method for encrypting the multivariate communication data, including:
obtaining private data according to the user authority of the multi-element communication data, and dividing the private data into communication data of each block;
based on the user authority and the block communication data, block chain processing is carried out on the multi-private data, and the block communication data are stored into corresponding block nodes;
generating an encryption public key and an encryption private key according to the user authority, and encrypting the block node to obtain an encryption node;
based on the user authority, public data in the multi-element communication data are obtained, the public data are stored in a designated block node, and the designated block node is authorized to obtain a public node;
establishing a block chain aiming at the multivariate communication data based on the encryption node and the public node;
matching a data analysis rule corresponding to each block node from a data encryption rule base based on the data attribute of the multivariate communication data in the block chain;
dividing the data stored in the block nodes into a plurality of data segments according to the data analysis rule;
acquiring an encryption field sequence corresponding to the data analysis rule from the data encryption rule base;
sequentially inserting the encrypted field sequence into the data segments according to an insertion rule to obtain an encrypted data stream of a block node, and completing data encryption of the block node;
acquiring a first decryption rule aiming at the encryption node and a second decryption rule aiming at the data encryption;
processing the first decryption rule and the second decryption rule based on the authority of a user group to the encryption node and the data stored by the encryption node to obtain a third decryption rule aiming at a single user in the user group;
and generating the decryption authority aiming at the single user by utilizing the third decryption rule.
In this embodiment, the private data is data that only has an operation right for a part of users, and the public data is data that is operable by all users accessing the block chain.
In this embodiment, the encryption node and the common node together constitute a block node of the block chain.
In the embodiment, according to the data attribute of the multivariate communication data, the corresponding data analysis rule is matched to obtain a plurality of data segments, so that the data length is in a set range after the data is encrypted subsequently, and the data encryption effect is ensured.
In this embodiment, the first decryption rule and the second decryption rule are obtained reversely according to the encryption process of the data.
In this embodiment, the third decryption rule is specifically set for a single user, so that the convenience of decrypting data by the single user is ensured while the data security is ensured.
The beneficial effect of above-mentioned design is: the block chain storage is established for the multivariate communication data, the safety of data storage is guaranteed, and the data of the block nodes and the data under the block nodes are encrypted according to the user permission, so that the safety of the data is dually guaranteed, the accurate protection of the 5G network safety is realized, and the 5G network safety protection effect is guaranteed.
Example 10
A 5G network security protection system, as shown in fig. 3, comprising:
the data acquisition and analysis module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring multivariate communication data of a 5G network and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
a safety detection module: the safety analysis rule is used for carrying out safety analysis on the multivariate communication data based on the safety analysis rule to obtain a safety trust index;
the safety protection module: the device is used for carrying out encryption processing and alarm processing on the multivariate communication data based on the safety trust index;
a data processing module: the security trust index is compared with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result.
The beneficial effect of above-mentioned design is: according to the method, the efficiency and the accuracy of data security analysis are guaranteed by matching the optimal security analysis rule for the multivariate communication data according to the analysis of the multivariate communication data, so that an accurate security trust index is obtained, the multivariate communication data is encrypted and alarmed according to the security trust index, the accurate protection of the 5G network security is realized, and the 5G network security protection effect is guaranteed.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A5G network security protection method is characterized by comprising the following steps:
step 1: collecting multivariate communication data of a 5G network, and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
step 2: based on the safety analysis rule, carrying out safety analysis on the multivariate communication data to obtain a safety trust index;
and step 3: comparing the security trust index with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result.
2. The 5G network security protection method according to claim 1, wherein in step 1, collecting the multivariate communication data of the 5G network comprises:
acquiring a network node structure diagram of the 5G network, and determining a data existence form of the multi-element communication data in a network node based on the network node structure diagram;
determining a data acquisition mode for the network node based on the data existence form;
and acquiring data of the network nodes according to the data existence mode to obtain the multivariate communication data.
3. The 5G network security protection method according to claim 2, wherein determining a data collection manner for the network node based on the data existence form comprises:
if the data exist in a form flowing to a plurality of network nodes, the determined data acquisition mode is to acquire the communication data of the specified network nodes at a specific time;
and if the data existing form stably exists in the specific network node, the determined data acquisition mode is to perform collective data acquisition on the specific network node.
4. The 5G network security protection method according to claim 1, wherein in step 1, analyzing the multivariate communication data to obtain the security analysis rule of the multivariate communication data includes:
dividing the multi-element communication data into a plurality of communication data groups according to data types;
and determining a safety analysis rule based on the data type and the corresponding communication data group.
5. The 5G network security protection method according to claim 4, wherein determining a security analysis rule based on the data type and the corresponding communication data group comprises:
selecting an initial rule for the data type from a rule base;
adding a rule detection node into the initial rule according to the communication data group corresponding to the data type to obtain a target rule;
and adding a data label into the target rule based on the data type, and integrating the target rule according to the data label to obtain a safety analysis rule.
6. The 5G network security protection method according to claim 1, wherein in step 2, performing security analysis on the multivariate communication data based on the security analysis rule to obtain a security trust index comprises:
based on the safety analysis rule, establishing a mapping relation of each rule detection node;
inputting the multivariate communication data into corresponding rule detection nodes, and determining the detection values of the multivariate communication data under the corresponding rule detection nodes;
determining node relations among all rule detection nodes under the safety analysis rule, and setting a weight value for each rule detection node based on the node relations;
determining a first safety index corresponding to the detection value under the corresponding rule detection node based on the mapping relation, and weighting the first safety index according to the weight value of the corresponding rule detection node to obtain a second safety index;
judging whether the second safety index is larger than a preset safety index or not;
if so, determining the safety trust index of the multivariate communication data as a first preset trust index;
otherwise, dividing the multi-element communication data according to the service types to obtain a plurality of groups of service communication data;
determining a target rule detection node of each group of service communication data under the safety analysis rule, and determining a third safety index under the target rule detection node;
acquiring target users corresponding to the multiple groups of service communication data, and establishing an access mapping relation based on the access authority of the target users;
determining access values of the multiple groups of service communication data based on the access mapping relation, and determining a fourth security index of the multiple groups of service communication data based on the access values;
and determining a security trust index of the multivariate communication data based on the third security index and the fourth security index.
7. The 5G network security protection method according to claim 6, wherein determining the security trust index of the multivariate communication data based on the third security index and the fourth security index comprises:
determining a first comprehensive safety index of the multivariate communication data by combining the third safety index according to the detection importance index of the business communication data at the target rule detection node;
determining a second comprehensive safety index of the multivariate communication data according to the fourth safety index of each group of service communication data and the importance degree of each group of service communication data;
and determining a security trust index of the multivariate communication data based on the first comprehensive security index and the second comprehensive security index.
8. The 5G network security protection method according to claim 1, wherein in step 3, the security trust index is compared with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result, wherein the processing comprises the following steps:
if the safety trust index is larger than the preset trust index range, determining that the multivariate communication data has no safety abnormity problem, and not performing any processing on the multivariate communication data;
if the safety trust index is within the preset trust index range, determining to encrypt the multivariate communication data;
and if the safety trust index is smaller than the preset trust index range, determining to perform alarm processing on the multivariate communication data.
9. The 5G network security protection method according to claim 8, wherein the encrypting the multiple communication data includes:
obtaining private data according to the user authority of the multi-element communication data, and dividing the private data into communication data of each block;
based on the user authority and the block communication data, block chain processing is carried out on the multi-private data, and the block communication data are stored into corresponding block nodes;
generating an encryption public key and an encryption private key according to the user authority, and encrypting the block node to obtain an encryption node;
based on the user authority, public data in the multi-element communication data are obtained, the public data are stored in a designated block node, and the designated block node is authorized to obtain a public node;
establishing a block chain aiming at the multivariate communication data based on the encryption node and the public node;
matching a data analysis rule corresponding to each block node from a data encryption rule base based on the data attribute of the multivariate communication data in the block chain;
dividing the data stored in the block nodes into a plurality of data segments according to the data analysis rule;
acquiring an encryption field sequence corresponding to the data analysis rule from the data encryption rule base;
sequentially inserting the encrypted field sequence into the data segments according to an insertion rule to obtain an encrypted data stream of a block node, and completing data encryption of the block node;
acquiring a first decryption rule aiming at the encryption node and a second decryption rule aiming at the data encryption;
processing the first decryption rule and the second decryption rule based on the authority of a user group to the encryption node and the data stored by the encryption node to obtain a third decryption rule aiming at a single user in the user group;
and generating the decryption authority aiming at the single user by utilizing the third decryption rule.
10. A5G network security protection system is characterized by comprising:
the data acquisition and analysis module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring multivariate communication data of a 5G network and analyzing the multivariate communication data to obtain a safety analysis rule of the multivariate communication data;
a safety detection module: the safety analysis rule is used for carrying out safety analysis on the multivariate communication data based on the safety analysis rule to obtain a safety trust index;
the safety protection module: the system is used for comparing the security trust index with a preset trust index range; and correspondingly processing the multivariate communication data according to the comparison result.
CN202210603972.4A 2022-05-30 2022-05-30 5G network security protection method and system Withdrawn CN115086949A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210603972.4A CN115086949A (en) 2022-05-30 2022-05-30 5G network security protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210603972.4A CN115086949A (en) 2022-05-30 2022-05-30 5G network security protection method and system

Publications (1)

Publication Number Publication Date
CN115086949A true CN115086949A (en) 2022-09-20

Family

ID=83248948

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210603972.4A Withdrawn CN115086949A (en) 2022-05-30 2022-05-30 5G network security protection method and system

Country Status (1)

Country Link
CN (1) CN115086949A (en)

Similar Documents

Publication Publication Date Title
Casino et al. HEDGE: efficient traffic classification of encrypted and compressed packets
Selvaraj et al. Outsourced analysis of encrypted graphs in the cloud with privacy protection
Bocu et al. A homomorphic encryption-based system for securely managing personal health metrics data
CN112950343A (en) Enterprise financial data acquisition and processing method and system
CN116032464A (en) Property data encryption system based on quantum communication
CN117235796B (en) Electronic commerce data processing method
Costantino et al. Privacy-preserving text mining as a service
CN115694932A (en) Method and equipment for realizing community sensitive data protection based on block chain technology
CN113411328A (en) Efficient transmission system based on data pre-identification sensitive data
CN111800387A (en) Intelligent encryption transmission system for computer information data
CN111639355A (en) Data security management method and system
Yadav et al. Big data hadoop: Security and privacy
CN116090024B (en) Reliable data storage device, system and method
CN115086949A (en) 5G network security protection method and system
CN114584374B (en) Big data privacy sharing safety protection system and method based on blockchain
Burke et al. K-anonymity for privacy preserving crime data publishing in resource constrained environments
CN116432193A (en) Financial database data protection transformation method and financial data protection system thereof
Wang et al. Public key encryption with fuzzy matching
CN113037743B (en) Encryption method and system for cloud server file
Zhao et al. Secure genomic computation through site-wise encryption
Iavich et al. A Post-Quantum secure e-Health system for the data management
CN117692257B (en) High-speed encryption method and device for service data of electric power Internet of things
CN116308434B (en) Insurance fraud identification method and system
CN117786756B (en) Method and system for realizing safe sharing of user patient data based on skin database
CN116484413B (en) Unstructured data-oriented efficient cross-cloud intelligent security layout construction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220920