CN115174165A - Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture - Google Patents
Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture Download PDFInfo
- Publication number
- CN115174165A CN115174165A CN202210707063.5A CN202210707063A CN115174165A CN 115174165 A CN115174165 A CN 115174165A CN 202210707063 A CN202210707063 A CN 202210707063A CN 115174165 A CN115174165 A CN 115174165A
- Authority
- CN
- China
- Prior art keywords
- security
- data
- layer
- situation
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000001149 cognitive effect Effects 0.000 title claims abstract description 22
- 230000019771 cognition Effects 0.000 claims abstract description 21
- 238000005516 engineering process Methods 0.000 claims abstract description 15
- 238000005259 measurement Methods 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 7
- 230000007246 mechanism Effects 0.000 claims description 34
- 238000000034 method Methods 0.000 claims description 29
- 238000004422 calculation algorithm Methods 0.000 claims description 20
- 230000004927 fusion Effects 0.000 claims description 20
- 238000013528 artificial neural network Methods 0.000 claims description 16
- 238000011156 evaluation Methods 0.000 claims description 12
- 238000012549 training Methods 0.000 claims description 11
- 238000012731 temporal analysis Methods 0.000 claims description 10
- 238000000700 time series analysis Methods 0.000 claims description 10
- 230000003044 adaptive effect Effects 0.000 claims description 9
- 238000010606 normalization Methods 0.000 claims description 7
- 230000002776 aggregation Effects 0.000 claims description 6
- 238000004220 aggregation Methods 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 6
- 230000009467 reduction Effects 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 239000013598 vector Substances 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 4
- 238000007476 Maximum Likelihood Methods 0.000 claims description 3
- 238000013500 data storage Methods 0.000 claims description 3
- 238000013136 deep learning model Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000013515 script Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000005284 excitation Effects 0.000 claims description 2
- 238000000691 measurement method Methods 0.000 claims description 2
- 230000011218 segmentation Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 9
- 238000011160 research Methods 0.000 description 7
- 230000010365 information processing Effects 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000008447 perception Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241001494479 Pecora Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 210000005079 cognition system Anatomy 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007499 fusion processing Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a self-adaptive security situation cognitive system based on a block chain under a cloud edge architecture, which comprises: terminal security key element obtains layer, edge security situation cognitive layer and high in the clouds security situation cognitive layer, and wherein, terminal security key element obtains the layer: the system comprises a network management module, a cloud security situation cognition layer and a network management module, wherein the network management module is used for providing security element data for the edge security situation cognition layer and the cloud security situation cognition layer, and performing network measurement and situation cognition in an active mode and a passive mode to acquire the security element data; edge security posture awareness layer: the system is responsible for fusing, evaluating and predicting multi-source security elements, safely processing and storing situation data by using a block chain technology so as to assist the real-time intelligent security decision of the edge network and provide the security situation data for the cloud; cloud security situation awareness layer: the system is responsible for fusing, evaluating and predicting multi-source and heterogeneous security elements, and meanwhile, situation data is safely processed and stored by using a block chain technology so as to support global security decision.
Description
Technical Field
The invention belongs to the field of big data security, and particularly relates to a self-adaptive security situation cognitive system based on a block chain under a cloud edge architecture.
Background
Traditional network security protection is based on 'exogenous' boundary protection, and a network entity is provided with 'plug-in' type security components according to the borne attacks. Therefore, the safety threat can be dealt with only in a passive mode, and only the effect of 'sheep death and reinforcement' is achieved. The late sense is not the sense, the huge scale of the network space under the cloud edge architecture is accompanied by the huge scale of the security threat, and once the exogenous boundary protection is broken, irreparable loss is caused to the system. To solve this problem, security situation awareness technologies have been proposed and are receiving extensive attention and research. The security situation cognitive technology can reduce the dependence of a network space under a cloud edge-end architecture on human control, and through intelligent and autonomous threat analysis and three-dimensional and cooperative security management.
The network security technology research based on the security situation cognition mainly comprises the following steps: safety element modeling research, situation cognition process research and situation-based decision mechanism research. At present, some preliminary achievements have been formed by research on security situation cognitive mechanisms in academic circles, but these research methods mainly aim at specific types of network systems, and still cannot effectively match the characteristics of massive network space data and outstanding heterogeneity under a cloud edge architecture based on the existing security technology, so that the method has great limitations, which are specifically shown in the following steps: the traditional computing mode cannot efficiently process security situation information with big data characteristics and does not realize the cooperative operation of a security mechanism aiming at heterogeneous characteristics of a network space under a cloud edge architecture.
Through the retrieval, application publication No. CN108494801A, a safety situation perception protection system based on artificial intelligence and block chain technology, includes information acquisition module, first information processing module, second information processing module, situation evaluation module and safety protection module, information acquisition module is used for gathering the multisource safety information that comes from the supervisory facilities, first information processing module is used for filtering and retrenching the safety information who gathers, second information processing module is used for fusing the multisource safety information who filters and retrench, acquires the result of fusing, situation evaluation module is used for according to multisource safety information fusion result, based on artificial intelligence and the current safety situation of block chain technology evaluation, safety protection module carries out safety protection according to current safety situation. The invention has the beneficial effects that: the safety situation perception protection system based on the artificial intelligence and the block chain technology is provided, and the safety situation evaluation accuracy and the protection level are improved.
The security situation accumulated historically and emerged in the network space under the cloud edge architecture has the characteristic of big data, and various network entities in the network space are numerous and have different structures, so that the security situation perception protection system cannot solve the problem that the existing computational power scheduling mode is difficult to realize computational power management of the security situation; the security situation data in the network space under the cloud edge architecture are from different complex and heterogeneous network elements, and the security situation sensing and protecting system is difficult to ensure the security and the integrity of the data; meanwhile, when the system as a whole provides services to the outside or performs cooperative calculation between network elements, the credibility of the system and each network element cannot be accurately estimated.
Disclosure of Invention
The present invention is directed to solving the above problems of the prior art. A self-adaptive security situation cognitive system based on a block chain under a cloud edge terminal architecture is provided. The technical scheme of the invention is as follows:
an adaptive security posture awareness system based on a blockchain under a cloud edge architecture, comprising: terminal security element acquires layer, cognitive layer of edge security situation and high in the clouds security situation, and terminal security element acquires the layer and is located the bottommost, and the cognitive layer of high in the clouds security situation is located the highest level, and the cognitive layer of edge security situation is located between terminal security element acquires layer and the cognitive layer of high in the clouds security situation, wherein
Terminal security element acquisition layer: the system comprises a situation awareness terminal, a network monitoring and situation awareness terminal and a cloud security situation awareness terminal, wherein the situation awareness terminal is used for providing a plurality of elements which influence network security for an edge security situation awareness layer and a cloud security situation awareness layer, namely security element data, and network measurement and situation awareness are carried out in an active mode and a passive mode through the situation awareness terminal arranged in a network to obtain the security element data;
edge security posture awareness layer: the system is responsible for fusing, evaluating and predicting multi-source security elements, safely processing and storing situation data by using a block chain technology so as to assist the real-time intelligent security decision of the edge network and provide the security situation data for the cloud;
cloud security situation awareness layer: the system is responsible for fusing, evaluating and predicting multi-source and heterogeneous security elements, and meanwhile, situation data is safely processed and stored by using a block chain technology so as to support global security decision.
Further, in the terminal security element acquisition layer, network measurement and situational awareness are performed in an active mode and a passive mode to acquire security element data, and the method specifically includes:
firstly, preprocessing collected original data including normalization and data type conversion to remove irrelevant information and standardize a data format; further carrying out attribute reduction on the historical safety element information to form a safety element reduction attribute set; and finally, carrying out classification learning on the reduced data so as to improve the quality of the safety elements.
Further, active measurement and situation awareness are realized by utilizing a measuring tool to purposefully and actively generate measuring flow to be injected into the network at a selected measuring point, and analyzing the performance of the network according to the transmission condition of measuring data flow; passive measurement and situational awareness refer to a measurement method that monitors a network on a link or device (e.g., a router, switch, etc.) without generating traffic.
Further, the edge security situation awareness layer fuses security elements of multiple sources, and the method specifically includes: the feature level data fusion layer abstracts the situation information into a simply described feature space by using fuzzy reasoning so as to reduce the interaction amount of information between layers; the decision-level data fusion layer improves the fusion efficiency by using the principle that the probability of supporting evidence conflict is weighted and distributed according to the average support degree of each proposition.
Further, the step of evaluating and predicting the multi-source security elements by the edge security situation cognition layer specifically comprises:
in the safety situation evaluation, the external situation data is defined as a hidden state, the acquired external situation data information is defined as an observable state, and a relation model between the external situation data and the acquired external situation data information is established by adopting a hidden Markov model and a learning algorithm.
In the safety situation prediction, time series analysis and neural network-based algorithms are comprehensively applied, the time series analysis problem is solved by utilizing the good nonlinear description capacity of the neural network, and the time series-based analysis model is optimized.
Further, in the security situation assessment, the external situation data is defined as a hidden state, the obtained external situation data information is defined as an observable state, and a hidden markov model and a learning algorithm are adopted to establish a relationship model between the external situation data and the obtained external situation data information, which specifically includes:
step 1, calculating probability: giving a model and an observation sequence, and calculating the probability of the observation sequence under the model;
step 2, learning problem: knowing the observation sequence, estimating the parameters of the model to make the probability of the observation sequence under the model maximum, namely estimating the parameters by using a maximum likelihood estimation method;
step 3, prediction problem (decoding problem): knowing the model and the observation sequence, finding the state sequence with the maximum conditional probability for the given observation sequence, namely finding the most likely corresponding state sequence for the given observation sequence.
Further, in the safety situation prediction, the time series analysis and the algorithm based on the neural network are comprehensively applied, the time series analysis problem is solved by utilizing the good nonlinear description capability of the neural network, and the time series-based analysis model is optimized, which specifically comprises the following steps:
step 1, normalization: normalizing the input time sequence to ensure that the mean value is 0 and the standard deviation is 1;
step 2, reducing the dimension: carrying out segmentation aggregation approximate conversion on the normalized standardized sequence;
step 3, discretization: discretizing the sequence after the segment aggregation approximation into a character string sequence through word embedding, wherein each character represents the mean range of the time sequence in the corresponding time period;
step 4, character vectorization: the input of the deep learning model is required to be a numerical value vector, so that the characters obtained in the last step need to be vectorized and expressed;
step 5, model training: segmenting the character string sequence according to the input length, establishing a training data set and a testing data set, mapping the input sequence into vectors through a dictionary before passing through a neural network language model, and training the model;
and 6, predicting: predicting the test data set by using the neural network language model obtained by training in the step 5;
and 7, effect evaluation: and calculating the prediction accuracy, comparing the prediction accuracy with the prediction results of each comparison algorithm, and evaluating the performance of the algorithms.
Further, the cloud and edge block chain-based data storage architecture specifically includes:
when the security posture data is processed and stored, the block chain is used as a decentralized shared account book and database, and the method specifically comprises the following steps:
the data layer is used for storing data and ensuring the safe realization of account transaction and consists of a data block, a chain structure, a timestamp, a hash function, a Merkle tree and an asymmetric encryption algorithm;
the network layer adopts a peer-to-peer P2P network with all node positions being equal to each other to remove centralized nodes in the network, wherein the centralized nodes comprise the P2P network, a propagation mechanism and a verification mechanism;
the common identification layer is used for rapidly realizing common identification and synchronization of each data block among each node in the network, the cloud adopts a workload certification POW common identification mechanism, and a rights and interests certification POS common identification mechanism is used at the edge end;
the excitation layer is used for exciting all participating nodes of the network to actively, honestly and reliably verify the safety of the data blocks and whether the data blocks are not tampered, and consists of an issuing mechanism and a distributing mechanism;
the contract layer is used for running an automatic script, an algorithm program and an intelligent contract which can realize some constraints, contracts or transaction rules, so that the block chain can liberate a credit system;
the application layer is used for directly providing various blockchain applications related to security situation awareness.
Furthermore, the data blocks of the data layer adopt a chain structure and are connected according to the time sequence; adding nodes with timestamps participating in consensus for indicating time and embodying the time sequence; the hash function is used for ensuring the integrity and the safety of each data block; the Merkle tree is used for organizing transaction data and can prevent the data from being tampered; asymmetric encryption is used to protect the privacy of the account.
The network layer propagation mechanism is used to broadcast a newly generated data block between all nodes, and the verification mechanism verifies the data block to verify its authenticity.
The workload of the consensus layer demonstrates that the POW consensus mechanism ensures that the more powerful block producers can be selected with the maximum probability as the proposed next block, and the rights and interests demonstrate that the POS consensus mechanism ensures that the more tokens block producers can be selected with the maximum probability as the proposed next block.
The incentive layer issuing mechanism ensures that the new block issues a certain bit of money to an bookkeeper of the block; the distribution mechanism enables the weak nodes to compete in combination with self computing power to obtain rewards distributed according to certain rules.
The invention has the following advantages and beneficial effects:
the invention designs a self-adaptive security situation cognition system based on a block chain under a cloud edge end architecture in order to improve the high efficiency and effectiveness of security situation cognition. In the self-adaptive security situation cognitive machine model based on the block chain under the cloud edge end architecture, different security elements are matched to the cloud edge for processing according to computing power requirements and data characteristics of the security elements. The matching principle is that multi-source data with low computational power requirements are matched to edges, and the edges become edge security situations after situation cognitive processes such as fusion, evaluation, prediction and the like; similarly, heterogeneous and multi-source data with high computing power requirements become a cloud security situation after being matched to the cloud. When the safety situation data is processed and stored, the block chain is used as a decentralized shared account book and database, and the method has the advantages of being safe, reliable, not to be tampered, open, transparent and the like, and therefore the self-adaptive safety design requirements are greatly met.
Drawings
FIG. 1 is a block chain-based adaptive security posture awareness model for a cloud-side architecture according to an embodiment of the present invention;
FIG. 2 is a security element acquisition model;
FIG. 3 is an edge-end secure element fusion model;
FIG. 4 is a cloud security posture assessment and prediction model;
fig. 5 is a block chain structure model.
Detailed Description
The technical solutions in the embodiments of the present invention will be described in detail and clearly in the following with reference to the accompanying drawings. The described embodiments are only some of the embodiments of the present invention.
The technical scheme for solving the technical problems is as follows:
an adaptive security situation awareness system based on a block chain under a cloud edge architecture, as shown in fig. 1, includes: the system comprises a terminal security element acquisition layer, an edge security situation cognition layer and a cloud security situation cognition layer. The terminal security element acquisition layer is located the bottom layer, the cloud security situation cognition layer is located the top layer, and the edge security situation cognition layer is located between the terminal security element acquisition layer and the cloud security situation cognition layer.
1-1: terminal security element acquisition layer: the system is used for providing security element data for the edge security situation cognition layer and the cloud security situation cognition layer, and network measurement and situation cognition are carried out by adopting an active mode and a passive mode through a situation cognition terminal arranged in a network so as to obtain the security element data.
1-2: edge security posture awareness layer: the system is responsible for fusing, evaluating and predicting the multi-source security elements, safely processing and storing situation data by using a block chain technology so as to assist the real-time intelligent security decision of the edge network and provide high-value security situation data for the cloud.
1-3: cloud security situation awareness layer: the system is responsible for fusing, evaluating and predicting multi-source and heterogeneous security elements, and meanwhile, the situation data is safely processed and stored by using a block chain technology, so that a global security decision is better supported.
2. As shown in fig. 2, the method for acquiring a terminal security element includes:
2-1: the method is used for accurately finding abnormal behaviors in a complex network environment, essentially comprises the process of selecting a required element set from a security element set, reducing the dimensionality of the security element set by reducing attributes in the security element set, deleting redundant repeated attributes and selecting a key security element.
2-2: the method comprises the following steps: firstly, preprocessing collected original data such as normalization, data type conversion and the like to remove irrelevant information and standardize a data format; further carrying out attribute reduction on the historical security element information to form a security element reduction attribute set; and finally, carrying out classification learning on the reduced data so as to improve the quality of the safety elements.
3. According to the cloud and edge security situation cognition method, firstly, security situation data with correctness and timeliness are obtained through security element fusion; then carrying out situation evaluation through data analysis; and finally, predicting the situation in a short-term time in the future.
The computing power, the storage power and the communication power of the edge end are limited, and the edge end mainly performs a fusion process on multi-source safety elements during situation cognition. The cloud has strong computing power, storage capability and communication capability, and the key point is the process of evaluating and predicting multi-source and heterogeneous security situation data.
4. The edge-end security element fusion, as shown in fig. 3, is used to delineate a relatively comprehensive consistency description of a security situation in a network environment, and specifically includes:
4-1: in the feature level data fusion layer, a fuzzy reasoning data fusion system is constructed by utilizing the characteristics of high accuracy, definite pertinence, good adaptability and the like of fuzzy reasoning and combining the characteristics of safety factor data, and the feature space of situation information is abstracted according to the fuzzy reasoning data fusion system. The fuzzy inference system is endowed with rapid convergence, and the fusion efficiency of the layer is ensured; meanwhile, the feature space is described in a simple abstract form, so that the interaction amount of information can be reduced.
4-2: in a decision-level data fusion layer, aiming at the conflict problem of a D-S evidence theory, introducing an information capacity concept provided by evidence; then, aiming at improving the fusion efficiency, carrying out proper normalization processing on the capacity of each piece of evidence information; and finally, solving the average support degree of the evidence to each focal element according to the principle that the probability of supporting evidence conflict is weighted and distributed according to the average support degree of each proposition.
5. Cloud security posture assessment and prediction, as shown in fig. 4, includes:
5-1: in the safety situation evaluation, the external situation data is defined as a hidden state, the acquired external situation data information is defined as an observable state, and a relation model between the external situation data and the acquired external situation data information is established by adopting a hidden markov model and a learning algorithm, which specifically comprises the following steps:
step 1, calculating probability: giving a model and an observation sequence, and calculating the probability of the observation sequence under the model;
step 2, learning problem: knowing the observation sequence, estimating the parameters of the model to make the probability of the observation sequence under the model maximum, namely estimating the parameters by using a maximum likelihood estimation method;
step 3. Prediction problem (decoding problem): knowing the model and the observation sequence, finding the state sequence with the maximum conditional probability for the given observation sequence, namely, finding the most likely corresponding state sequence for the given observation sequence.
5-2: in the safety situation prediction, time series analysis and neural network-based algorithms are comprehensively applied, the time series analysis problem is solved by utilizing the good nonlinear description capacity of the neural network, and the time series-based analysis model is optimized. The method comprises the following specific steps:
step 1, normalization, namely normalizing the input time sequence to ensure that the mean value is 0 and the standard deviation is 1.
And 2, reducing the dimension, and performing segmented aggregation approximate conversion on the normalized standardized sequence.
And step 3, discretizing the sequence after the segment aggregation approximation into a character string sequence through word embedding, wherein each character represents the average range of the time sequence in the corresponding time period.
And 4, character vectorization, namely inputting a deep learning model to be a numerical value vector, and therefore, representing the characters obtained in the last step in a vectorization manner.
And 5, model training, namely segmenting the character string sequence according to the input length, and establishing a training data set and a test data set. And mapping the input sequence into a vector through a dictionary before passing through the neural network language model, and training the model.
And 6, predicting, namely predicting the test data set by using the neural network language model obtained by training in the step 5.
And 7, effect evaluation, namely calculating the prediction accuracy, comparing the prediction accuracy with the prediction results of each comparison algorithm, and evaluating the performance of the algorithms.
6. The cloud and edge block chain-based data storage architecture takes the block chain as a decentralized shared account book and database when processing and storing security situation data, has the characteristics of safety, reliability, no tampering, openness, transparency and the like, and greatly meets the security design requirement of a network under the cloud edge-end architecture. As shown in fig. 5, the method specifically includes:
the data layer is used for storing data and ensuring safe realization of account transaction and comprises a data block, a chain structure, a time stamp, a hash function, a Merkle tree, an asymmetric encryption algorithm and the like.
The network layer adopts a Peer-to-Peer (P2P) network with all node positions to remove centralized nodes in the network, including a P2P network, a propagation mechanism, a verification mechanism, and the like.
The consensus layer is used for rapidly realizing consensus and synchronization among all nodes in the network on all data blocks, the cloud end adopts a Proof of Work (POW) consensus mechanism, and a Proof of rights of use (POS) consensus mechanism is used at the edge end.
The incentive layer is used for motivating all participating nodes of the network to actively, honestly and reliably verify the security of the data blocks and whether the data blocks are not tampered, and comprises an issuing mechanism, an allocating mechanism and the like.
The contract layer is used for running automatic scripts, algorithm programs and intelligent contracts capable of realizing some constraints, contracts or transaction rules and the like, so that the block chain can liberate a credit system.
The application layer directly provides various blockchain applications that are security situation awareness-related.
The following is an introduction of relevant knowledge about blockchains, which is used to explain some of the terms in the present invention: the block chain is a chain data structure formed by connecting and combining data blocks according to a time sequence, and the data blocks are guaranteed to be not falsifiable and not forged in a cryptographic mode. Each chunk in the chain of chunks is linked to the immediately preceding chunk in the chain of chunks by including a cryptographic hash of the preceding chunk. Each tile also includes a timestamp, a cryptographic hash of the tile, and one or more transactions. Transactions that have been verified by nodes of the blockchain network are hashed and form a Merkle tree. In a Merkle tree, data at leaf nodes is hashed and for each branch of the Merkle tree, all hash values of the branch are concatenated at the root of the branch. The above process is performed for the Merkle tree up to the root node of the entire Merkle tree. The root node of the Merkle tree stores a hash value representing all the data in the Merkle tree. When a hash value claims to be a transaction stored in the Merkle tree, a quick verification can be performed by determining whether the hash value is consistent with the structure of the Merkle tree.
A blockchain network is a network of computing nodes used to manage, update and maintain one or more blockchain structures. In this specification, a blockchain network may include a public blockchain network, a private blockchain network, or a federated blockchain network.
In a public blockchain network, the consensus process is controlled by nodes of the consensus network. For example, there may be thousands or millions of entity co-processes in a public blockchain network, each entity operating at least one node in the public blockchain network. Thus, a public blockchain network may be considered a public network of participating entities. In some examples, most entities (nodes) must sign each chunk in sequence and add the signed chunk to the blockchain of the blockchain network. An example of a public blockchain network may include a particular peer-to-peer payment network.
Public blockchain networks support public transactions. The public transactions are shared among all nodes within the public blockchain network and are stored in the global blockchain. A global blockchain refers to a blockchain that is replicated across all nodes. To achieve consensus (e.g., agree to add blocks to a blockchain), a consensus protocol is implemented within a public blockchain network. Examples of consensus protocols include, but are not limited to: proof of work (POW), proof of rights (POS), and proof of authority (POA).
A private blockchain network is provided for a particular entity. The read-write authority of each node in the private blockchain network is strictly controlled. Thus, private blockchain networks, also commonly referred to as licensed networks, limit who is allowed to participate in the network and the level of network participation (e.g., only in certain transaction scenarios). In private blockchain networks, various types of access control mechanisms may be used (e.g., existing participants voting for the addition of a new entity, regulatory agency controlled permissions, etc.).
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.
Claims (9)
1. A self-adaptive security situation awareness system based on a block chain under a cloud edge architecture, comprising: terminal security element obtains layer, edge security situation cognitive layer and high in the clouds security situation cognitive layer, and terminal security element obtains the layer and is located the bottommost layer, and the cognitive level in high in the clouds security situation is located the highest level, and edge security situation cognitive level is located between terminal security element obtains layer and the cognitive layer in high in the clouds security situation, wherein
Terminal security element acquisition layer: providing a plurality of elements which influence network security, namely security element data, for an edge security situation cognitive layer and a cloud security situation cognitive layer, and performing network measurement and situation cognition in an active mode and a passive mode through a situation cognitive terminal arranged in a network to obtain the security element data;
edge security posture awareness layer: the system is responsible for fusing, evaluating and predicting multi-source security elements, safely processing and storing situation data by using a block chain technology so as to assist the real-time intelligent security decision of the edge network and provide the security situation data for the cloud;
cloud security situation awareness layer: the system is responsible for fusing, evaluating and predicting multi-source and heterogeneous security elements, and meanwhile, the situation data is safely processed and stored by using a block chain technology so as to support global security decision.
2. The system according to claim 1, wherein in the terminal security element acquisition layer, network measurement and situation awareness are performed in an active manner and a passive manner to acquire security element data, and the system specifically includes:
firstly, preprocessing collected original data including normalization and data type conversion to remove irrelevant information and standardize a data format; further carrying out attribute reduction on the historical security element information to form a security element reduction attribute set; and finally, carrying out classification learning on the reduced data so as to improve the quality of the safety elements.
3. The system according to claim 2, wherein active measurement and situation awareness are performed by using a measuring tool to purposefully and actively generate measurement traffic to be injected into the network at a selected measurement point, and analyzing the network performance according to the transmission condition of the measurement data stream; passive measurement and situational awareness refer to a measurement method that monitors a network on a link or device without generating traffic.
4. The adaptive security situation awareness system based on the block chain under the cloud edge architecture according to claim 1, wherein the edge security situation awareness layer performs fusion on security elements of multiple sources, and includes a feature-level data fusion layer and a decision-level data fusion layer, and specifically includes: the feature level data fusion layer abstracts the situation information into a simply described feature space by using fuzzy reasoning so as to reduce the interaction amount of information between layers; the decision-level data fusion layer improves the fusion efficiency by using the principle of 'supporting the probability of evidence conflict to be distributed according to the average support degree of each proposition in a weighted mode'.
5. The adaptive security situation awareness system based on the block chain under the cloud edge-side architecture according to claim 4, wherein the step of evaluating and predicting the multi-source security elements by the edge security situation awareness layer specifically comprises:
in the safety situation evaluation, external situation data is defined as a hidden state, the acquired external situation data information is defined as an observable state, and a relation model between the external situation data and the acquired external situation data information is established by adopting a hidden Markov model and a learning algorithm;
in the safety situation prediction, time series analysis and neural network-based algorithms are comprehensively applied, the time series analysis problem is solved by utilizing the good nonlinear description capacity of the neural network, and the time series-based analysis model is optimized.
6. The adaptive security situation awareness system based on the block chain under the cloud edge architecture according to claim 5, wherein in the security situation assessment, the external situation data is defined as a hidden state, the obtained external situation data information is defined as an observable state, and a relationship model between the external situation data and the obtained external situation data information is established by using a hidden markov model and a learning algorithm, which specifically includes:
step 1, calculating probability: giving a model and an observation sequence, and calculating the probability of the observation sequence under the model;
step 2, learning problem: knowing the observation sequence, estimating the parameters of the model to make the probability of the observation sequence under the model maximum, namely estimating the parameters by using a maximum likelihood estimation method;
step 3. Prediction problem (decoding problem): knowing the model and the observation sequence, finding the state sequence with the maximum conditional probability for the given observation sequence, namely finding the most likely corresponding state sequence for the given observation sequence.
7. The adaptive security situation awareness system based on the block chain under the cloud edge architecture according to claim 5, wherein in the security situation prediction, the time series analysis and the neural network-based algorithm are comprehensively applied, a time series analysis problem is solved by using a good nonlinear description capability of the neural network, and an analysis model based on the time series is optimized, specifically including:
step 1, normalization: normalizing the input time sequence to ensure that the mean value is 0 and the standard deviation is 1;
step 2, reducing dimensions: carrying out segmentation aggregation approximate conversion on the normalized standardized sequence;
step 3, discretization: discretizing the sequence after the segment aggregation approximation into a character string sequence through word embedding, wherein each character represents the mean range of the time sequence in the corresponding time period;
step 4, character vectorization: the input of the deep learning model is required to be a numerical value vector, so that the characters obtained in the last step need to be vectorized and expressed;
step 5, model training: and segmenting the character string sequence according to the input length to establish a training data set and a test data set. Before passing through a neural network language model, an input sequence is mapped into a vector through a dictionary, and the model is trained;
and 6, predicting: predicting the test data set by using the neural network language model obtained by training in the step 5;
and 7, effect evaluation: and calculating the prediction accuracy, comparing the prediction accuracy with the prediction results of each comparison algorithm, and evaluating the performance of the algorithms.
8. The adaptive security posture awareness system based on the block chain under the cloud edge architecture according to claim 1, wherein the cloud and edge block chain-based data storage architecture specifically comprises:
when the security posture data is processed and stored, the block chain is used as a decentralized shared account book and database, and the method specifically comprises the following steps:
the data layer is used for storing data and ensuring the safe realization of account transaction and is composed of a data block, a chain structure, a timestamp, a hash function, a Merkle tree and an asymmetric encryption algorithm;
the network layer adopts a peer-to-peer P2P network with all nodes in equal positions to remove centralized nodes in the network, and the network comprises the P2P network, a propagation mechanism and a verification mechanism;
the common identification layer is used for rapidly realizing common identification and synchronization of each data block among each node in the network, the cloud adopts a workload certification POW common identification mechanism, and a rights and interests certification POS common identification mechanism is used at the edge end;
the excitation layer is used for exciting all participating nodes of the network to actively, honestly and reliably verify the safety of the data block and whether the data block is not tampered, and comprises an issuing mechanism and a distributing mechanism;
the contract layer is used for running an automatic script, an algorithm program and an intelligent contract which can realize some constraints, contracts or transaction rules, so that a block chain can liberate a credit system;
the application layer is used for directly providing various blockchain applications related to security situation awareness.
9. The adaptive security situation awareness system based on the block chain under the cloud edge architecture according to claim 8, wherein the data blocks of the data layer are in a chain structure and are connected according to a time sequence; the node with the timestamp participating in consensus is added for indicating time and embodying the sequence of the time; the hash function is used for ensuring the integrity and the safety of each data block; the Merkle tree is used for organizing transaction data and can prevent the data from being tampered; the asymmetric encryption is used for protecting the privacy of the account;
the propagation mechanism of the network layer is used for broadcasting a newly generated data block among all nodes, and the verification mechanism verifies the data block to verify the authenticity of the data block;
the workload of the consensus layer proves that the POW consensus mechanism ensures that the block producer with more computing power can be selected as the proposed next block with the maximum probability, and the rights and interests prove that the POS consensus mechanism ensures that the block producer with more tokens can be selected as the proposed next block with the maximum probability;
the incentive layer issuing mechanism ensures that the new block issues a certain bitcoin to be rewarded to the bookkeeper of the block; the distribution mechanism enables the weak nodes to compete in combination with self computing power to obtain rewards distributed according to certain rules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210707063.5A CN115174165A (en) | 2022-06-21 | 2022-06-21 | Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210707063.5A CN115174165A (en) | 2022-06-21 | 2022-06-21 | Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115174165A true CN115174165A (en) | 2022-10-11 |
Family
ID=83488035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210707063.5A Pending CN115174165A (en) | 2022-06-21 | 2022-06-21 | Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174165A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
| CN117149799A (en) * | 2023-11-01 | 2023-12-01 | 建信金融科技有限责任公司 | Data updating method, device, electronic equipment and computer readable medium |
-
2022
- 2022-06-21 CN CN202210707063.5A patent/CN115174165A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941291A (en) * | 2022-11-16 | 2023-04-07 | 西南科技大学 | Analysis system and method for security situation awareness of DPoS (distributed denial of service) block chain network |
| CN117149799A (en) * | 2023-11-01 | 2023-12-01 | 建信金融科技有限责任公司 | Data updating method, device, electronic equipment and computer readable medium |
| CN117149799B (en) * | 2023-11-01 | 2024-02-13 | 建信金融科技有限责任公司 | Data updating method, device, electronic equipment and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347801B (en) | Vulnerability exploitation risk assessment method based on multi-source word embedding and knowledge graph | |
| Sarker | Machine learning for intelligent data analysis and automation in cybersecurity: current and future prospects | |
| US11727120B2 (en) | Blockchain cybersecurity solutions | |
| US20200389495A1 (en) | Secure policy-controlled processing and auditing on regulated data sets | |
| US20210019674A1 (en) | Risk profiling and rating of extended relationships using ontological databases | |
| CN111786950B (en) | Network security monitoring method, device, equipment and medium based on situation awareness | |
| CN108681966A (en) | A kind of information monitoring method and device based on block chain | |
| Petrenko et al. | Problem of developing an early-warning cybersecurity system for critically important governmental information assets | |
| CN115174165A (en) | Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture | |
| US20210112101A1 (en) | Data set and algorithm validation, bias characterization, and valuation | |
| US11100600B2 (en) | Systems and methods for entity network analytics using geometric growth rate analysis | |
| CN112465411A (en) | Risk prediction method, device and equipment | |
| CN112580902B (en) | Object data processing method and device, computer equipment and storage medium | |
| CN115796229A (en) | Graph node embedding method, system, device and storage medium | |
| Mazepa et al. | An ontological approach to detecting fake news in online media | |
| Mahalaxmi et al. | Data Analysis with Blockchain Technology: A Review | |
| CN112819175B (en) | Illegal legal account identification method, device, equipment and storage medium | |
| Misra et al. | Artificial intelligence for cloud and edge computing | |
| Tafannum et al. | Demystifying black-box learning models of rumor detection from social media posts | |
| Hou et al. | A Survey on blockchain data analysis | |
| Awasthi et al. | Review of techniques to prevent fake accounts on social media | |
| Zang | Construction of Mobile Internet Financial Risk Cautioning Framework Based on BP Neural Network | |
| CN112632607B (en) | Data processing method, device and equipment | |
| Wang et al. | Has Approximate Machine Unlearning been evaluated properly? From Auditing to Side Effects | |
| Hurst et al. | Protecting critical infrastructures through behavioural observation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221011 |
|
| RJ01 | Rejection of invention patent application after publication |