CN115348184A - Internet of things data security event prediction method and system - Google Patents

Internet of things data security event prediction method and system Download PDF

Info

Publication number
CN115348184A
CN115348184A CN202210979624.7A CN202210979624A CN115348184A CN 115348184 A CN115348184 A CN 115348184A CN 202210979624 A CN202210979624 A CN 202210979624A CN 115348184 A CN115348184 A CN 115348184A
Authority
CN
China
Prior art keywords
data
training
value
vector
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210979624.7A
Other languages
Chinese (zh)
Other versions
CN115348184B (en
Inventor
高小虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Vocational College of Business
Original Assignee
Jiangsu Vocational College of Business
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Vocational College of Business filed Critical Jiangsu Vocational College of Business
Priority to CN202210979624.7A priority Critical patent/CN115348184B/en
Publication of CN115348184A publication Critical patent/CN115348184A/en
Application granted granted Critical
Publication of CN115348184B publication Critical patent/CN115348184B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for predicting data security events of the Internet of things. And obtaining data of the Internet of things. And detecting the data of the Internet of things to obtain a transmission vector set. And carrying out Hash mapping on the data content vector to obtain a mapping vector. And inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value. And if the predicted safety value is 0, discarding the data packet. The data information passes through a Hash mapping table, after the data is mapped, a storage structure is controlled to store the position of the training length, the data length is input into the LTSM neural network, the data length can be reduced and fixed, the detection of the neural network is faster, the association of the data information in sequence is obtained, the position of the training content data is controlled to be output, and therefore the influence of unnecessary data on training is reduced. And inputting the header information into the DNN neural network, jointly judging, and accurately obtaining a predicted safety value.

Description

Internet of things data security event prediction method and system
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for predicting data security events of an internet of things.
Background
In the problem of data interaction between the client and the server, the receiving end receives data, but sometimes the data is unsafe, and the unsafe data may damage the receiving end, so that the safety of the transmitted data needs to be judged. Since the transmission data is excessive and is not in an ideal state but converted into binary data, the security problem is not easily solved.
Disclosure of Invention
The invention aims to provide a method and a system for predicting data security events of the Internet of things, which are used for solving the problems in the prior art.
In a first aspect, an embodiment of the present invention provides a method for predicting data security events of an internet of things, including:
obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
detecting the data of the Internet of things to obtain a transmission vector set; the set of transport vectors includes a header vector and a data content vector; a vector value in the data content vector represents the content of a transfer;
carrying out Hash mapping on the data content vector to obtain a mapping vector;
inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value of 1 indicates that data transmission is secure; the predicted security value is 0, which indicates that the transmission data is not secure;
and if the predicted safety value is 0, discarding the data packet.
Optionally, the security event prediction model includes a storage structure, an LTSM neural network, and a DNN neural network:
the input of the DNN neural network is a data content vector; the input of the storage structure is a data content vector; the inputs to the LTSM neural network are the header vectors and the outputs of the storage structure.
Optionally, the obtaining, by detecting, the internet of things data to obtain a transmission vector set includes:
acquiring an Internet of things protocol; the Internet of things protocol is a communication protocol with a fixed receiving end; the Internet of things protocol is an application layer protocol;
obtaining a plurality of initial positions of the data of the Internet of things according to an Internet of things protocol; the initial position is the position of various information in the transmitted data of the Internet of things;
dividing the Internet of things data of a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of the Internet of things protocol;
and respectively forming a plurality of vectors by using the values in the plurality of transmission data sets to obtain a transmission vector set.
Optionally, the performing hash mapping on the data content vector to obtain a mapping vector includes:
obtaining a request length; the request length is the length of data transmitted by the request;
sequentially combining the multiple data content vectors according to the request length to obtain multiple combined data vectors; the vector length of the merged data vector is the request length;
obtaining a fixed length value; the fixed length value is a set length value;
and obtaining a mapping vector through Hash mapping based on the fixed length value and the merged data vector.
Optionally, obtaining a mapping vector through hash mapping based on the fixed length value and the merged data vector includes:
establishing a Hash mapping table; the key value in the hash mapping table is a plurality of key value pairs arranged from 0;
dividing the merged data by a fixed length value to obtain a segmentation length;
dividing the merged data vector into a plurality of data according to the division length to obtain a plurality of division data;
searching the segmentation data through a Hash mapping table to obtain a plurality of mapping data;
forming a mapping vector by using a plurality of mapping data; the mapping vector length is a fixed length value.
Optionally, the method for training the safety event prediction model includes:
obtaining a training set; the training set comprises a plurality of training data and a plurality of corresponding marking data; the training data comprises training header data and training content data; the training content data is mapping data constructed in a historical transmission process; the label data is 1, which represents safety; the label data is 0, which indicates insecurity;
obtaining a training length position based on the training content data;
inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value;
obtaining a loss value through a loss function according to the training prediction safety value and the labeled data;
obtaining the current training iteration times of a safety event prediction model and the preset maximum iteration times of the safety event prediction model training;
and stopping training when the loss value is less than or equal to the threshold value or the training iteration number reaches the maximum iteration number, so as to obtain a trained safety event prediction model.
Optionally, obtaining a training length position based on the training content data includes:
searching training content data, and judging whether a value with a vector value of-1 exists in the training data or not;
if the vector value in the training content data is a value of-1, obtaining the length position of the training content; the training content length position is the first position in the training data equal to a value of-1.
Optionally, the inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value includes:
inputting the training length position and training content data in the training data into an LTSM neural network to obtain a training content value; the training content values represent sequential relationships of data; the training content value of 1 represents that the training content data is safe, and the training content value of 0 represents that the training content data is unsafe;
inputting training header data in the training data into a DNN neural network to obtain a training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe;
when the training content value is 1 and the training header value is 1, setting the training prediction safety value as 1;
and when the training content value is 0 or the training header value is 0, setting the training prediction safety value to be 0.
Optionally, the inputting the training length position and the training content data in the training data into the LTSM neural network to obtain a training content value includes:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LTSM structure to obtain a first LTSM output value;
inputting the first LTSM output value and a second vector value in the training content data into a second LTSM structure to obtain a second LTSM output value;
the LTSM output value and the vector in the training content data are input into the LTSM structure for multiple times until the training length position in the storage structure is reached, and the training content value is obtained.
In a second aspect, an embodiment of the present invention provides an internet of things data security event prediction system, including:
an acquisition module: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
a cutting module: detecting the data of the Internet of things to obtain a transmission vector set; the set of transport vectors includes a header vector and a data content vector; a vector value in the data content vector represents the content of a transfer;
a mapping module: carrying out Hash mapping on the data content vector to obtain a mapping vector;
a security prediction module: inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value of 1 indicates that data transmission is secure; the predicted safety value is 0, which indicates that the transmitted data is unsafe;
a discarding module: and if the predicted safety value is 0, discarding the data packet.
Compared with the prior art, the embodiment of the invention achieves the following beneficial effects:
the embodiment of the invention also provides a method and a system for predicting the data security event of the Internet of things, wherein the method comprises the following steps: and obtaining data of the Internet of things. The data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network. And detecting the data of the Internet of things to obtain a transmission vector set. The set of transport vectors includes a header vector and a data content vector. Vector values in the data content vector represent the content of the transfer. And carrying out Hash mapping on the data content vector to obtain a mapping vector. And inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value. A predicted security value of 1 indicates that data transmission is secure. The predicted security value of 0 indicates that the transmitted data is not secure. And if the predicted safety value is 0, discarding the data packet.
By adopting the neural network, the safety information can be obtained more accurately. The header information and the data information in the data of the Internet of things are separated, and various characteristics of the header information and the data information can be determined. The data information passes through a Hash mapping table, after the data is mapped, a storage structure is controlled to store the position of the training length, the data length is input into the LTSM neural network, the data length can be reduced and fixed, the detection of the neural network is faster, the association of the data information in sequence is obtained, the position of the training content data is controlled to be output, and therefore the influence of unnecessary data on training is reduced. And inputting the header information into the DNN neural network, and jointly judging to accurately obtain a predicted safety value.
Drawings
Fig. 1 is a flowchart of a method for predicting data security events of the internet of things according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a security event prediction model in an internet of things data security event prediction system according to an embodiment of the present invention.
Fig. 3 is a schematic block structure diagram of an electronic device according to an embodiment of the present invention.
The labels in the figure are: a bus 500; a receiver 501; a processor 502; a transmitter 503; a memory 504; a bus interface 505.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
Example 1
As shown in fig. 1, an embodiment of the present invention provides a method for predicting data security events of an internet of things, where the method includes:
s101: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network.
The data of the internet of things is information transmitted between the client and the server.
S102: detecting the data of the Internet of things to obtain a transmission vector set; the set of transport vectors includes a header vector and a data content vector; vector values in the data content vector represent the content of the transfer.
S103: carrying out Hash mapping on the data content vector to obtain a mapping vector;
s104: and inputting the mapping vector and the header vector into a security event prediction model to obtain a predicted security value. A predicted security value of 1 indicates that data transmission is secure. The predicted security value of 0 indicates that the transmission data is not secure.
The safety event prediction model is shown in fig. 2.
S105: and if the predicted safety value is 0, discarding the data packet.
Optionally, the security event prediction model includes a storage structure, an LTSM neural network, and a DNN neural network:
the input of the DNN neural network is a data content vector; the input of the storage structure is a data content vector; the inputs to the LTSM neural network are the header vectors and the outputs of the storage structure.
Optionally, the obtaining, by detecting, the internet of things data to obtain a transmission vector set includes:
acquiring an Internet of things protocol; the Internet of things protocol is a communication protocol with a fixed receiving end. The internet of things protocol is an application layer protocol.
In this embodiment, the internet of things protocol is an HTTP protocol.
Obtaining a plurality of initial positions of the Internet of things data according to an Internet of things protocol; the initial position is the position of various information in the transmitted data of the Internet of things;
dividing the Internet of things data of a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of the Internet of things protocol;
and respectively forming a plurality of vectors by using the values in the plurality of transmission data sets to obtain a transmission vector set.
By the method, the header information and the data information in the data of the Internet of things are separated, and the predicted safety value can be accurately obtained in the subsequent safety judgment according to various characteristics of the header information and the data information.
Optionally, the performing hash mapping on the data content vector to obtain a mapping vector includes:
obtaining a request length; the request length is the length of data transmitted by the request.
Sequentially merging the multiple data content vectors according to the request length to obtain multiple merged data vectors; the vector length of the merged data vector is the request length.
A fixed input length is obtained. The fixed length value is a set length value.
And obtaining a mapping vector through Hash mapping based on the fixed length value and the merged data vector.
By the method, the data with the same request is arranged into a vector, and the safety of the transmitted data is judged through the vector.
Optionally, obtaining a mapping vector through hash mapping based on the fixed length value and the merged data vector includes:
establishing a Hash mapping table; and the key value in the hash mapping table is a plurality of key value pairs constructed by taking 0 as an initial value.
In this embodiment, the hash mapping table has a plurality of key value pairs. The key words of the key value pairs are divided binary systems; the partial hash map is shown in table 1.
TABLE 1
100 101 110 111 1000
4 5 6 7 8
And dividing the merged data by a fixed length value to obtain a segmentation length.
Wherein, if the merged data is divided by the fixed length value, there is a remainder. The quotient is added by 1 to obtain the division length. E.g., 20 divided by 7, the division length is 3.
The merged data vector is divided into a plurality of data according to the division length, and a plurality of divided data are obtained.
And searching the segmented data through a Hash mapping table to obtain a plurality of mapping data.
And forming a mapping vector by using a plurality of mapping data. The mapping vector length is a fixed length value.
The initial value of the vector value in the mapping vector is-1, and when the mapping vector is not replaced, the vector value is still-1.
By the method, the fixed-length input can be used when the neural network input is performed later through the Hash mapping table. And the data length can be reduced, so that the detection of the neural network is faster.
Optionally, the method for training the safety event prediction model includes:
obtaining a training set; the training set comprises a plurality of training data and a plurality of corresponding marking data; the training data is a mapping vector constructed in a historical transmission process; the label data is 1, which represents safety; the label data is 0, which indicates insecurity.
And obtaining pre-processing training data based on the training data.
Inputting the training data into a safety event prediction model to obtain a training prediction safety value;
and obtaining a loss value through a loss function according to the training prediction safety value and the labeled data.
Wherein the loss function is a binary cross entropy loss function.
And acquiring the current training iteration number of a safety event prediction model and the preset maximum iteration number of the safety event prediction model training.
In this embodiment, the preset maximum number of iterations of the security event prediction model training is 1200.
And stopping training when the loss value is less than or equal to a threshold value or the training iteration number reaches the maximum iteration number, so as to obtain a trained safety event prediction model.
By the method, because the input neurons in the neural network are fixed, training data with the vector length smaller than the number of the input neurons of the neural network in the safety event prediction model is complemented by-1, but because the part has no meaning in the training process, the influence of the part needs to be eliminated when loss is required. The true length is obtained and then the length is not calculated at the time of loss of value.
Optionally, obtaining a training length position based on the training content data includes:
searching training content data, and judging whether a value with a vector value of-1 exists in the training data or not;
if the vector value in the training content data is a value of-1, obtaining the length position of the training content; the training content length position is the position in the training data where the first value equals-1.
By the above method, the end of the data that is actually used for training is found.
Optionally, the inputting the training data and the training length position into the safety event prediction model to obtain a training prediction safety value includes:
inputting the training length position and training content data in the training data into an LTSM neural network to obtain a training content value; the training content values represent sequential relationships of data; the training content value of 1 indicates that the training content data is safe, and the training content value of 0 indicates that the training content data is unsafe.
Inputting training header data in the training data into a DNN neural network to obtain a training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe.
And when the training content value is 1 and the training header value is 1, setting the training prediction safety value to be 1.
And when the training content value is 0 or the training header value is 0, setting the training prediction safety value to be 0.
By the method, the training content data are input into the LTSM neural network to extract information because the training content data have a sequential relation. And the information of the training header is extracted independently, so the DNN neural network is adopted to extract the information.
Optionally, the inputting the training length position and the training content data in the training data into the LTSM neural network to obtain a training content value includes:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LTSM structure to obtain a first LTSM output value;
inputting the first LTSM output value and a second vector value in the training content data into a second LTSM structure to obtain a second LTSM output value;
the LTSM output value and the vector in the training content data are input into the LTSM structure for multiple times until the training length position in the storage structure is reached, and the training content value is obtained.
By the method, the storage structure is controlled to store the training length position, and the position of the training content data is controlled to be output, so that the influence of unnecessary data on training is reduced.
By the method, the header information and the data information in the data of the Internet of things are separated, and the predicted safety value can be accurately obtained in the subsequent safety judgment according to various characteristics of the header information and the data information. The data with the same request is arranged into a vector, and the safety of the transmitted data is judged through the vector. By means of the hash mapping table, the fixed length input can be used when the neural network input is carried out later. And the data length can be reduced, so that the detection of the neural network is faster. Because the input neurons in the neural network are fixed, training data with the vector length smaller than the number of the input neurons of the neural network in the safety event prediction model are complemented by-1. Because the training content data has a sequence relation, the training content data is input into the LTSM neural network to extract information. And the header information is extracted independently when training, so the DNN neural network is adopted to extract the information. The control storage structure stores the position of the training length and controls the position of the training content data, thereby reducing the influence of unnecessary data on training.
Example 2
Based on the method for predicting the data security event of the internet of things, the embodiment of the invention also provides a system for predicting the data security event of the internet of things, which comprises an acquisition module, a segmentation module, a mapping module, a security prediction module and a discarding module.
The acquisition module is used for acquiring the data of the Internet of things. The data of the internet of things is information transmitted by a user request. The data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network.
And the segmentation module is used for detecting the Internet of things data to obtain a transmission vector set. The set of transport vectors includes a header vector and a data content vector. Vector values in the data content vector represent the content of the transfer.
And the mapping module is used for carrying out hash mapping on the data content vector to obtain a mapping vector.
The safety prediction module is used for inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value of 1 indicates that data transmission is secure; the predicted security value of 0 indicates that the transmission data is not secure.
The discarding module is used for discarding the data packet if the predicted security value is 0.
The specific manner in which the respective modules perform operations has been described in detail in the embodiments related to the method, and will not be elaborated upon here.
An embodiment of the present invention further provides an electronic device, as shown in fig. 3, including a memory 504, a processor 502, and a computer program stored on the memory 504 and executable on the processor 502, where the processor 502 implements the steps of any one of the foregoing methods for predicting data security events of the internet of things when executing the computer program.
Wherein in fig. 3 a bus architecture (represented by bus 500) is shown, the bus 500 can include any number of interconnected buses and bridges, the bus 500 linking together various circuits including one or more processors, represented by processor 502, and memory, represented by memory 504. The bus 500 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 505 provides an interface between the bus 500 and the receiver 501 and transmitter 503. The receiver 501 and the transmitter 503 may be the same element, i.e., a transceiver, providing a means for communicating with various other apparatus over a transmission medium. The processor 502 is responsible for managing the bus 500 and general processing, and the memory 504 may be used for storing data used by the processor 502 in performing operations.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any one of the foregoing methods for predicting data security events of the internet of things, and the data mentioned above.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system is apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore, may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Moreover, those of skill in the art will appreciate that while some embodiments herein include some features included in other embodiments, not others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in an apparatus according to an embodiment of the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (10)

1. An internet of things data security event prediction method is characterized by comprising the following steps:
obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
detecting the data of the Internet of things to obtain a transmission vector set; the set of transmit vectors comprises a header vector and a data content vector; a vector value in the data content vector represents the content of a transfer;
carrying out Hash mapping on the data content vector to obtain a mapping vector;
inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value of 1 indicates that data transmission is secure; the predicted security value is 0, which indicates that the transmission data is not secure;
and if the predicted safety value is 0, discarding the data packet.
2. The internet of things data security event prediction method of claim 1, wherein the security event prediction model comprises a storage structure, an LTSM neural network and a DNN neural network:
the input of the DNN neural network is a data content vector; the input of the storage structure is a data content vector; the inputs to the LTSM neural network are the header vectors and the outputs of the storage structure.
3. The method for predicting the data security event of the internet of things according to claim 1, wherein the step of detecting the data of the internet of things to obtain a transmission vector set comprises the following steps:
acquiring an Internet of things protocol; the Internet of things protocol is a communication protocol with a fixed receiving end; the Internet of things protocol is an application layer protocol;
obtaining a plurality of initial positions of the Internet of things data according to an Internet of things protocol; the initial position is the position of various information in the transmitted data of the Internet of things;
dividing the Internet of things data of a plurality of initial positions to obtain a plurality of transmission data sets; the transmission data set is a set formed by values of corresponding positions of the Internet of things protocol;
and respectively forming a plurality of vectors by using the values in the plurality of transmission data sets to obtain a transmission vector set.
4. The method for predicting the data security event of the internet of things according to claim 1, wherein the step of performing hash mapping on the data content vector to obtain a mapping vector comprises the following steps:
obtaining a request length; the request length is the data length transmitted by the request;
sequentially combining the multiple data content vectors according to the request length to obtain multiple combined data vectors; the vector length of the merged data vector is the request length;
obtaining a fixed length value; the fixed length value is a set length value;
and obtaining a mapping vector through Hash mapping based on the fixed length value and the merged data vector.
5. The method for predicting the data security event of the internet of things according to claim 4, wherein the obtaining of the mapping vector through hash mapping based on the fixed length value and the merged data vector comprises:
establishing a Hash mapping table; the key value in the hash mapping table is a plurality of key value pairs arranged from 0;
dividing the merged data by a fixed length value to obtain a segmentation length;
dividing the merged data vector into a plurality of data according to the division length to obtain a plurality of division data;
searching the segmentation data through a Hash mapping table to obtain a plurality of mapping data;
forming a mapping vector by using a plurality of mapping data; the mapping vector length is a fixed length value.
6. The internet of things data security event prediction method of claim 1, wherein the training method of the security event prediction model comprises the following steps:
obtaining a training set; the training set comprises a plurality of training data and a plurality of corresponding marking data; the training data comprises training header data and training content data; the training content data is mapping data constructed in a historical transmission process; the label data is 1 to indicate safety; the annotation data is 0, which indicates that the data is unsafe;
obtaining a training length position based on the training content data;
inputting the training data and the training length position into a safety event prediction model to obtain a training prediction safety value;
obtaining a loss value through a loss function by using the training prediction safety value and the labeled data;
obtaining the current training iteration times of a safety event prediction model and the preset maximum iteration times of the safety event prediction model training;
and stopping training when the loss value is less than or equal to the threshold value or the training iteration number reaches the maximum iteration number, so as to obtain a trained safety event prediction model.
7. The method for predicting data security events of the internet of things according to claim 6, wherein the obtaining of the training length position based on the training content data comprises:
searching training content data, and judging whether a value with a vector value of-1 in the training data exists in the data;
if the vector value in the training content data is a value of-1, obtaining the length position of the training content; the training content length position is the first position in the training data equal to a value of-1.
8. The method for predicting the data security event of the internet of things according to claim 6, wherein the step of inputting the training data and the training length position into a security event prediction model to obtain a training prediction security value comprises the following steps:
inputting the training length position and training content data in the training data into an LTSM neural network to obtain a training content value; the training content values represent sequential relationships of data; the training content value of 1 represents that the training content data is safe, and the training content value of 0 represents that the training content data is unsafe;
inputting training header data in the training data into a DNN neural network to obtain a training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe;
when the training content value is 1 and the training header value is 1, setting the training prediction safety value to 1;
and when the training content value is 0 or the training header value is 0, setting the training prediction safety value to be 0.
9. The method for predicting the data security event of the internet of things according to claim 8, wherein the step of inputting the training length position and the training content data in the training data into the LTSM neural network to obtain the training content value comprises the steps of:
inputting the training length position into a storage structure;
inputting a first vector value in the training content data into a first LTSM structure to obtain a first LTSM output value;
inputting the first LTSM output value and a second vector value in the training content data into a second LTSM structure to obtain a second LTSM output value;
the LTSM output value and the vector in the training content data are input into the LTSM structure for multiple times until the training length position in the storage structure is reached, and the training content value is obtained.
10. An internet of things data security event prediction system, comprising:
an acquisition module: obtaining data of the Internet of things; the data of the Internet of things is information transmitted by a user request; the data of the Internet of things is application layer request information which is received by a receiving end and transmitted through a network;
a cutting module: detecting the data of the Internet of things to obtain a transmission vector set; the set of transmit vectors comprises a header vector and a data content vector; a vector value in the data content vector represents the content of a transfer;
a mapping module: carrying out Hash mapping on the data content vector to obtain a mapping vector;
a security prediction module: inputting the mapping vector and the header vector into a safety event prediction model to obtain a predicted safety value; the predicted security value of 1 indicates that data transmission is secure; the predicted security value is 0, which indicates that the transmission data is not secure;
a discarding module: and if the predicted safety value is 0, discarding the data packet.
CN202210979624.7A 2022-08-16 2022-08-16 Internet of things data security event prediction method and system Active CN115348184B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210979624.7A CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210979624.7A CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Publications (2)

Publication Number Publication Date
CN115348184A true CN115348184A (en) 2022-11-15
CN115348184B CN115348184B (en) 2024-01-26

Family

ID=83952890

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210979624.7A Active CN115348184B (en) 2022-08-16 2022-08-16 Internet of things data security event prediction method and system

Country Status (1)

Country Link
CN (1) CN115348184B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659243A (en) * 2022-12-22 2023-01-31 四川九通智路科技有限公司 Infrastructure risk monitoring method and monitoring system based on MEMS

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212681A1 (en) * 2012-02-15 2013-08-15 Hitachi, Ltd. Security Monitoring System and Security Monitoring Method
CN109284606A (en) * 2018-09-04 2019-01-29 中国人民解放军陆军工程大学 Data flow anomaly detection system based on empirical features and convolutional neural networks
CN110995769A (en) * 2020-02-27 2020-04-10 上海飞旗网络技术股份有限公司 Deep data packet detection method and device and readable storage medium
CN111324889A (en) * 2020-03-04 2020-06-23 深信服科技股份有限公司 Security event prediction method, device, equipment and computer readable storage medium
CN112165402A (en) * 2020-09-28 2021-01-01 北京环境特性研究所 Method and device for predicting network security situation
CN112840355A (en) * 2018-09-05 2021-05-25 甲骨文国际公司 Context-aware feature embedding using deep recurrent neural networks and anomaly detection of sequential log data
CN113179244A (en) * 2021-03-10 2021-07-27 上海大学 Federal deep network behavior feature modeling method for industrial internet boundary safety
CN113765896A (en) * 2021-08-18 2021-12-07 广东三水合肥工业大学研究院 Internet of things implementation system and method based on artificial intelligence
CN113934862A (en) * 2021-09-29 2022-01-14 北方工业大学 Community security risk prediction method, device, electronic equipment and medium
CN114172881A (en) * 2021-11-19 2022-03-11 上海纽盾科技股份有限公司 Network security verification method, device and system based on prediction
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114785609A (en) * 2022-05-09 2022-07-22 内蒙古铖品科技有限公司 Data transmission safety detection system and method under block chain scene

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212681A1 (en) * 2012-02-15 2013-08-15 Hitachi, Ltd. Security Monitoring System and Security Monitoring Method
CN109284606A (en) * 2018-09-04 2019-01-29 中国人民解放军陆军工程大学 Data flow anomaly detection system based on empirical features and convolutional neural networks
CN112840355A (en) * 2018-09-05 2021-05-25 甲骨文国际公司 Context-aware feature embedding using deep recurrent neural networks and anomaly detection of sequential log data
CN110995769A (en) * 2020-02-27 2020-04-10 上海飞旗网络技术股份有限公司 Deep data packet detection method and device and readable storage medium
CN111324889A (en) * 2020-03-04 2020-06-23 深信服科技股份有限公司 Security event prediction method, device, equipment and computer readable storage medium
CN112165402A (en) * 2020-09-28 2021-01-01 北京环境特性研究所 Method and device for predicting network security situation
CN113179244A (en) * 2021-03-10 2021-07-27 上海大学 Federal deep network behavior feature modeling method for industrial internet boundary safety
CN113765896A (en) * 2021-08-18 2021-12-07 广东三水合肥工业大学研究院 Internet of things implementation system and method based on artificial intelligence
CN113934862A (en) * 2021-09-29 2022-01-14 北方工业大学 Community security risk prediction method, device, electronic equipment and medium
CN114172881A (en) * 2021-11-19 2022-03-11 上海纽盾科技股份有限公司 Network security verification method, device and system based on prediction
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114785609A (en) * 2022-05-09 2022-07-22 内蒙古铖品科技有限公司 Data transmission safety detection system and method under block chain scene

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KUMAR SAURABH: "LBDMIDS:LSTM Based Deep Learning Model for Intrusion Detection Systems for IoT Networks", 《2022 IEEE WORLD AI IOT CONGRESS》 *
朱洪根: "基于物联网安全监测数据的预测研究", 《中国优秀硕士学位论文全文数据库》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659243A (en) * 2022-12-22 2023-01-31 四川九通智路科技有限公司 Infrastructure risk monitoring method and monitoring system based on MEMS

Also Published As

Publication number Publication date
CN115348184B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
CN107330522B (en) Method, device and system for updating deep learning model
JP6099793B2 (en) Method and system for automatic selection of one or more image processing algorithms
US10645105B2 (en) Network attack detection method and device
CN115348184A (en) Internet of things data security event prediction method and system
CN114064242A (en) Method, device and storage medium for adjusting scheduling parameters
CN110795558B (en) Label acquisition method and device, storage medium and electronic device
CN114662006A (en) End cloud collaborative recommendation system and method and electronic equipment
CN116893912B (en) Inter-core communication method, system, device, equipment and medium for vehicle-mounted software
CN112367215B (en) Network traffic protocol identification method and device based on machine learning
CN113361618A (en) Industrial data joint modeling method and system based on federal learning
CN109993286B (en) Sparse neural network computing method and related product
CN113792232B (en) Page feature calculation method, page feature calculation device, electronic equipment, page feature calculation medium and page feature calculation program product
CN116468967A (en) Sample image screening method and device, electronic equipment and storage medium
CN114338129B (en) Message anomaly detection method, device, equipment and medium
CN113656466B (en) Policy data query method, device, equipment and storage medium
CN114064905A (en) Network attack detection method, device, terminal equipment, chip and storage medium
US11599544B2 (en) Primary tagging in a data stream
CN110069770B (en) Data processing system, method and computer equipment
CN114547308A (en) Text processing method and device, electronic equipment and storage medium
CN109657523B (en) Driving region detection method and device
CN103744963A (en) Processing method and device for transforming destination pages
CN113132312A (en) Processing method and device for threat detection rule
CN111461310A (en) Neural network device, neural network system and method for processing neural network model
CN111259918B (en) Method and device for labeling intention labels, server and storage medium
CN112559840B (en) Internet surfing behavior recognition method and device, computing equipment and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant