CN115567298A - 6G-oriented security performance optimization method and device and server - Google Patents

6G-oriented security performance optimization method and device and server Download PDF

Info

Publication number
CN115567298A
CN115567298A CN202211179855.6A CN202211179855A CN115567298A CN 115567298 A CN115567298 A CN 115567298A CN 202211179855 A CN202211179855 A CN 202211179855A CN 115567298 A CN115567298 A CN 115567298A
Authority
CN
China
Prior art keywords
security
network
capability
policy
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211179855.6A
Other languages
Chinese (zh)
Other versions
CN115567298B (en
Inventor
高枫
夏俊杰
宋畅
肖宇
王伟
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211179855.6A priority Critical patent/CN115567298B/en
Publication of CN115567298A publication Critical patent/CN115567298A/en
Application granted granted Critical
Publication of CN115567298B publication Critical patent/CN115567298B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides a method, an apparatus and a server for 6G-oriented security performance optimization, which relate to the mobile communication technology and include: acquiring first security capability of the 6G network, wherein a first policy in first security policies is acquired; determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policies of the 6G network according to the initial policy configuration; twinning the safety capabilities of all users of the 6G network and the updated safety strategy to generate a safety capability twinning system; and updating the security capability and the security policy of the 6G network according to the user information, the operation information and the security capability twin system. According to the scheme, the 6G-oriented safety twin is realized based on a digital twin technology, and the safety capability and the safety strategy of the 6G network can be optimized based on the safety twin, so that the safety performance of the 6G network can be optimized.

Description

6G-oriented security performance optimization method and device and server
Technical Field
The present disclosure relates to mobile communication technologies, and in particular, to a method, an apparatus, and a server for 6G-oriented security performance optimization.
Background
Currently, with the rapid development of mobile communication technology, research and exploration of the sixth generation telecommunication cellular network (6 g) have been started. 6G has been directed to providing better performance than 5G by digitizing real networks for wireless communications and computing. The safety of the 6G network is endogenous to one of the core capabilities of the 6G network.
In the prior art, the security performance optimization mode facing 5G mainly includes encryption protection, integrity protection and identity authentication for communication data. But this approach cannot be directly applied to the safety performance optimization of 6G.
Therefore, how to optimize the security performance of the 6G network is a problem to be solved urgently.
Disclosure of Invention
The disclosure provides a 6G-oriented security performance optimization method, a device and a server, so as to realize a digital twin of endogenous security and further optimize the security performance of a 6G network.
According to a first aspect of the present disclosure, a method for optimizing safety performance facing to 6G is provided, including:
acquiring first security capability of a 6G network and a first policy in first security policies of the 6G network;
determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy;
acquiring the operation information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; the security capabilities of all users of the 6G network and the updated security strategy are twinned to generate a security capability twinning system;
and updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system, and updating the safety strategy of the 6G network again.
In an implementation manner, a second safety capability and a second safety strategy are determined according to the user information and a preset first model and deduced in the safety capability twin system; updating the security capability of the 6G network according to the second security capability, and updating the security policy of the 6G network again according to the second security policy;
deducing in the safety capability twin system according to the operation information and a preset second model, and determining a third safety capability and a third safety strategy; and updating the security capability of the 6G network again according to the third security capability, and updating the security policy of the 6G network again according to the third security policy.
In an implementation manner, a security risk in the 6G network is predicted by deduction in the security capability twin system according to the operation information and a preset second model, and a third security capability and a third security policy are determined according to the predicted security risk.
In an implementation manner, the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network are updated according to the second security capability; updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the second security policy;
the updating the security capability of the 6G network again according to the third security capability, and the updating the security policy of the 6G network again according to the third security policy include:
updating the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security capability; and updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security policy.
In one implementation, the network capabilities of the 6G network are twinned, generating a 6G network capability twinning system;
and acquiring the operation information generated by the 6G network capacity twin system.
In an implementation manner, the user information includes a user type, a network element name, a fourth security capability, a fourth security policy, and three-dimensional address information; wherein the user type is used for representing the type of the user; the network element name is used for representing the name of the network element where the user is located; the fourth security capability is used for characterizing the security capability of the user; the fourth security policy is used for characterizing the security policy of the user; the three-dimensional address information is used for representing the address of the user.
In one implementation mode, the mobile terminal accesses authentication information, data plane security information, signaling plane security information, network security information, application layer security information, and emotion sensing security information;
the mobile terminal access authentication information comprises an authentication algorithm and authentication parameters; the data surface safety information comprises a data confidentiality protection algorithm, a data integrity protection algorithm and algorithm parameters; the signaling surface safety information comprises a signaling confidentiality protection algorithm, a signaling integrity protection algorithm and signaling parameters; the network security information comprises attack flow scheduling capability and strategy and junk information interception capability and strategy; the application layer security information comprises data packet filtering capability and strategy, virus and malicious code detection capability and strategy, virus and malicious code interception capability and strategy, and interface security protection capability and strategy; the emotion perception safety information comprises safety capacity and strategies of different application scenes and safety capacity and strategies when the different application scenes are switched.
According to a second aspect of the present disclosure, there is provided a 6G-oriented safety performance optimization apparatus, the apparatus comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first security capability of a 6G network and a first policy in a first security policy of the 6G network;
the security updating unit is used for determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy;
the twin unit is used for acquiring the operation information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; carrying out twin on the safety capabilities of all users of the 6G network and the updated safety strategy to generate a safety capability twin system;
and the safety updating unit is also used for updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system and updating the safety strategy of the 6G network again.
According to a third aspect of the present disclosure, there is provided a server comprising a memory and a processor; wherein the content of the first and second substances,
the memory for storing a computer program;
the processor is configured to read the computer program stored in the memory, and execute the 6G-oriented security performance optimization method according to the computer program in the memory.
According to a fourth aspect of the present disclosure, there is provided a computer-readable storage medium having stored therein computer-executable instructions, which when executed by a processor, implement the method for optimizing safety performance facing 6G according to the first aspect.
According to a fifth aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the 6G-oriented security performance optimization method according to the first aspect.
The 6G-oriented security performance optimization method, the device and the server provided by the disclosure comprise the following steps: acquiring first security capability of the 6G network and a first policy in first security policies of the 6G network; determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating the policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy; acquiring operation information of a 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; the security capabilities of all users of the 6G network and the updated security strategy are twinned to generate a security capability twinning system; and updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system, and updating the safety strategy of the 6G network again. The 6G-oriented safety performance optimization method, the device and the server provided by the scheme realize the 6G-oriented safety twin based on a digital twin technology, and can optimize and adjust the safety capability and the safety strategy of the 6G network based on the safety twin, thereby optimizing the safety performance of the 6G network.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flow chart diagram illustrating a 6G-oriented security performance optimization method according to an exemplary embodiment of the present disclosure;
fig. 2 is a schematic flow chart diagram illustrating a 6G-oriented security performance optimization method according to another exemplary embodiment of the present disclosure;
fig. 3 is a block diagram illustrating a 6G-oriented security performance optimization apparatus according to an exemplary embodiment of the present disclosure;
fig. 4 is a block diagram illustrating a 6G-oriented security performance optimization apparatus according to another exemplary embodiment of the present disclosure;
fig. 5 is a block diagram of a server according to an exemplary embodiment of the present disclosure.
Detailed Description
Currently, with the rapid development of mobile communication technology, research and exploration of 6G have been started. 6G has been directed to providing better performance than 5G by digitizing real networks for wireless communications and computing. The safety of the 6G network is endogenous to one of the core capabilities of the 6G network.
In the prior art, the security performance optimization mode facing 5G mainly includes encryption protection, integrity protection and identity authentication for communication data. But this approach cannot be directly applied to the safety performance optimization of 6G.
Therefore, how to optimize the security performance of the 6G network is an urgent problem to be solved.
In order to solve the technical problem, in the scheme provided by the disclosure, a 6G-oriented security twin is realized based on a digital twin technology, and based on the security twin, the security capability and the security policy of the 6G network can be optimized and adjusted, so that the security performance of the 6G network can be optimized.
The following describes the technical solutions of the present disclosure and how to solve the above technical problems in specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present disclosure will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a 6G-oriented security performance optimization method according to an exemplary embodiment of the present disclosure.
As shown in fig. 1, the method for optimizing the safety performance facing 6G provided in this embodiment includes:
step 101, obtaining a first security capability of the 6G network and a first policy of a first security policy of the 6G network.
The method provided by the present disclosure can be executed by a server with computing power. The server is able to obtain all security capabilities included in the 6G network and policies of all security policies included in the 6G network.
The security capability is used for representing the capability of the 6G network for protecting the network security, such as antivirus capability, junk information interception capability and the like.
The security policy comprises a policy and a policy configuration. The security policy is used to characterize the way in which the corresponding 6G network possesses security capabilities. For example, the policy corresponding to the antivirus capability may be to delete the source code, or to suspend the process. The policy configuration may be a priority ranking of a plurality of policies, or a policy selected correspondingly under different trigger conditions.
And 102, determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy.
The preset strategy configuration mode is a preset strategy configuration mode according to the actual situation. Specifically, the preset policy configuration manner may include a priority ranking of the multiple policies, or a policy correspondingly selected under different trigger conditions.
Specifically, the first policy corresponding to each first security capability may be configured in a preset policy configuration manner, so as to obtain a corresponding initial policy configuration. Then, the initial policy configuration may be used to update the policy configuration in the security policy of the corresponding 6G network, so as to obtain an updated security policy. The overall policy configuration of the 6G network can be optimized.
103, acquiring the running information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; and twinning the safety capabilities of all users of the 6G network and the updated safety strategy to generate a safety capability twinning system.
The operation information may include interaction and information between different network elements, network domains and users in the network.
The user information may include basic information of the user, such as a user type of the user (personal user, enterprise user), network address information of the user, and the like; the user information may also include security capabilities corresponding to the user and an updated security policy. Specifically, the user corresponds to the mobile terminal. The security capability corresponding to the user refers to the security capability of the mobile terminal corresponding to the user. The security policy corresponding to the user refers to a security policy of the mobile terminal corresponding to the user.
Specifically, the operation information of the 6G network can be acquired; and the user information of the users of the 6G network can be acquired, and the security capabilities of all the users of the 6G network and the updated security policy are twinned, so that a security capability twinning system of the 6G network is generated.
And 104, updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system, and updating the safety strategy of the 6G network again.
Specifically, deduction can be performed in the safety capability twin system according to the user information and the operation information and by using a preset model, so as to obtain the deduced safety capability and safety policy. The derived security capabilities and security policies may then be used to update the security capabilities of the 6G network and the security policies of the 6G network may be updated again. And the overall security capability and security policy of the 6G network can be optimized.
The 6G-oriented safety performance optimization method provided by the disclosure comprises the following steps: acquiring first security capability of the 6G network and a first policy in first security policies of the 6G network; determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration; acquiring operation information of a 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and security policy of the user; the safety capabilities and safety strategies of all users of the 6G network are twinned to generate a safety capability twinning system; and updating the security capability and the security policy of the 6G network according to the user information, the operation information and the security capability twin system. In the method adopted by the disclosure, the safety twin facing 6G is realized based on a digital twin technology, and the safety capability and the safety strategy of the 6G network can be optimized and adjusted based on the safety twin, so that the safety performance of the 6G network can be optimized.
Fig. 2 is a flowchart illustrating a 6G-oriented security performance optimization method according to another exemplary embodiment of the present disclosure.
As shown in fig. 2, the method for optimizing the safety performance facing to 6G provided in this embodiment includes:
step 201, obtaining a first security capability of the 6G network and a first policy of a first security policy of the 6G network.
Specifically, all security capabilities included in the 6G network and all policies in all security policies included in the 6G network may be obtained.
In one implementation manner, the first security capability and the first policy include one or more of the following combinations of a mobile terminal, an access side network, an edge side network, and a core network included in the 6G network: the mobile terminal accesses authentication information, data plane security information, signaling plane security information, network security information, application layer security information and emotion perception security information; the mobile terminal access authentication information comprises an authentication algorithm and an authentication parameter; the data surface safety information comprises a data confidentiality protection algorithm, a data integrity protection algorithm and algorithm parameters; the signaling surface safety information comprises a signaling confidentiality protection algorithm, a signaling integrity protection algorithm and signaling parameters; the network security information comprises attack flow scheduling capability and strategy and junk information interception capability and strategy; the application layer safety information comprises data packet filtering capability and strategy, virus and malicious code detection capability and strategy, virus and malicious code interception capability and strategy, and interface safety protection capability and strategy; the emotion perception security information comprises security capabilities and strategies of different application scenes and security capabilities and strategies when the different application scenes are switched.
Specifically, the 6G network may include a mobile terminal, an access side network, an edge side network, and a core network. The 6G-oriented security performance optimization method provided by the scheme can be operated in an edge network or a core network.
Specifically, the policy in all security capabilities and security policies included in the 6G network may be one or a combination of more of the following mobile terminals, access side networks, edge side networks, and core network included in the 6G network: the mobile terminal accesses authentication information, data plane security information, signaling plane security information, network security information, application layer security information and emotion perception security information; the mobile terminal access authentication information comprises an authentication algorithm and an authentication parameter; the data surface safety information comprises a data confidentiality protection algorithm, a data integrity protection algorithm and algorithm parameters; the signaling surface safety information comprises a signaling confidentiality protection algorithm, a signaling integrity protection algorithm and signaling parameters; the network security information comprises attack flow scheduling capability and strategy and junk information interception capability and strategy; the application layer security information comprises data packet filtering capability and strategy, virus and malicious code detection capability and strategy, virus and malicious code interception capability and strategy, and interface security protection capability and strategy; the emotion perception security information comprises security capabilities and strategies of different application scenes and security capabilities and strategies when the different application scenes are switched.
In the 5G network, the implementation of application layer security and context-aware security requires loading of a new application or a new system. In the 6G network provided by the present disclosure, application layer security and context-aware security can be implemented in the network layer of the 6G network, without loading a new application or a new system. By applying the 6G network provided by the disclosure, the realization of application layer safety and context awareness safety is more convenient.
Step 202, determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy.
Specifically, the principle and implementation of step 202 are similar to those of step 102, and are not described again.
Step 203, acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; and twinning the safety capabilities of all users of the 6G network and the updated safety strategy to generate a safety capability twinning system.
Specifically, the user information of the user of the 6G network may be acquired, and the security capabilities of all the users of the 6G network and the updated security policy may be twinned, thereby generating a security capability twinning system of the 6G network.
Specifically, a preset algorithm may be used to map the parameters of the physical network space (i.e., the user information of the user) to the digital space. Wherein the algorithm may be based on a blockchain to enhance secure trustworthiness.
In one implementation mode, responding to a display instruction of an operator, and displaying user information of a user by using a city information model platform according to the display instruction; the user information comprises a user type, a network element name, a fourth safety capability, a fourth safety strategy and three-dimensional address information; the user type is used for representing the type of the user; the network element name is used for representing the name of the network element where the user is located; the fourth security capability is used for representing the security capability of the user; the fourth security policy is used for representing the security policy of the user; the three-dimensional address information is used to characterize the address of the user.
The user information may include a user type, a network element name, a security capability corresponding to the user, an updated security policy, and three-dimensional address information of the user.
Wherein, the user type is used for representing the type of the user, such as an individual user, a user of a private enterprise network; the network element name is used for representing the name of the network element where the user is located, such as the network element name of an access side network where the user is located, the network element name of an edge side network, and the network element name of a core network; the fourth security capability is used for representing the security capability of the user; the fourth security policy is used for representing the security policy of the user; the three-dimensional address information is used to characterize the address of the user, such as the floor, room number, and seat location where the user may be located.
The City Information Modeling (CIM) is based on technologies such as a building Information model, a geographic Information system and the internet of things, integrates multi-dimensional Information model data and City perception data of cities on the ground, underground, indoor and outdoor and in the future under the current historical situation, and constructs a City Information organic complex of a three-dimensional digital space.
Specifically, the display instruction of the operator can be responded, and the user information of the user can be displayed by using the city information model platform according to the display instruction.
For example, the CIM may be used to check user information of the whole building, and if a network of a certain floor in the building is infected with a virus, the network disconnection of the floor may be controlled, and the network disconnection of the whole building is not necessary. By utilizing the CIM to visualize the user information, the user information can be checked more intuitively, and the network management is facilitated.
Step 204, deducing in a safety capability twin system according to the user information and a preset first model, and determining a second safety capability and a second safety strategy; and updating the security capability of the 6G network according to the second security capability, and updating the security policy of the 6G network again according to the second security policy.
The preset first model is a model preset according to actual conditions.
Specifically, the user information may be input into a preset first model, the preset first model is used to perform deduction analysis on the user information in the security capability twin system, and optimal deduced security capability and security policy, that is, the second security capability and the second security policy, are output.
The security capabilities of the 6G network may then be updated with the second security capabilities; the security policy of the 6G network is updated again with the second security policy.
In an implementation manner, the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network are updated according to the second security capability; and updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the second security policy.
Specifically, the 6G network includes a mobile terminal, an access side network, an edge side network, and a core network. The second security capability includes a security capability corresponding to the mobile terminal, a security capability corresponding to the access-side network, a security capability corresponding to the edge-side network, and a security capability corresponding to the core network. The security capability of the mobile terminal may be updated using the security capability corresponding to the mobile terminal, the security capability of the access side network may be updated using the security capability corresponding to the access side network, the security capability of the edge side network may be updated using the security capability corresponding to the edge side network, and the security capability of the core network may be updated using the security capability corresponding to the core network.
Similarly, the second security policy includes a security policy corresponding to the mobile terminal, a security policy corresponding to the access-side network, a security policy corresponding to the edge-side network, and a security policy corresponding to the core network. The security policy of the mobile terminal may be updated again using the security policy corresponding to the mobile terminal, the security policy of the access side network may be updated again using the security policy corresponding to the access side network, the security policy of the edge side network may be updated again using the security policy corresponding to the edge side network, and the security policy of the core network may be updated again using the security policy corresponding to the core network.
Step 205, carrying out twinning on the network capacity of the 6G network to generate a 6G network capacity twinning system; and acquiring the running information generated by the 6G network capacity twin system.
Specifically, the network capability of the 6G network may be twinned to generate a 6G network capability twinning system; the twin system of 6G network capabilities can synchronize the operational information of the physical network space, i.e. the interaction and information between different network elements, network domains and users in the network. The operation information generated by the 6G network capability twin system can be acquired.
Step 206, deducing in the safety capability twin system according to the operation information and a preset second model, and determining a third safety capability and a third safety strategy; and updating the security capability of the 6G network again according to the third security capability, and updating the security policy of the 6G network again according to the third security policy.
The preset second model is a model preset according to actual conditions.
Specifically, the obtained operation information generated by the 6G network capability twin system and the preset second model may be used to perform deduction in the security capability twin system, so as to obtain the optimal security capability and security policy corresponding to the operation information, that is, the third security capability and the third security policy. The security capabilities in the 6G network may then be updated again in accordance with the third security capabilities, the security policy of the 6G network being updated again with the third security policy.
In an implementation manner, according to the operation information and a preset second model, a security risk in the 6G network is predicted by deduction in the security capability twin system, and according to the predicted security risk, a third security capability and a third security policy are determined.
Specifically, the obtained operation information generated by the 6G network capability twin system and the preset second model can be used to perform deduction in the security capability twin system to predict the security risk in the 6G network. And then determining the optimal security capacity and security policy corresponding to the predicted security risk, namely the third security capacity and the third security policy, according to the predicted security risk and a preset algorithm.
In an implementation manner, the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network are updated according to the third security capability; and updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network according to the third security policy.
Specifically, the 6G network includes a mobile terminal, an access side network, an edge side network, and a core network. The third security capability includes a security capability corresponding to the mobile terminal, a security capability corresponding to the access side network, a security capability corresponding to the edge side network, and a security capability corresponding to the core network. Further, the security capability of the mobile terminal may be updated again using the security capability corresponding to the mobile terminal, the security capability of the access side network may be updated again using the security capability corresponding to the access side network, the security capability of the edge side network may be updated again using the security capability corresponding to the edge side network, and the security capability of the core network may be updated again using the security capability corresponding to the core network.
Similarly, the third security policy includes a security policy corresponding to the mobile terminal, a security policy corresponding to the access-side network, a security policy corresponding to the edge-side network, and a security policy corresponding to the core network. Further, the security policy of the mobile terminal may be updated again using the security policy corresponding to the mobile terminal, the security policy of the access-side network may be updated again using the security policy corresponding to the access-side network, the security policy of the edge-side network may be updated again using the security policy corresponding to the edge-side network, and the security policy of the core network may be updated again using the security policy corresponding to the core network.
Fig. 3 is a block diagram illustrating a 6G-oriented security performance optimization apparatus according to an exemplary embodiment of the present disclosure.
As shown in fig. 3, the present disclosure provides a packet transmitting apparatus 300, including:
an obtaining unit 310, configured to obtain a first security capability of the 6G network and a first policy of a first security policy of the 6G network;
a security updating unit 320, configured to determine an initial policy configuration according to the first security capability, the first policy, and a preset policy configuration mode, and update a policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy;
a twin unit 330 for acquiring operation information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; the security capabilities of all users of the 6G network and the updated security strategy are twinned to generate a security capability twinning system;
and the security updating unit 320 is further configured to update the security capability of the 6G network according to the user information, the operation information, and the security capability twin system, and update the security policy of the 6G network again.
Fig. 4 is a block diagram illustrating a 6G-oriented security performance optimization apparatus according to another exemplary embodiment of the present disclosure.
As shown in fig. 4, on the basis of the foregoing embodiment, in the 6G-oriented security performance optimization apparatus 400 provided by the present disclosure, the security update unit 320 further includes:
a first updating module 321, configured to deduce in the security capability twin system according to the user information and a preset first model, and determine a second security capability and a second security policy; updating the security capability of the 6G network according to the second security capability, and updating the security policy of the 6G network again according to the second security policy;
a second updating module 322, configured to deduce in the security capability twin system according to the operation information and a preset second model, and determine a third security capability and a third security policy; and updating the security capability of the 6G network again according to the third security capability, and updating the security policy of the 6G network again according to the third security policy.
The second updating module 322 is specifically configured to deduce, in the security capability twin system, the security risk in the 6G network according to the operation information and the preset second model, and determine a third security capability and a third security policy according to the predicted security risk.
The first updating module 321 is specifically configured to update security capabilities in the mobile terminal, the access side network, the edge side network, and the core network included in the 6G network according to the second security capability; updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the second security policy;
updating the security capability of the 6G network again according to the third security capability, and updating the security policy of the 6G network again according to the third security policy, wherein the updating comprises:
updating the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security capability; and updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security policy.
The twin unit 330 is specifically used for twining the network capacity of the 6G network to generate a 6G network capacity twin system;
and acquiring the running information generated by the 6G network capacity twin system.
The safety performance optimization device 500 facing 6G provided by the present disclosure further includes: a display unit 340, configured to enable the user information to include a user type, a network element name, a fourth security capability, a fourth security policy, and three-dimensional address information; the user type is used for representing the type of the user; the network element name is used for representing the name of the network element where the user is located; the fourth safety capability is used for representing the safety capability of the user; the fourth security policy is used for representing the security policy of the user; the three-dimensional address information is used to characterize the address of the user.
In one implementation manner, the first security capability and the first policy include one or more of the following combinations of a mobile terminal, an access side network, an edge side network, and a core network included in the 6G network: the mobile terminal accesses authentication information, data plane security information, signaling plane security information, network security information, application layer security information and emotion perception security information; the mobile terminal access authentication information comprises an authentication algorithm and an authentication parameter; the data surface safety information comprises a data confidentiality protection algorithm, a data integrity protection algorithm and algorithm parameters; the signaling surface safety information comprises a signaling confidentiality protection algorithm, a signaling integrity protection algorithm and signaling parameters; the network security information comprises attack flow scheduling capability and strategy and junk information interception capability and strategy; the application layer security information comprises data packet filtering capability and strategy, virus and malicious code detection capability and strategy, virus and malicious code interception capability and strategy, and interface security protection capability and strategy; the emotion perception security information comprises security capabilities and strategies of different application scenes and security capabilities and strategies when the different application scenes are switched.
Fig. 5 is a block diagram illustrating a server according to an exemplary embodiment of the present disclosure.
As shown in fig. 5, the server provided in this embodiment includes:
a memory 501;
a processor 502; and
a computer program;
wherein a computer program is stored in the memory 501 and configured to be executed by the processor 502 to implement any of the above 6G-oriented security performance optimization methods.
The present embodiment also provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement any of the above 6G-oriented security performance optimization methods.
The present embodiment also provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements any of the above 6G-oriented security performance optimization methods.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. A6G-oriented safety performance optimization method is characterized by comprising the following steps:
acquiring first security capability of a 6G network and a first policy in first security policies of the 6G network;
determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy;
acquiring the operation information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; the security capabilities of all users of the 6G network and the updated security strategy are twinned to generate a security capability twinning system;
and updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system, and updating the safety strategy of the 6G network again.
2. The method of claim 1, wherein the updating the security capabilities of the 6G network and updating the security policies of the 6G network again according to the user information, the operation information, and the security capability twin system comprises:
deducing in the safety capability twin system according to the user information and a preset first model, and determining a second safety capability and a second safety strategy; updating the security capability of the 6G network according to the second security capability, and updating the security policy of the 6G network again according to the second security policy;
deducing in the safety capability twin system according to the operation information and a preset second model, and determining a third safety capability and a third safety strategy; and updating the security capability of the 6G network again according to the third security capability, and updating the security policy of the 6G network again according to the third security policy.
3. The method according to claim 2, wherein the determining a third security capability and a third security policy, which are derived in the security capability twin system according to the operation information and a preset second model, comprises:
and deducing in the safety capacity twin system according to the operation information and a preset second model, predicting the safety risk in the 6G network, and determining a third safety capacity and a third safety strategy according to the predicted safety risk.
4. The method of claim 2, wherein the updating the security capability of the 6G network according to the second security capability and the updating the security policy of the 6G network again according to the second security policy comprise:
updating the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network according to the second security capability; updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the second security policy;
the updating the security capability of the 6G network again according to the third security capability, and the updating the security policy of the 6G network again according to the third security policy include:
updating the security capabilities in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security capability; and updating the security policies in the mobile terminal, the access side network, the edge side network and the core network included in the 6G network again according to the third security policy.
5. The method of claim 1, wherein the obtaining the operational information of the 6G network comprises:
twinning the network capability of the 6G network to generate a 6G network capability twinning system;
and acquiring the operation information generated by the 6G network capacity twin system.
6. The method of claim 1, further comprising: responding to a display instruction of an operator, and displaying user information of the user by using a city information model platform according to the display instruction;
the user information comprises a user type, a network element name, a fourth safety capability, a fourth safety strategy and three-dimensional address information; wherein the user type is used for representing the type of the user; the network element name is used for representing the name of the network element where the user is located; the fourth security capability is used for characterizing the security capability of the user; the fourth security policy is used for characterizing the security policy of the user; the three-dimensional address information is used for representing the address of the user.
7. The method according to any of claims 1-6, wherein the first security capability and the first policy comprise one or more of the following combinations of a mobile terminal, an access side network, an edge side network, and a core network included in the 6G network:
the mobile terminal accesses authentication information, data plane security information, signaling plane security information, network security information, application layer security information and emotion perception security information;
the mobile terminal access authentication information comprises an authentication algorithm and authentication parameters; the data surface safety information comprises a data confidentiality protection algorithm, a data integrity protection algorithm and algorithm parameters; the signaling surface safety information comprises a signaling confidentiality protection algorithm, a signaling integrity protection algorithm and signaling parameters; the network security information comprises attack flow scheduling capability and strategy and junk information interception capability and strategy; the application layer security information comprises data packet filtering capability and strategy, virus and malicious code detection capability and strategy, virus and malicious code interception capability and strategy, and interface security protection capability and strategy; the emotion perception safety information comprises safety capacity and strategies of different application scenes and safety capacity and strategies during switching of different application scenes.
8. A 6G-oriented safety performance optimization device, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first security capability of a 6G network and a first policy in a first security policy of the 6G network;
the security updating unit is used for determining initial policy configuration according to the first security capability, the first policy and a preset policy configuration mode, and updating policy configuration in the security policy of the 6G network according to the initial policy configuration to obtain an updated security policy;
a twin unit for acquiring operation information of the 6G network; acquiring user information of a user of the 6G network, wherein the user information comprises basic information, security capability and an updated security policy of the user; the security capabilities of all users of the 6G network and the updated security strategy are twinned to generate a security capability twinning system;
and the safety updating unit is also used for updating the safety capability of the 6G network according to the user information, the operation information and the safety capability twin system and updating the safety strategy of the 6G network again.
9. A server, comprising a memory and a processor; wherein the content of the first and second substances,
the memory for storing a computer program;
the processor is configured to read the computer program stored in the memory and execute the method of any one of claims 1 to 7 according to the computer program in the memory.
10. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1-7.
11. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the method of any one of the preceding claims 1-7.
CN202211179855.6A 2022-09-27 2022-09-27 6G-oriented security performance optimization method, device and server Active CN115567298B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211179855.6A CN115567298B (en) 2022-09-27 2022-09-27 6G-oriented security performance optimization method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211179855.6A CN115567298B (en) 2022-09-27 2022-09-27 6G-oriented security performance optimization method, device and server

Publications (2)

Publication Number Publication Date
CN115567298A true CN115567298A (en) 2023-01-03
CN115567298B CN115567298B (en) 2024-04-09

Family

ID=84743793

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211179855.6A Active CN115567298B (en) 2022-09-27 2022-09-27 6G-oriented security performance optimization method, device and server

Country Status (1)

Country Link
CN (1) CN115567298B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190372826A1 (en) * 2018-06-01 2019-12-05 David M. Sherr Software-defined network resource provisioning architecture
CN114124503A (en) * 2021-11-15 2022-03-01 北京邮电大学 Intelligent network sensing method for optimizing efficiency of progressive concurrent cache
CN114189888A (en) * 2021-11-29 2022-03-15 中国船舶重工集团公司第七一六研究所 Multimode terminal access system and method under 5G fusion network architecture based on digital twin
CN114302421A (en) * 2021-11-29 2022-04-08 北京邮电大学 Method and device for generating communication network architecture, electronic equipment and medium
US20220191648A1 (en) * 2021-12-20 2022-06-16 Ned M. Smith Digital twin framework for next generation networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190372826A1 (en) * 2018-06-01 2019-12-05 David M. Sherr Software-defined network resource provisioning architecture
CN114124503A (en) * 2021-11-15 2022-03-01 北京邮电大学 Intelligent network sensing method for optimizing efficiency of progressive concurrent cache
CN114189888A (en) * 2021-11-29 2022-03-15 中国船舶重工集团公司第七一六研究所 Multimode terminal access system and method under 5G fusion network architecture based on digital twin
CN114302421A (en) * 2021-11-29 2022-04-08 北京邮电大学 Method and device for generating communication network architecture, electronic equipment and medium
US20220191648A1 (en) * 2021-12-20 2022-06-16 Ned M. Smith Digital twin framework for next generation networks

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
王健: "面向B5G和6G通信的数字孪生信道研究", 《电波科学学报》, 11 March 2021 (2021-03-11) *
粟栗: "6G网络内生安全架构研究", 《中国科学:信息科学》, 24 January 2022 (2022-01-24) *
高枫: "6G网络安全愿景", 《邮电设计技术》, 20 August 2021 (2021-08-20) *

Also Published As

Publication number Publication date
CN115567298B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
US10666670B2 (en) Managing security breaches in a networked computing environment
Wu et al. A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities
Somula et al. A survey on mobile cloud computing: mobile computing+ cloud computing (MCC= MC+ CC)
CN105340240A (en) Methods and systems for shared file storage
CN112511512A (en) Vulnerability scanning engine and risk management system of threat detection engine
CN109583227B (en) Privacy information protection method, device and system
KR101753647B1 (en) Honypot security system based on cloud computing and method therof
CN113114656B (en) Infrastructure layout method based on edge cloud computing
CN110247906A (en) A kind of method for monitoring network and device, equipment, storage medium
CN111639356A (en) Smart city data sharing system and method
US20220278935A1 (en) Systems and methods for determining a policy that allocates traffic associated with a network protocol type to a network slice
CN110069911A (en) Access control method, device, system, electronic equipment and readable storage medium storing program for executing
US20110154015A1 (en) Method For Segmenting A Data File, Storing The File In A Separate Location, And Recreating The File
CN109543422A (en) A kind of privacy information method of disposal, apparatus and system
CN106550032A (en) A kind of data back up method, apparatus and system
Jayapandian Cloud Dynamic Scheduling for Multimedia Data Encryption Using Tabu Search Algorithm
US11522897B2 (en) Detecting and patching network vulnerabilities
CN104125090A (en) Method and apparatus for managing communication channel
CN115567298A (en) 6G-oriented security performance optimization method and device and server
CN115664743A (en) Behavior detection method and device
AU2021244987B2 (en) Reducing attack surface by selectively collocating applications on host computers
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment
Merdassi et al. Surveying and analyzing security issues in mobile cloud computing
CN112241535A (en) Server security policy configuration method based on flow data analysis
Zhao et al. A trusted and privacy-preserved dispersed computing scheme for the Internet of Mobile Things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant