CN115664697A - Multistage cascade internet of things situation sensing system - Google Patents

Multistage cascade internet of things situation sensing system Download PDF

Info

Publication number
CN115664697A
CN115664697A CN202211067523.9A CN202211067523A CN115664697A CN 115664697 A CN115664697 A CN 115664697A CN 202211067523 A CN202211067523 A CN 202211067523A CN 115664697 A CN115664697 A CN 115664697A
Authority
CN
China
Prior art keywords
internet
situation
things
network
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211067523.9A
Other languages
Chinese (zh)
Other versions
CN115664697B (en
Inventor
党芳芳
闫丽景
李帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority to CN202211067523.9A priority Critical patent/CN115664697B/en
Publication of CN115664697A publication Critical patent/CN115664697A/en
Application granted granted Critical
Publication of CN115664697B publication Critical patent/CN115664697B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a multi-level cascade internet of things situation perception system which comprises a network data acquisition module, a network data overall planning module, a defense cascade quantization module, a situation characteristic preprocessing module, a situation perception prediction module, a situation defense early warning module and a situation perception optimization correction module.

Description

Multistage cascade internet of things situation sensing system
Technical Field
The invention belongs to the technical field of situation awareness, and relates to a multistage cascade internet of things situation awareness system.
Background
With the rapid development of the informatization technology, networks tend to be increasingly complex and diversified, and huge challenges are brought to network security, the security performance of the internet of things is based on the security of each internet of things device, the internet of things is frequently attacked due to various attacking behaviors, the security in the communication process of the internet of things is seriously influenced, the situations of large network invasion data volume, large dimensionality and the like exist in the situation perception process of the internet of things at present, the similarity and the relevance among the internet of things devices influencing the security of the internet of things cannot be established, the situations influencing the security of the internet of things cannot be clustered, the capabilities of reducing the dimensionality and reducing the data processing capacity are lacked, the workload of predicting the situation of the internet of things is large, the dimensionality is large, the accuracy of the predicting situation of the internet of things is low, defense and prediction optimization cannot be performed according to the predicted situation, and the reliability of timely defense due to prediction is reduced.
Disclosure of Invention
The invention aims to provide a multistage cascading Internet of things situation awareness system, which solves the problems in the prior art.
The purpose of the invention can be realized by the following technical scheme:
a multi-level cascade internet of things situation awareness system comprises a network data acquisition module, a network data overall planning module, a defense cascade quantification module, a situation characteristic preprocessing module, a situation awareness prediction module and a situation defense early warning module;
the network data acquisition module is used for acquiring operation index parameter information of different Internet of things equipment;
the network data overall planning module is used for acquiring operation index parameter information of each piece of Internet of things equipment in the attack process of the prior Internet of things, performing overall planning analysis on the operation index parameter information of each piece of Internet of things equipment, establishing a similarity evaluation coefficient among the pieces of Internet of things equipment and an interference correlation coefficient among the pieces of Internet of things equipment, and sending the established similarity evaluation coefficient and the interference correlation coefficient among the pieces of Internet of things equipment to the defense cascade quantization module;
the defense cascade quantization module acquires similar evaluation coefficients and interference correlation coefficients among the Internet of things devices, trains and acquires network attack collapse factors of the Internet of things devices under different attack levels, establishes a network attack level multistage cascade distribution table, and analyzes defense quantization coefficients corresponding to the network attack of the Internet of things at each moment by combining the network attack collapse factors of the Internet of things devices and the similar evaluation coefficients and the interference correlation coefficients among the Internet of things devices;
the situation characteristic preprocessing module is used for extracting situation characteristics of the internet of things equipment when the internet of things equipment is attacked, constructing a network dangerous situation characteristic set, classifying the constructed network dangerous situation characteristic set and carrying out cluster analysis on the classified network dangerous situation characteristics;
the situation perception prediction module is used for acquiring the times of the network dangerous situation characteristics in the classified network dangerous situation characteristic set in the prior data transmission process, extracting network dangerous situation characteristic coefficients corresponding to the network dangerous situation characteristics after clustering analysis in the communication transmission process and interference correlation coefficients among the Internet of things devices, training a perception prediction model of the Internet of things devices under attack, and predicting attack situation perception coefficients of the Internet of things devices through the prediction perception model;
and the situation defense early warning module judges whether the predicted attack situation perception coefficient is larger than a set threshold value, and if so, screens out the defense measure corresponding to the attack situation perception coefficient and sends the defense measure to the Internet of things equipment corresponding to the attack situation perception coefficient.
Further, the analysis of the similarity evaluation coefficient among the internet of things devices adopts the following method:
a1, screening previous Internet of things equipment and next Internet of things equipment which are connected with Internet of things equipment k;
a2, counting a communication path g required to be adopted for transmitting data sent by the h-th Internet of things device to the f-th Internet of things device and the Internet of things devices passing through each communication path, and constructing a communication path set;
step A3, extracting the functional characteristics corresponding to the Internet of things equipment in a communication path g required to be adopted by the data transmitted by the h Internet of things equipment to the f Internet of things equipment in the step A2, and constructing a functional characteristic set of the Internet of things equipment;
step A4, screening attack damage coefficients of the same attack data to all Internet of things devices;
and step A5, analyzing the function feature set of the Internet of things equipment in the step A3 and the attack destruction coefficient of the Internet of things equipment in the step A4 by adopting a similar evaluation model so as to judge the similar evaluation coefficient among the Internet of things equipment in each communication path g required to be adopted by the data transmitted from the h-th Internet of things equipment to the f-th Internet of things equipment.
Further, the similarity evaluation model in the step A5 is
Figure BDA0003828442380000031
β h→f cd The method comprises the steps that similarity evaluation coefficients between a c-th internet-of-things device and a d-th internet-of-things device are evaluated in the process that data are transmitted from the h-th internet-of-things device to the f-th internet-of-things device, and the c-th and the d-th internet-of-things devices belong to devices in all communication paths through which the data are transmitted from the h-th internet-of-things device to the f-th internet-of-things device;
Δw h→f cdi for a matching value between the functional feature set corresponding to the c-th internet of things device and the ith functional feature in the d-th internet of things device, if the ith functional feature in the d-th internet of things device exists in the functional feature set corresponding to the c-th internet of things device, Δ w h→f cdi Taking a natural number e, if not, then Δ w h→f cdi The value is 1;
λ cd q is an attack destruction coefficient lambda corresponding to the qth attack on the c-th Internet of things equipment c Attack destruction coefficients lambda corresponding to q-th attack on q-th and d-th internet of things equipment d Product between q, λ cd q=λ c q*λ d Q and Q are attack times;
(Sw h→f c ,Swh→fd) max transmitting data from the h-th IOT device to the f-th IOT device in the process, wherein the maximum value of the number of the functional features in the functional feature set corresponding to the c-th IOT device and the d-th IOT device is the maximum value of the number of the functional features in the functional feature set corresponding to the c-th IOT device and the d-th IOT device。
Further, the situation characteristic preprocessing module performs clustering analysis on the network dangerous situation characteristics, and the method comprises the following steps:
h1, constructing a network dangerous situation characteristic set;
h2, establishing network dangerous situation characteristic classification;
h3, performing clustering analysis on the m types of network dangerous situation characteristics by adopting a situation classification clustering evaluation function, and analyzing the situation classification aggregation degree of each dangerous situation characteristic in the network dangerous situation characteristic set;
h4, classifying and verifying the classified dangerous situation characteristics of each network;
and H5, judging whether the classification verification coefficient K is smaller than a set threshold value, if so, stopping iterative computation of the network danger situation characteristic coefficients corresponding to the classification centers, and taking a network danger situation characteristic coefficient set U under the classification center corresponding to the classification verification coefficient K as a classification center set.
Further, the method for carrying out weight quantification display on each network danger situation feature in the network danger situation feature set comprises the following steps:
t1, extracting historical network situation element information, comparing the historical network situation element information with characteristic elements corresponding to the characteristic coefficients of the network dangerous situation in the network dangerous situation characteristic set to obtain a historical network situation element repeated set, wherein ri is the number of times of the characteristic elements corresponding to the ith network dangerous situation characteristic coefficient appearing in the historical network situation element information;
step T2, calculating a classification verification function and a classification clustering evaluation function to calculate the network danger situation characteristic coefficients of each classification center;
t3, constructing a matrix by using the network danger situation characteristic coefficients of all the classification centers;
and step T4, multiplying the matrix constructed by the network dangerous situation characteristic coefficients in the step T3 by the historical network situation element coincidence set in the step T1, and performing normalization processing to obtain a weight numerical value corresponding to each network dangerous situation characteristic in the network dangerous situation characteristic set.
Further, the perceptual prediction model is:
Figure BDA0003828442380000051
Figure BDA0003828442380000052
attack situation perception coefficient, SF, for the c-th Internet of things device cx Interference correlation coefficient (NB) of the xth Internet of things equipment to the c Internet of things equipment c A defense quantization coefficient corresponding to the c-th Internet of things equipment under network attack, e is a natural number, D ij Classifying the situation clustering degree of the ith network danger situation characteristic after clustering belonging to the jth classification center, hij is a weight coefficient corresponding to the ith network danger situation characteristic in the jth classification center, cij is the frequency of the ith network danger situation characteristic in the jth classification center, and C 0 Is the set initial number.
Furthermore, the system further comprises a situation perception optimization correction module, the situation perception optimization correction module extracts the attack situation perception coefficient of the internet of things equipment predicted by the situation perception prediction module and obtains an actual attack coefficient of the internet of things equipment under the predicted attack situation perception coefficient, and the perception prediction module is optimized and corrected through the predicted attack situation perception coefficient and the actual attack coefficient of the internet of things equipment.
The invention has the beneficial effects that:
according to the multi-level cascading Internet of things situation sensing system, the network data planning module is used for carrying out matching analysis on the functional characteristics of the Internet of things equipment influencing the Internet of things state so as to analyze the attack condition of the Internet of things equipment, further analyze the similarity evaluation coefficient among the Internet of things equipment and the interference correlation degree among the Internet of things equipment, realize unified and centralized interference evaluation on the Internet of things equipment, and accurately establish the similarity degree and the interference degree among the Internet of things equipment in Internet of things communication.
According to the invention, the network attack collapse factors of the Internet of things equipment under different attack levels are obtained in a multi-level cascade mode, the defense quantization coefficients corresponding to the network attack of the Internet of things at each moment are analyzed by combining the similarity evaluation coefficients and the interference correlation coefficients among the Internet of things equipment, and the digitization degree of the defense resistance of the Internet of things equipment under the attack condition can be intuitively displayed.
According to the invention, the situation characteristics of the equipment of the Internet of things are clustered and analyzed when being attacked, the classification center of each situation characteristic is established, the accuracy of classification of the network dangerous situation characteristics is improved, the interference dimension influencing network safety factors is reduced, the pre-judging capability of the interference factors is improved, the situation perception prediction analysis is carried out through the situation perception prediction module according to the times of the network dangerous situation characteristics appearing in the equipment of the Internet of things, and the predicted situation is early-warned and optimally corrected, so that the situation prediction accuracy of the equipment of the Internet of things and the safety of the Internet of things are improved, the situation prediction duration is greatly reduced, the stability of the Internet of things built by the equipment of the Internet of things is improved, and the problem that the situation of the existing equipment of the Internet of things is difficult to predict is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The multi-level cascading Internet of things situation perception system comprises a network data acquisition module, a network data overall planning module, a defense cascading quantification module, a situation characteristic preprocessing module, a situation perception prediction module, a situation defense early warning module and a situation perception optimization correction module.
The network data acquisition module is used for acquiring operation index parameter information of different Internet of things devices.
The operation index parameter information of the internet of things equipment comprises a network loss table rate, a network throughput, a link maximum transmission delay, a received data request rate, a received data packet quantity, a forwarded data packet quantity, a packet sending rate and the like.
The network data overall planning module is used for acquiring the operation index parameter information of each piece of internet-of-things equipment in the attack process of the prior internet of things, performing overall analysis on the operation index parameter information of each piece of internet-of-things equipment, establishing a similar evaluation coefficient among the pieces of internet-of-things equipment and an interference correlation coefficient among the pieces of internet-of-things equipment, and sending the established similar evaluation coefficient and the interference correlation coefficient among the pieces of internet-of-things equipment to the defense cascading quantization module.
The analysis of the similarity evaluation coefficient among the Internet of things equipment adopts the following method:
step A1, screening out the previous Internet of things equipment and the next Internet of things equipment which are connected with the Internet of things equipment k, and recording the equipment as P k h →f The communication data sent by the h-th internet of things device is transmitted to the f-th internet of things device by the k-th internet of things device;
the types of the internet of things devices with different numbers can be the same, k is not equal to h is not equal to f, h and f belong to 1 to z, z is a positive integer and is the total number of the internet of things devices, HF is the total number of the internet of things devices for transmitting data from the h-th internet of things device to the f-th internet of things device, and k belongs to 1 to HF;
step A2, counting communication paths g required to be adopted for transmitting data sent by the h-th Internet of things device to the f-th Internet of things device and the Internet of things devices passing through each communication path, and constructing a communication path set U h→f =[μ h→f g1h→f g2 ,...,μ h→f gb ],g=1,2,3,...,b=1,2,...,μ h→f gb In order to adopt the kth internet of things equipment adopted in the process of transmitting data sent by the kth internet of things equipment to the fth internet of things equipment by adopting the gth communication path, the list of all the internet of things equipment in the process of communicating the kth internet of things equipment with the fth internet of things equipment is met;
step A3, extracting the functional characteristics corresponding to the Internet of things equipment in the communication path g required to be adopted by the data transmission from the h Internet of things equipment to the f Internet of things equipment in the step A2, and constructing a functional characteristic set W of the Internet of things equipment h→f gb =[w h→f gb 1,w h→f gb 2,...,w h→f gb r],w h→f gb r is an r functional characteristic corresponding to a b-th internet-of-things device adopted in the process of transmitting data sent by the h-th internet-of-things device to the f-th internet-of-things device by adopting a g-th communication path, wherein r is a positive integer and r =1, 2.;
step A4, screening attack destruction coefficients lambda of the same attack data to the Internet of things equipment,
Figure BDA0003828442380000081
φ p performance weighting factor for the p-th running index, I p 、I Lower limit of p And l' p Respectively a standard parameter value, a parameter value in an attack state and a lower limit parameter value of the p-th operation index;
and establishing a reference table for influencing the attack destruction coefficients of the equipment of the Internet of things, wherein the reference table records the performance weight coefficient corresponding to the parameter information of each operation index, the standard parameter value (under the condition of not being attacked) corresponding to each operation index, the parameter value of each operation index after being attacked and the lower limit parameter value corresponding to each operation index.
And step A5, analyzing the function feature set of the Internet of things equipment in the step A3 and the attack destruction coefficient of the Internet of things equipment in the step A4 by adopting a similar evaluation model so as to judge the similar evaluation coefficient among the Internet of things equipment in each communication path g required to be adopted by the data transmitted from the h-th Internet of things equipment to the f-th Internet of things equipment.
Similarity evaluation model
Figure BDA0003828442380000091
β h→f cd For data transmission from the h-th internet of things equipmentThe similarity evaluation coefficient between the c-th internet-of-things device and the d-th internet-of-things device in the process from the f-th internet-of-things device, wherein the c-th and the d-th internet-of-things devices belong to devices in all communication paths through which data are transmitted from the h-th internet-of-things device to the f-th internet-of-things device, and delta w h→f cdi For a matching value between the functional feature set corresponding to the c-th internet of things device and the ith functional feature in the d-th internet of things device, if the ith functional feature in the d-th internet of things device exists in the functional feature set corresponding to the c-th internet of things device, Δ w h→f cdi Taking a natural number e, if not, then Δ w h→f cdi Value of 1, λ cd q is an attack destruction coefficient lambda corresponding to the qth attack on the c Internet of things equipment c Attack destruction coefficients lambda corresponding to q-th attack on q-th and d-th internet of things equipment d Product between q, λ cd q=λ c q*λ d Q, Q is attack times, (Sw) h→f c ,Sw h →f d ) max The maximum value of the number of the functional features in the functional feature set corresponding to the c-th internet-of-things device and the d-th internet-of-things device in the process of transmitting data from the h-th internet-of-things device to the f-th internet-of-things device is obtained.
The method has the advantages that h is set as the starting-end equipment in the communication of the Internet of things, f is set as the tail-end equipment in the communication of the Internet of things, judgment of similar evaluation coefficients can be achieved for all the Internet of things equipment in the communication of the whole Internet of things, and the selection range of the Internet of things equipment in the communication of the Internet of things can be determined by adjusting the values of h and f.
The method has the advantages that the functional characteristics of the Internet of things equipment under each communication path are adopted for matching judgment, the attack damage coefficient under the condition that the Internet of things equipment is attacked is analyzed, the similarity degree under the Internet of things equipment under each communication path can be analyzed, the accuracy judgment of similarity evaluation between two pieces of Internet of things equipment is realized, and a foundation is laid for the interference correlation degree analysis between the pieces of Internet of things equipment in the later period.
The calculation formula of the interference correlation coefficient among the equipment of the Internet of things is
Figure BDA0003828442380000101
SF cd Expressed as the interference correlation coefficient between the c-th and d-th IOT devices, where e is a natural number, beta cd Is a similar evaluation coefficient w 'between the c < th > Internet of things equipment and the d < th > Internet of things equipment' cd ij is an interference value caused by the ith functional feature of the ith Internet of things device under the condition that the ith functional feature of the ith Internet of things device is attacked, the interference value is 1 or 0, when the ith functional feature of the xth Internet of things device is affected under the condition that the ith functional feature of the xth Internet of things device is attacked, the interference value is 1, otherwise, the interference value is 0, epsilon is cd ij is a specific gravity coefficient causing interference to the jth functional feature of the tth internet of things device under the condition that the ith functional feature of the tth internet of things device is attacked.
The defense cascading quantization module obtains similar evaluation coefficients and interference correlation coefficients among the Internet of things devices, trains and obtains network attack collapse factors of the Internet of things devices under different attack levels, establishes a network attack level cascading distribution table, displays the network attack collapse factors of the attack levels corresponding to the attacks on the Internet of things devices in the cascading distribution table, combines the network attack collapse factors of the Internet of things devices and the similar evaluation coefficients and the interference correlation coefficients among the Internet of things devices, analyzes defense quantization coefficients corresponding to the network attacks on the Internet of things at all times, can reversely deduce an overall attack coefficient of the network on the Internet of things to be a defense quantization coefficient sum corresponding to the Internet of things devices through the defense quantization coefficients corresponding to the network attacks on the Internet of things devices, and achieves quantitative data display of the network on the attack on the Internet of things devices under multi-level cascading.
The network attack level is determined by the network attack times, the attack frequency, the corresponding time length of network attack intrusion detection and the attack release time length.
Different network attack levels are determined by different network attack collapse factor ranges, specifically, the first network attack level, the second network attack level and the third network attack level respectively have corresponding network attack collapse factors of 0-L1, L1-L2, L2-1, L1 is more than 0 and L2 is less than 1, and the network attack collapse factors of the first network attack level, the second network attack level and the third network attack level are gradually increased.
The rough measurement formula of the network attack collapse factor is as follows:
Figure BDA0003828442380000111
g1, G2, G3 and G4 are respectively expressed as network attack times, attack frequency, corresponding time length of network attack intrusion detection and attack release time length, and G '1, G'2, G '3 and G'4 are respectively expressed as preset network attack times, attack frequency, corresponding time length of network attack intrusion detection and attack release time length.
Defense quantization coefficient NB corresponding to c-th Internet of things equipment under network attack c The calculation formula is
Figure BDA0003828442380000112
e is a natural number, T is the number of related Internet of things equipment, NB c Is a defense quantization coefficient corresponding to the c-th internet of things equipment under the network attack,
Figure BDA0003828442380000113
and evaluating the coefficient for the similarity between the xth internet-of-things equipment and the xth internet-of-things equipment.
The situation characteristic preprocessing module is used for extracting situation characteristics of each internet of things device when the internet of things device is attacked, constructing a network dangerous situation characteristic set, classifying the constructed network dangerous situation characteristic set to obtain m types of network dangerous situation characteristic classifications, and performing cluster analysis on the classified m types of network dangerous situation characteristics to establish a network dangerous situation characteristic classification set, so that the accuracy of network dangerous situation characteristic classification is improved, the workload of classification is reduced, and the characteristics influencing the internet of things safety can be conveniently screened according to the classified network dangerous situation characteristics.
The situation characteristic preprocessing module carries out clustering analysis on the network dangerous situation characteristics, and the method comprises the following steps:
step H1, constructed network danger situationA feature set V = [ V1, V2., vi., vn =]Vi is the ith network danger situation feature, and the set of proportionality coefficients of each network danger situation feature in the network danger situation feature set is Z = [ Z1, Z2]Zi is expressed as a network danger situation characteristic coefficient corresponding to the ith network danger situation characteristic in the network danger situation characteristic set,
Figure BDA0003828442380000121
and n is the total number of the network danger situation characteristics.
And H2, establishing network danger situation feature classification, namely establishing a set G = [ G1, G2,. Text, gm ] corresponding to m types of network danger situation feature classification, wherein zi belongs to G1, G2,. Text, gm, i =1,2,. Text, n.
Step H3, clustering analysis is carried out on the m types of network dangerous situation characteristics by adopting a situation classification clustering evaluation function, the situation classification aggregation degree of each dangerous situation characteristic in the network dangerous situation characteristic set is analyzed, and the situation classification aggregation degree adopts D ij And (4) showing.
Situation classification clustering evaluation function
Figure BDA0003828442380000122
Dij is the situation classification aggregation degree of the ith network danger situation characteristic and the jth classification center, zi is the ith network danger situation characteristic coefficient used for representing the danger degree of the network in successful intrusion, 0 < zi is less than or equal to 1, dij is the network danger situation characteristic coefficient corresponding to the ith network danger situation characteristic in the jth classification center, d 0 Is the network danger situation characteristic coefficient of the set initial classification center, hi j is the weight coefficient of the network danger situation characteristic corresponding to the jth classification center,
Figure BDA0003828442380000123
and obtaining a set U = Dij, i =1,2,.. The n, j =1,2,.. The m of the network danger situation characteristic coefficients of the network danger situation characteristics in each classification center according to the classification cluster evaluation function.
And H4, classifying and unifying the classified dangerous situation characteristics of each network.
Classification verification function is adopted in verification process of each network danger situation
Figure BDA0003828442380000131
D ij And classifying the situation classification aggregation of the ith network danger situation characteristic belonging to the jth classification center, wherein K is a classification verification coefficient.
And H5, judging whether the classification verification coefficient K is smaller than a set threshold, if so, stopping iterative computation of the network danger situation characteristic coefficients corresponding to the classification centers, and taking a network danger situation characteristic coefficient set U under the classification center corresponding to the classification verification coefficient K as a classification center set.
The situation characteristic preprocessing module is adopted to classify the network dangerous situation characteristics, and the classified network dangerous situation characteristics are subjected to cluster analysis, so that the accuracy of network situation characteristic classification is improved, a reliable classification basis is provided for situation perception prediction, and the prediction accuracy is improved.
The method for performing weight quantification display on the network danger situation feature set V = [ V1, V2.,. Vi.,. Vn ], comprises the following steps:
step T1, extracting historical network situation element information, comparing the historical network situation element information with the characteristic elements corresponding to the network dangerous situation characteristic coefficients in the network dangerous situation characteristic set to obtain a historical network situation element repeated set R = [ R1, R2., ri., rn ], wherein ri is the number of times of the characteristic elements corresponding to the ith network dangerous situation characteristic coefficient in the historical network situation element information;
step T2, calculating a classification verification function and a classification clustering evaluation function to calculate the network danger situation characteristic coefficients of each classification center;
t3, constructing a matrix by using the network danger situation characteristic coefficients of all the classification centers;
and step T4, multiplying the matrix constructed by the network dangerous situation characteristic coefficients in the step T3 by the historical network situation element coincidence set in the step T1, and performing normalization processing to obtain a weight numerical value corresponding to each network dangerous situation characteristic in the network dangerous situation characteristic set.
By multiplying the network dangerous situation characteristic coefficients in the network dangerous situation characteristic set with the characteristic factors corresponding to the network dangerous situation characteristic coefficients in the historical network situation element coincidence set and adopting normalization processing, the proportion corresponding to the network dangerous situation characteristics influencing network safety is obtained, the interference dimensionality influencing the network safety factors can be reduced, and the pre-judging capability of the interference factors is improved.
The situation perception prediction module is used for obtaining the times of the network dangerous situation characteristics in the classified network dangerous situation characteristic set in the prior data transmission process, extracting the network dangerous situation characteristic coefficients corresponding to the network dangerous situation characteristics after clustering analysis in the communication transmission process and the interference correlation coefficients among the Internet of things devices, training a perception prediction model of the attacked Internet of things devices, predicting the attack situation perception coefficients of the Internet of things devices through the perception prediction model, and intuitively predicting the damage coefficients of the Internet of things devices under the attack in the use process by the attack situation perception coefficients, so that early warning is performed according to the attack situation perception coefficients, once the attack trend is sensed, defensive measures are started for early warning, the probability of the attacked Internet of things is blocked, and the communication reliability of the Internet of things devices is improved.
Wherein, the perception prediction model is as follows:
Figure BDA0003828442380000141
Figure BDA0003828442380000142
attack situation perception coefficient, SF, for the c-th Internet of things device cx Interference correlation coefficient (NB) of the xth Internet of things equipment to the c Internet of things equipment c A defense quantization coefficient corresponding to the c-th Internet of things equipment under network attack, e is a natural number, D ij Is the first after clusteringThe i network danger situation features belong to situation classification concentration degrees of a jth classification center, hij is a weight coefficient corresponding to the ith network danger situation feature in the jth classification center, cij is the frequency of occurrence of the ith network danger situation feature in the jth classification center, and C 0 Is the set initial number.
The situation defense early warning module extracts an attack situation perception coefficient predicted by the situation perception prediction model, judges whether the attack situation perception coefficient is larger than a set threshold value or not, screens out a defense measure corresponding to the attack situation perception coefficient if the attack situation perception coefficient is larger than the set threshold value, and sends the defense measure to the Internet of things equipment corresponding to the attack situation perception coefficient so as to prevent the Internet of things equipment from being attacked, improve the defense capability of the predicted attacked Internet of things equipment, and avoid the problem that the defense capability of the Internet of things equipment is insufficient due to the fact that the defense capability of the Internet of things equipment cannot meet the attack situation perception coefficient predicted by the Internet of things equipment through the situation perception prediction model.
The situation perception optimization correction module extracts attack situation perception coefficients of the Internet of things equipment predicted by the situation perception prediction module and obtains actual attack coefficients of the Internet of things equipment under the predicted attack situation perception coefficients, and optimization correction is carried out on the perception prediction model through the predicted attack situation perception coefficients and the actual attack coefficients of the Internet of things equipment so as to ensure that the attack situation perception coefficients predicted by the perception prediction model are matched with the actual attack coefficients and are closer to the actual attack situation.
The actual attack coefficient is a damage coefficient of the internet of things equipment under attack in the actual network communication process, and the damage coefficient reflects the damage coefficient of the internet of things equipment under attack.
Predicted attack situation perception coefficient of Internet of things equipment
Figure BDA0003828442380000151
And carrying out optimization correction on the perception prediction model and the actual attack coefficient, wherein the corrected perception prediction model is as follows:
Figure BDA0003828442380000152
Figure BDA0003828442380000153
l is a network attack collapse factor,
Figure BDA0003828442380000154
for the attack situation perception coefficients obtained by the corrected perception prediction model,
Figure BDA0003828442380000155
and
Figure BDA0003828442380000156
the attack situation perception coefficient and the actual attack coefficient of the internet of things equipment which are predicted before correction are respectively obtained.
The above formulas are all the formulas for taking the numerical value of the dimension, the formula is a formula for obtaining the latest real situation by collecting a large amount of data and carrying out software simulation, the preset parameters in the formula are set by the technical personnel in the field according to the actual situation, the coefficients and the weight coefficients are specific numerical values obtained by quantizing the parameters, the subsequent comparison is convenient, and the proportional relation between the parameters and the quantized numerical values is not influenced as long as the magnitudes of the coefficients are the same.
The foregoing is merely exemplary and illustrative of the principles of the present invention and various modifications, additions and substitutions of the specific embodiments described herein may be made by those skilled in the art without departing from the principles of the present invention or exceeding the scope of the claims set forth herein.

Claims (7)

1. The multi-level cascading Internet of things situation awareness system is characterized in that: the situation defense early warning system comprises a network data acquisition module, a network data overall planning module, a defense cascade quantification module, a situation characteristic preprocessing module, a situation perception prediction module and a situation defense early warning module;
the network data acquisition module is used for acquiring operation index parameter information of different Internet of things equipment;
the network data overall planning module is used for acquiring operation index parameter information of each piece of Internet of things equipment in the attack process of the prior Internet of things, performing overall analysis on the operation index parameter information of each piece of Internet of things equipment, establishing a similar evaluation coefficient among the pieces of Internet of things equipment and an interference correlation coefficient among the pieces of Internet of things equipment, and sending the established similar evaluation coefficient and interference correlation coefficient among the pieces of Internet of things equipment to the defense cascade quantization module;
the defense cascade quantization module acquires similar evaluation coefficients and interference correlation coefficients among the Internet of things devices, trains and acquires network attack collapse factors of the Internet of things devices under different attack levels, establishes a network attack level multistage cascade distribution table, and analyzes defense quantization coefficients corresponding to the network attack of the Internet of things at each moment by combining the network attack collapse factors of the Internet of things devices and the similar evaluation coefficients and the interference correlation coefficients among the Internet of things devices;
the situation characteristic preprocessing module is used for extracting situation characteristics of the internet of things equipment under attack, constructing a network danger situation characteristic set, classifying the constructed network danger situation characteristic set and performing cluster analysis on the classified network danger situation characteristics;
the situation perception prediction module is used for acquiring the times of the network dangerous situation characteristics in the classified network dangerous situation characteristic set in the prior data transmission process, extracting network dangerous situation characteristic coefficients corresponding to the network dangerous situation characteristics after clustering analysis in the communication transmission process and interference correlation coefficients among the Internet of things devices, training a perception prediction model of the Internet of things devices under attack, and predicting attack situation perception coefficients of the Internet of things devices through the prediction perception model;
and the situation defense early warning module judges whether the predicted attack situation perception coefficient is larger than a set threshold value, screens out the defense measure corresponding to the attack situation perception coefficient if the predicted attack situation perception coefficient is larger than the set threshold value, and sends the defense measure to the Internet of things equipment corresponding to the attack situation perception coefficient.
2. The multi-level cascading internet of things situation awareness system according to claim 1, wherein: the analysis of the similarity evaluation coefficient among the Internet of things equipment adopts the following method:
a1, screening previous Internet of things equipment and next Internet of things equipment which are connected with Internet of things equipment k;
a2, counting a communication path g required to be adopted for transmitting data sent by the h-th Internet of things device to the f-th Internet of things device and the Internet of things devices passing through each communication path, and constructing a communication path set;
step A3, extracting the functional characteristics corresponding to the Internet of things equipment in a communication path g required to be adopted by the data transmitted by the h Internet of things equipment to the f Internet of things equipment in the step A2, and constructing a functional characteristic set of the Internet of things equipment;
step A4, screening attack damage coefficients of the same attack data to all Internet of things devices;
and step A5, analyzing the function feature set of the Internet of things equipment in the step A3 and the attack destruction coefficient of the Internet of things equipment in the step A4 by adopting a similar evaluation model so as to judge the similar evaluation coefficient among the Internet of things equipment in each communication path g required to be adopted by the data transmitted from the h-th Internet of things equipment to the f-th Internet of things equipment.
3. The multi-level cascading internet of things situation awareness system according to claim 2, wherein: the similarity evaluation model in the step A5 is
Figure FDA0003828442370000021
β h→f cd The similarity evaluation coefficient between the c-th internet-of-things device and the d-th internet-of-things device in the process of transmitting data from the h-th internet-of-things device to the f-th internet-of-things device is determined, and the c-th and d-th internet-of-things devices belong to devices in all communication paths for transmitting data from the h-th internet-of-things device to the f-th internet-of-things device;
Δw h→f cdi corresponding to the c-th Internet of things equipmentIf the functional feature set corresponding to the c-th internet-of-things device has the ith functional feature in the d-th internet-of-things device, the delta w is calculated according to the functional feature set corresponding to the c-th internet-of-things device h→f cdi Taking a natural number e, if not, then Δ w h→f cdi The value is 1;
λ cd q is an attack destruction coefficient lambda corresponding to the qth attack on the c-th Internet of things equipment c Attack destruction coefficients lambda corresponding to q-th attack on q-th and d-th internet of things equipment d Product between q, λ cd q=λ c q*λ d Q and Q are attack times;
(Sw h→f c ,Sw h→f d ) max the maximum value of the number of the functional features in the functional feature set corresponding to the c-th internet-of-things device and the d-th internet-of-things device in the process of transmitting data from the h-th internet-of-things device to the f-th internet-of-things device is obtained.
4. The multi-level cascading internet of things situation awareness system according to claim 3, wherein: the situation characteristic preprocessing module carries out clustering analysis on the network dangerous situation characteristics, and the method comprises the following steps:
h1, constructing a network dangerous situation characteristic set;
h2, establishing network dangerous situation characteristic classification;
h3, performing clustering analysis on the m types of network dangerous situation characteristics by adopting a situation classification clustering evaluation function, and analyzing the situation classification aggregation degree of each dangerous situation characteristic in the network dangerous situation characteristic set;
h4, classifying and verifying the classified dangerous situation characteristics of each network;
and H5, judging whether the classification verification coefficient K is smaller than a set threshold, if so, stopping iterative computation of the network danger situation characteristic coefficients corresponding to the classification centers, and taking a network danger situation characteristic coefficient set U under the classification center corresponding to the classification verification coefficient K as a classification center set.
5. The multi-level cascading internet of things situation awareness system according to claim 4, wherein: the method for carrying out weight quantification display on each network danger situation feature in the network danger situation feature set comprises the following steps:
t1, extracting historical network situation element information, comparing the historical network situation element information with the characteristic elements corresponding to the network dangerous situation characteristic coefficients in the network dangerous situation characteristic set to obtain a historical network situation element repeated set, wherein ri is the number of times of the characteristic elements corresponding to the ith network dangerous situation characteristic coefficient appearing in the historical network situation element information;
step T2, calculating a classification verification function and a classification clustering evaluation function to calculate the network danger situation characteristic coefficients of each classification center;
t3, constructing a matrix by using the network danger situation characteristic coefficients of all the classification centers;
and step T4, multiplying the matrix constructed by the network dangerous situation characteristic coefficients in the step T3 by the historical network situation element coincidence set in the step T1, and performing normalization processing to obtain a weight numerical value corresponding to each network dangerous situation characteristic in the network dangerous situation characteristic set.
6. The multi-level cascading internet of things situation awareness system according to claim 5, wherein: the perception prediction model is as follows:
Figure FDA0003828442370000041
Figure FDA0003828442370000042
attack situation perception coefficient, SF, for the c-th Internet of things device cx Interference correlation coefficient, NB, of the xth IOT device to the c IOT device c A defense quantization coefficient corresponding to the c-th Internet of things equipment under network attack, e is a natural number, D ij Classifying the situation classification concentration degree of the ith network danger situation characteristic after clustering belonging to the jth classification center, hij is a weight coefficient corresponding to the ith network danger situation characteristic in the jth classification center, cij is the frequency of occurrence of the ith network danger situation characteristic in the jth classification center, and C 0 Is the set initial number.
7. The multi-level cascading internet of things situation awareness system according to claim 6, wherein: the system further comprises a situation perception optimization correction module, the situation perception optimization correction module extracts the attack situation perception coefficient of the Internet of things equipment predicted by the situation perception prediction module and obtains an actual attack coefficient of the Internet of things equipment under the predicted attack situation perception coefficient, and the perception prediction module is optimized and corrected through the predicted attack situation perception coefficient and the actual attack coefficient of the Internet of things equipment.
CN202211067523.9A 2022-09-01 2022-09-01 Multistage cascade Internet of things situation awareness system Active CN115664697B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211067523.9A CN115664697B (en) 2022-09-01 2022-09-01 Multistage cascade Internet of things situation awareness system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211067523.9A CN115664697B (en) 2022-09-01 2022-09-01 Multistage cascade Internet of things situation awareness system

Publications (2)

Publication Number Publication Date
CN115664697A true CN115664697A (en) 2023-01-31
CN115664697B CN115664697B (en) 2023-06-13

Family

ID=84982852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211067523.9A Active CN115664697B (en) 2022-09-01 2022-09-01 Multistage cascade Internet of things situation awareness system

Country Status (1)

Country Link
CN (1) CN115664697B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117440382A (en) * 2023-12-20 2024-01-23 深圳市友恺通信技术有限公司 Wireless device operation analysis method based on Internet of things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack
CN110445801A (en) * 2019-08-16 2019-11-12 武汉思普崚技术有限公司 A kind of Situation Awareness method and system of Internet of Things
CN110493043A (en) * 2019-08-16 2019-11-22 武汉思普崚技术有限公司 A kind of distribution Situation Awareness call method and device
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
US20210124998A1 (en) * 2019-10-25 2021-04-29 Raytheon Company Classification using cascaded spatial voting grids
CN113965404A (en) * 2021-11-02 2022-01-21 公安部第三研究所 Network security situation self-adaptive active defense system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack
CN110445801A (en) * 2019-08-16 2019-11-12 武汉思普崚技术有限公司 A kind of Situation Awareness method and system of Internet of Things
CN110493043A (en) * 2019-08-16 2019-11-22 武汉思普崚技术有限公司 A kind of distribution Situation Awareness call method and device
US20210124998A1 (en) * 2019-10-25 2021-04-29 Raytheon Company Classification using cascaded spatial voting grids
CN112651006A (en) * 2020-12-07 2021-04-13 中国电力科学研究院有限公司 Power grid security situation perception platform framework
CN113965404A (en) * 2021-11-02 2022-01-21 公安部第三研究所 Network security situation self-adaptive active defense system and method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"A Multi-Level Situational Awareness Method with Dynamic Multi-Modal Data Visualization for Air Pollution Monitoring", IEEE, pages 489 - 492 *
刘鹏;孟炎;吴艳艳;: "大规模网络安全态势感知及预测", 计算机安全, no. 03, pages 28 - 35 *
朱义杰;杨玉龙;李帅;成建宏;: "面向大数据环境的网络安全态势感知平台研究", 网络安全技术与应用, no. 11, pages 55 - 57 *
石乐义;刘佳;刘?豪;朱红强;段鹏飞;: "网络安全态势感知研究综述", 计算机工程与应用, no. 24, pages 7 - 15 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117440382A (en) * 2023-12-20 2024-01-23 深圳市友恺通信技术有限公司 Wireless device operation analysis method based on Internet of things
CN117440382B (en) * 2023-12-20 2024-03-26 深圳市友恺通信技术有限公司 Wireless device operation analysis method based on Internet of things

Also Published As

Publication number Publication date
CN115664697B (en) 2023-06-13

Similar Documents

Publication Publication Date Title
CN107493277B (en) Large data platform online anomaly detection method based on maximum information coefficient
CN112257063B (en) Cooperative game theory-based detection method for backdoor attacks in federal learning
WO2022111327A1 (en) Risk level data processing method and apparatus, and storage medium and electronic device
CN109729090B (en) Slow denial of service attack detection method based on WEDMS clustering
CN111092862B (en) Method and system for detecting communication traffic abnormality of power grid terminal
CN107070683A (en) The method and apparatus of data prediction
CN113780443B (en) Threat detection-oriented network security situation assessment method
CN109309675A (en) A kind of network inbreak detection method based on convolutional neural networks
CN109446804B (en) Intrusion detection method based on multi-scale feature connection convolutional neural network
CN109117641A (en) A kind of network security risk evaluation method based on I-HMM
CN114553545A (en) Intrusion flow detection and identification method and system
CN115409131B (en) Production line abnormity detection method based on SPC process control system
CN115664697A (en) Multistage cascade internet of things situation sensing system
CN113556319B (en) Intrusion detection method based on long-short term memory self-coding classifier under internet of things
CN115277354A (en) Fault detection method for command control network management system
CN117421684B (en) Abnormal data monitoring and analyzing method based on data mining and neural network
CN111865899B (en) Threat-driven cooperative acquisition method and device
CN116684878B (en) 5G information transmission data safety monitoring system
CN117278314A (en) DDoS attack detection method
CN113645182A (en) Random forest detection method for denial of service attack based on secondary feature screening
CN114710344B (en) Intrusion detection method based on traceability graph
CN110650145A (en) Low-rate denial of service attack detection method based on SA-DBSCAN algorithm
CN115907461A (en) Electric power engineering method based on mechanism derivation equation
CN113591962B (en) Network attack sample generation method and device
CN115378928A (en) Monitoring method and system based on cloud service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant