CN116599687B - Low-communication-delay cascade vulnerability scanning probe deployment method and system - Google Patents
Low-communication-delay cascade vulnerability scanning probe deployment method and system Download PDFInfo
- Publication number
- CN116599687B CN116599687B CN202310267239.4A CN202310267239A CN116599687B CN 116599687 B CN116599687 B CN 116599687B CN 202310267239 A CN202310267239 A CN 202310267239A CN 116599687 B CN116599687 B CN 116599687B
- Authority
- CN
- China
- Prior art keywords
- engine
- cascade
- deployment
- vulnerability scanning
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 239000000523 sample Substances 0.000 title claims abstract description 57
- 238000005457 optimization Methods 0.000 claims abstract description 69
- 238000004891 communication Methods 0.000 claims abstract description 56
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 49
- 238000013178 mathematical model Methods 0.000 claims abstract description 23
- 238000000137 annealing Methods 0.000 claims description 18
- RUDATBOHQWOJDD-UHFFFAOYSA-N (3beta,5beta,7alpha)-3,7-Dihydroxycholan-24-oic acid Natural products OC1CC2CC(O)CCC2(C)C2C1C1CCC(C(CCC(O)=O)C)C1(C)CC2 RUDATBOHQWOJDD-UHFFFAOYSA-N 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 238000013459 approach Methods 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims 1
- 238000004088 simulation Methods 0.000 abstract description 2
- 238000012360 testing method Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 230000009467 reduction Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application provides a cascade vulnerability scanning probe deployment method and system with low communication time delay, which remarkably improve the expandability of a vulnerability scanning engine in a complex network scene. And establishing a mathematical model by integrating communication time delay among the central control engine, the local scanning engine and the target terminal, converting a cascade engine deployment problem facing time delay optimization into a system free energy function minimum problem by constructing a cascade system energy function, solving a cascade collaborative deployment algorithm, and realizing global rapid optimizing of a deployment strategy. The algorithm performance and the influence of each index are analyzed through simulation, and a comparison test shows that the delay cost of the strategy is obviously reduced compared with other schemes.
Description
Technical Field
The application relates to a cascade vulnerability scanning probe deployment method and system with low communication time delay, and belongs to the technical field of network security and vulnerability scanning.
Background
The rapid development of network technology accelerates the speed of industrial and commercial informatization, but also causes increasingly serious network security problems. According to the data published by CVE Details, since 2017, the number of security vulnerabilities published annually is obviously increased, and 2021 breaks through two tens of thousands for the first time, so that 20141 is achieved, wherein 5.8% of vulnerability CVSS scores exceed 9.0, and great threat is caused to the security of computer systems and Internet users. However, users or administrators are forgotten to maintain and update the software system in time, so that potential safety hazards are directly exposed to attackers, and serious threats are formed on data privacy and system safety. The vulnerability scanning technology is a security means for finding out system defects and potential safety hazards through a remote detection target terminal, and provides effective guarantee for users to find and dispose system vulnerabilities in time. With the increasing network scale and vulnerability variety, the performance of the centralized vulnerability scanning engine control node becomes an information processing bottleneck, and effective expansion cannot be realized under the complex network scale, so that a terminal which partially loses security evaluation becomes a vulnerable target.
To solve the above problem, the industry successively adopts a logically centralized, physically distributed cascade vulnerability scanning engine deployment scheme. The cascade vulnerability scanning engine has the characteristics of wider coverage of network nodes and stronger scalability, greatly saves network bandwidth resources, and plays a great role in coping with network security problems under a complex network structure.
Although the cascade vulnerability scanning scheme solves the problem of expandability of the vulnerability scanning engine under the complex network scale, in an actual network environment, network delay has an important influence on the execution efficiency of the cascade vulnerability scanning task. In the process of executing remote vulnerability scanning, the local scanning engine needs to send a large number of detection messages to the target terminal governed by the local scanning engine, and determines vulnerability scanning results through response messages, so that the communication delay between the local scanning engine and the target terminal can directly scan the efficiency; meanwhile, the local vulnerability scanning engine needs to take the vulnerability scanning task from the central control engine and transmit the scanning result back to the central control engine database, so that the time delay between the control engine and the vulnerability scanning engine should be considered.
The problem of deployment of cascade vulnerability scanning engines is an important topic in the field of network security research, and related research at home and abroad in recent years keeps continuous heat. The existing engine deployment strategy can realize load balancing of the local scanning engine, but with the improvement of the processing performance and concurrency capacity of a computer, a general server can already meet the load of distributed vulnerability scanning, partial documents consider the influence of communication delay on the working efficiency of the distributed vulnerability scanning engine, but do not consider the cascade characteristics among a central control engine, the local scanning engine and a target terminal, and the algorithm is easy to fall into local optimization.
Disclosure of Invention
The application aims to provide a cascade vulnerability scanning probe deployment strategy with low communication delay, which is used for ensuring that any target terminal has vulnerability scanning engine jurisdiction, reducing communication delay of cascade vulnerability scanning engines to improve the whole network vulnerability scanning efficiency, converting a cascade vulnerability scanning probe deployment problem oriented to delay optimization into a system free energy function minimum problem, designing a cascade collaborative deployment algorithm to solve, and realizing global quick optimizing of the deployment strategy.
In order to achieve the above purpose, the present application adopts the following technical scheme:
the first aspect of the application discloses a cascade vulnerability scanning probe deployment method with low communication time delay; the method comprises the following steps:
establishing a cascade engine deployment mathematical model oriented to delay optimization according to communication delay among a central control engine, a local vulnerability scanning engine and a target terminal;
adopting a CCDA clustering algorithm to convert the cascade engine deployment problem facing to delay optimization into a cascade system free energy function minimum value problem;
after the problem of the minimum free energy function of the cascade system is converted, the global quick optimal solution of the cascade engine deployment strategy oriented to time delay optimization is calculated based on a deterministic annealing algorithm, the cascade vulnerability scanning probe deployment with low communication time delay is realized, and the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine.
According to the method of the first aspect of the application, the establishing process of the cascade engine deployment mathematical model facing to the time delay optimization comprises the following steps:
setting a bottom layer network node set for bearing a target terminal or a local vulnerability scanning engine; setting the type of the resource which can be borne by the bottom layer network node set, and using Euclidean distance between any two points in the bottom layer network node set to represent time delay;
setting a deployment mode of deploying the local vulnerability scanning engine on the bottom layer network node set, setting whether the target terminal belongs to the jurisdiction of the local vulnerability scanning engine, setting a deployment mode of the central control engine on the bottom layer network node set, and defining a link relation between the central control engine and the local vulnerability scanning engine;
establishing a first delay relation between the local scanning engine and the target terminal according to the deployment relation among the bottom network node set, the local vulnerability scanning engine and the target terminal; establishing a second delay relation between the central control engine and the local vulnerability scanning engine according to the deployment relation among the bottom network node set, the central control engine and the local vulnerability scanning engine;
and constructing the cascade engine deployment mathematical model facing to the time delay optimization according to the first time delay relation and the second time delay relation.
According to the method of the first aspect of the present application, the resource types that the underlying network node set can carry include: a loadable target terminal, a loadable local vulnerability scanning engine.
According to the method of the first aspect of the application, when constructing the cascade engine deployment mathematical model for delay optimization according to the first delay relation and the second delay relation, parameters of importance degree between the first delay relation and the second delay relation are set.
According to the method of the first aspect of the application, the process of converting the delay optimization oriented cascade engine deployment problem into the cascade system free energy function minimum problem by adopting the CCDA clustering algorithm comprises the following steps:
setting cluster centroid distribution of a local vulnerability scanning engine to be solved, setting distribution representing relative importance of a bottom network node bearing a target terminal, and setting joint deployment probability distribution of the local vulnerability scanning engine and the target terminal;
setting a system energy function and a system energy expected function of cascade engine deployment, wherein the system energy function represents that the local vulnerability scanning engine and the target terminal are in { χ } n ,υ m Energy increment of cascade system in case of state { χ }, said n ,υ m The state indicates that the distribution mode of the target terminal χ at the bottom network node n is χ n When the vulnerability scanning engine borne by the bottom network node n is distributed in a clustering centroid distribution mode of v m M represents a count variable for the number of centroids.
Under the condition that the system communication time delay of the cascade engine deployment is in an optimal state, when a distribution mode of a target terminal in a bottom network node is determined, the time delay between a central control engine and a local vulnerability scanning engine is the minimum, and under the condition that the time delay is the minimum, the deployment state of the central control engine is set to obtain an equivalent function of a system energy function of the cascade engine deployment and an equivalent function of a system energy expected function;
according to the characteristics of the central control engine, the equivalent function of the system energy expected function is obtained, and according to the equivalent function of the equivalent function and the cascade engine deployment mathematical model facing the time delay optimization, the minimum function relation of the system energy expected function deployed by the cascade engine is established, and the cascade engine deployment problem facing the time delay optimization is converted into the cascade system free energy function minimum problem.
According to the method of the first aspect of the application, the calculation method for realizing the global quick optimal solution of the cascade engine deployment strategy facing to the time delay optimization based on the deterministic annealing algorithm is as follows:
according to the free energy reduction law, when the system energy expected function of the cascade engine deployment is determined, the free energy function of the system of the cascade engine deployment is defined;
setting the free energy function of a system deployed by a cascading engine to meet two conditions of a deterministic annealing algorithm: when the system temperature approaches infinity, the global minimum value of the free energy function is easy to calculate; when the system temperature is equal to zero, the free energy function is equivalent to the system energy expectation function. And defining the relation among the free energy function, the system energy expected function and the system entropy of the cascade engine deployment, and solving a global quick optimal solution of the cascade engine deployment strategy facing the time delay optimization.
According to the method of the first aspect of the application, after the relation among the free energy function, the system energy expected function and the system entropy of cascade engine deployment is defined, in the process of solving the global quick optimal solution of the cascade engine deployment strategy facing to time delay optimization:
the free energy function is directed to the joint probability p (v) m |χ n ) Solving the bias guide and enabling the free energy function to pair the joint probability p (upsilon) m |χ n ) The partial derivative of (a) is equal to 0, and the joint probability p (v) is obtained m |χ n ) Is equivalent to the functional relationship of (a); the p (v) m |χ n ) Representing that target terminal χ is in the underlying networkDistribution mode χ of node n n Clustering centroid distribution of vulnerability scanning engine borne by bottom network node n, v m Joint probabilities between m and m, wherein m represents a count variable of the centroid number; solving for p (v) by Bayesian distribution m |χ n );
Defining distribution of optimal central control enginesClustering centroid distribution v for vulnerability scanning engine m Deviation guide is carried out to ensure that free energy function is distributed on cluster centroid of vulnerability scanning engine m The partial derivative of (2) is equal to 0, and clustering centroid distribution upsilon of the vulnerability scanning engine is respectively obtained m Distribution of optimal central control engine>Is equivalent to the functional relationship of (a);
solving clustering centroid distribution v of vulnerability scanning engine m Distribution of optimal central control engines
According to the method of the first aspect of the application, the clustering centroid distribution upsilon of the vulnerability scanning engine is solved m Distribution of optimal central control enginesIn the process, a global quick optimal solution of a cascade engine deployment strategy facing to time delay optimization is determined by adopting an iterative optimization method, and cascade vulnerability scanning probe deployment with low communication time delay is completed.
According to the method of the first aspect of the application, the effectiveness of the cascade vulnerability scanning probe deployment method is verified, and the deployment positions of the local vulnerability scanning engine and the central control engine corresponding to different iteration times are analyzed; changing the network scale, and analyzing the influence of various indexes on the cascade vulnerability scanning probe deployment method; and comparing and analyzing with other algorithms to judge the time delay optimization performance of the cascade vulnerability scanning probe deployment method.
The second aspect of the application discloses a cascade vulnerability scanning probe deployment system with low communication time delay; the system comprises:
the first processing module is configured to establish a cascade engine deployment mathematical model oriented to delay optimization according to communication delay among the central control engine, the local vulnerability scanning engine and the target terminal;
the second processing module is configured to convert the delay optimization-oriented cascade engine deployment problem into a cascade system free energy function minimum value problem by adopting a CCDA clustering algorithm;
the third processing module is configured to realize the calculation of the global quick optimal solution of the cascade engine deployment strategy facing to time delay optimization based on a deterministic annealing algorithm after being converted into the minimum problem of the free energy function of the cascade system, and realize the cascade vulnerability scanning probe deployment with low communication time delay, wherein the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine.
A system according to a second aspect of the present application is for implementing the steps in a low communication latency cascading vulnerability scanning probe deployment method of any one of the first aspects of the present disclosure.
In summary, the scheme provided by the application has the following technical effects: comprehensively considering cascading characteristics among a central control engine, a local vulnerability scanning engine and target terminals, ensuring that any target terminal has the jurisdiction of the vulnerability scanning engine, and reducing communication delay of the cascading vulnerability scanning engine so as to improve the whole-network vulnerability scanning efficiency; the method realizes the calculation of the global quick optimal solution of the cascade engine deployment strategy oriented to the time delay optimization based on the deterministic annealing algorithm, and can quickly complete the cascade vulnerability scanning probe deployment strategy with low communication time delay. The algorithm performance and the influence of each index are analyzed through simulation, and a comparison test shows that the delay cost of the strategy is obviously reduced compared with other schemes.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present application, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a low communication latency cascading vulnerability scanning probe deployment method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a low communication latency cascading vulnerability scanning probe deployment model according to an embodiment of the present application;
FIG. 3 is an XY graph of deployment locations of a local vulnerability scanning engine and a central control engine solved using a CCDA algorithm in accordance with an embodiment of the present application;
FIG. 4 is a diagram showing the influence of a parameter gamma on free energy of a cascade function according to an embodiment of the application;
FIG. 5 is a block diagram of a low communication latency cascading vulnerability scanning probe deployment system in accordance with an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The application discloses a cascade vulnerability scanning probe deployment method with low communication time delay. Fig. 1 is a flowchart of a cascade vulnerability scanning probe deployment method for low communication delay according to an embodiment of the present application, and fig. 2 is a schematic diagram of a cascade vulnerability scanning probe deployment model for low communication delay according to an embodiment of the present application, as shown in fig. 1 and fig. 2, the method includes:
step S1, establishing a cascade engine deployment mathematical model oriented to delay optimization according to communication delay among a central control engine, a local vulnerability scanning engine and a target terminal;
s2, converting a delay optimization-oriented cascade engine deployment problem into a cascade system free energy function minimum value problem by adopting a CCDA clustering algorithm;
and S3, after the problem of the minimum free energy function of the cascade system is converted, the calculation of the global quick optimal solution of the cascade engine deployment strategy oriented to time delay optimization is realized based on a deterministic annealing algorithm, the cascade vulnerability scanning probe deployment with low communication time delay is realized, and the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine.
In step S1, a cascade engine deployment mathematical model facing delay optimization is established according to communication delay among a central control engine, a local vulnerability scanning engine and a target terminal.
In some embodiments, a set of underlying network nodes carrying a target terminal or local vulnerability scanning engine is set; setting the type of the resource which can be borne by the bottom layer network node set, and using Euclidean distance between any two points in the bottom layer network node set to represent time delay;
setting a deployment mode of deploying the local vulnerability scanning engine on the bottom layer network node set, setting whether the target terminal belongs to the jurisdiction of the local vulnerability scanning engine, setting a deployment mode of the central control engine on the bottom layer network node set, and defining a link relation between the central control engine and the local vulnerability scanning engine;
establishing a first delay relation between the local scanning engine and the target terminal according to the deployment relation among the bottom network node set, the local vulnerability scanning engine and the target terminal; establishing a second delay relation between the central control engine and the local vulnerability scanning engine according to the deployment relation among the bottom network node set, the central control engine and the local vulnerability scanning engine;
and constructing the cascade engine deployment mathematical model facing to the time delay optimization according to the first time delay relation and the second time delay relation.
In some embodiments, the resource types that the underlying network node set can carry include: a loadable target terminal, a loadable local vulnerability scanning engine.
In some embodiments, when the cascade engine deployment mathematical model for delay optimization is constructed according to the first delay relationship and the second delay relationship, parameters of importance degree between the first delay relationship and the second delay relationship are set.
Specifically, firstly, each element of the cascade vulnerability scanning engine system is defined and explained, a mathematical model is built, and an optimization target facing to time delay is determined. The bottom layer network node set of the carrying terminal equipment or the vulnerability scanning engine is N, A n The attribute representing node n, may be expressed asWherein->Representing the type of resource that node n can carry, +.>Respectively representing the loadable terminal equipment of the node and the vulnerability scanning engine. Definition setRepresents a set of nodes capable of carrying a scan engine and has +.> Representing the node location. The method mainly considers the influence of time delay on vulnerability scanning efficiency, and the time delay can be represented by Euclidean distance between two points during modeling, namely +.>Representing the time delay between nodes m, n. The distribution of the terminal devices in the underlying network may use x= (χ) n E {0,1}, N e N) represents χ if and only if terminal device χ is located at node N n =1. The deployment mode of the local vulnerability scanning engine can be usedRepresenting, θ if and only if a local vulnerability scanning engine θ is deployed at node n n =1. In the actual deployment process of the cascade engines, the total number of the local vulnerability scanning engines is limited by construction expense requirements, so that the upper limit of the number of the local vulnerability scanning engines is set as a constant C. Whether the terminal equipment belongs to local vulnerability scanning engine jurisdiction can be usedTo indicate, if and only if the terminal χ device belongs to the θ jurisdiction, the +.>The deployment mode of the central control engine can be used>Representing, if and only if ζ is deployed at node n n =1, and the link relationship of the central control engine ζ and the local vulnerability scanning engine θ is defined as +.>
In the cascade vulnerability scanning engine environment, the scanning range of the local scanning engine needs to cover all target terminal devices in the governed range, and according to the deployment relationship between the bottom network and the cascade vulnerability scanning engine and the terminal, the time delay alpha between the local scanning engine and the target terminal can be expressed as:
all local scan engines will acquire the scan tasks from the central control engine and return the scan data, so the delay β between the central control engine and the local scan engine can be expressed as:
comprehensively considering the influence of communication time delay among the central control engine, the local scanning engine and the target terminal on vulnerability scanning efficiency, the optimization target facing the time delay can be expressed asWhere the parameter γ > 0 is used to measure the importance between the two delays α and β, and n=card (N) is used to trade-off the underlying network size impact.
According to the first delay relation and the second delay relation, the cascade engine deployment mathematical model facing to delay optimization is constructed, the communication delay relation among the central control engine, the local vulnerability scanning engine and the target terminal can be integrated, and the optimized mathematical model can be built.
In step S2, a CCDA clustering algorithm is adopted to convert the cascade engine deployment problem facing to delay optimization into a cascade system free energy function minimum value problem.
In some embodiments, the process of converting the delay optimization oriented cascading engine deployment problem into the cascading system free energy function minimum problem using the CCDA clustering algorithm comprises:
setting cluster centroid distribution of a local vulnerability scanning engine to be solved, setting distribution representing relative importance of a bottom network node bearing a target terminal, and setting joint deployment probability distribution of the local vulnerability scanning engine and the target terminal;
setting a system energy function and a system energy expected function of cascade engine deployment, wherein the system energy function represents that the local vulnerability scanning engine and the target terminal are in { χ } n ,υ m Energy increment of cascade system in case of state, e.g.){ χ } n ,υ m The state indicates that the distribution mode of the target terminal χ at the bottom network node n is χ n When the vulnerability scanning engine borne by the bottom network node n is distributed in a clustering centroid distribution mode of v m M represents a count variable for the number of centroids.
Under the condition that the system communication time delay of the cascade engine deployment is in an optimal state, when a distribution mode of a target terminal in a bottom network node is determined, the time delay between a central control engine and a local vulnerability scanning engine is the minimum, and under the condition that the time delay is the minimum, the deployment state of the central control engine is set to obtain an equivalent function of a system energy function of the cascade engine deployment and an equivalent function of a system energy expected function;
according to the characteristics of the central control engine, the equivalent function of the system energy expected function is obtained, and according to the equivalent function of the equivalent function and the cascade engine deployment mathematical model facing the time delay optimization, the minimum function relation of the system energy expected function deployed by the cascade engine is established, and the cascade engine deployment problem facing the time delay optimization is converted into the cascade system free energy function minimum problem.
Specifically, the model designs a heuristic cascading collaborative deployment algorithm (Cascade Coordinate Deployment Algorithm, CCDA): firstly, constructing a proper cascade system energy function, converting a cascade engine deployment problem facing delay optimization into a cascade system free energy function minimum problem, solving a cascade collaborative deployment algorithm designed based on a deterministic annealing idea on the basis, avoiding the solving process from being trapped into a local minimum value, and realizing the overall rapid optimizing of a cascade engine deployment strategy.
Is provided withI.e. any point of the underlying network has at least the capability of carrying the target terminal. Defining a cascade system energy expectation function:
wherein the method comprises the steps ofAnd C represents the quantity of centroids and is less than or equal to C. p (χ) n ) Representing the relative importance of the bottom node n at the bearing target terminal due toThere is->p(υ m |χ n ) Representing joint deployment probabilities of vulnerability scanning engines. E (χ) n ,υ m ) Represents cascade system energy function, represents vulnerability scanning engine and target terminal in { χ } n ,υ m Energy increment of cascade system in case of state, the application needs to construct proper E (χ) n ,υ m ) And converting the communication time delay of the cascade system into the cascade system energy representation.
As can be seen from the formula (3), when the target terminal distribution X is determined on the premise that the communication delay of the cascade system is in an optimal state, the delay between the central control engine and the local scanning engineMust be a minimum. And hasThen +.>Representing the deployment state of the central control engine ζ, the cascade system energy function can be expressed as:
the cascade system energy expectations can be expressed as:
in order to establish the relation between the energy expectation and the time delay optimization target type (3) of the cascade system, the engine characteristics are controlled according to the centerIt is found that the formula (7) holds.
By combining the formula (7), the formula (3) is equivalent to the formula (8).
Wherein the method comprises the steps ofRepresenting a local vulnerability scanning engine deployment policy. It can be seen that equation (6) is isomorphic with equation (8), and the deployment problem of delay optimization is converted into the cascade system energy expectation function minimum problem minE.
In step S3, after the problem of the minimum free energy function of the cascade system is converted, the calculation of the global quick optimal solution of the cascade engine deployment strategy oriented to time delay optimization is realized based on a deterministic annealing algorithm, the cascade vulnerability scanning probe deployment with low communication time delay is realized, and the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine.
In some embodiments, the calculation method for realizing the global fast optimal solution of the cascade engine deployment strategy facing to the delay optimization based on the deterministic annealing algorithm is as follows:
according to the free energy reduction law, when the system energy expected function of the cascade engine deployment is determined, the free energy function of the system of the cascade engine deployment is defined;
setting the free energy function of a system deployed by a cascading engine to meet two conditions of a deterministic annealing algorithm: when the system temperature approaches infinity, the global minimum value of the free energy function is easy to calculate; when the system temperature is equal to zero, the free energy function is equivalent to the system energy expectation function. And defining the relation among the free energy function, the system energy expected function and the system entropy of the cascade engine deployment, and solving a global quick optimal solution of the cascade engine deployment strategy facing the time delay optimization.
In some embodiments, after the relation among the free energy function, the system energy expected function and the system entropy of the cascade engine deployment is defined, in the process of solving the global fast optimal solution of the cascade engine deployment strategy facing the delay optimization:
the free energy function is directed to the joint probability p (v) m |χ n ) Solving the bias guide and enabling the free energy function to pair the joint probability p (upsilon) m |χ n ) The partial derivative of (a) is equal to 0, and the joint probability p (v) is obtained m |χ n ) Is equivalent to the functional relationship of (a); the p (v) m |χ n ) Representing distribution mode χ of target terminal χ at bottom network node n n Clustering centroid distribution of vulnerability scanning engine borne by bottom network node n, v m Joint probabilities between m and m, wherein m represents a count variable of the centroid number; solving for p (v) by Bayesian distribution m |χ n );
Defining distribution of optimal central control enginesClustering centroid distribution v for vulnerability scanning engine m Deviation guide is carried out to ensure that free energy function is distributed on cluster centroid of vulnerability scanning engine m The partial derivative of (2) is equal to 0, and clustering centroid distribution upsilon of the vulnerability scanning engine is respectively obtained m Distribution of optimal central control engine>Is equivalent to the functional relationship of (a);
solving clustering centroid distribution v of vulnerability scanning engine m Distribution of optimal central control engines
In some embodiments, the cluster centroid distribution v of the vulnerability scanning engine is solved m Distribution of optimal central control enginesIn the process, a global quick optimal solution of a cascade engine deployment strategy facing to time delay optimization is determined by adopting an iterative optimization method, and cascade vulnerability scanning probe deployment with low communication time delay is completed.
Specifically, according to the law of free energy reduction, the state of a closed system, which is temperature-invariant, always switches toward the direction of free energy reduction, reaching the state of equilibrium of the system when the free energy is at a minimum. When determining the energy desirability function of the cascade system, it is necessary to define the free energy function F (δ, T) of the cascade system. To ensure convergence of the cascading collaborative deployment algorithm, F (δ, T) needs to satisfy at least two conditions of deterministic annealing techniques: when the system temperature T & gtto & gtinfinity, the global minimum of F (delta, T) with respect to delta is easily obtained; when t=0, F (δ, T) =e (δ). The system free energy function may be defined as:
F=E-TH (9)
where H is the system entropy of the cascade system, and can be represented as formula (10)
The free energy function F (delta, T) is directed to the joint probability p (v) m |χ n ) Calculate the deviation and letThe method can obtain:
the combination (11) can be solved by Bayesian distributionp(υ m |χ n ). Defining an optimal central control engineFor upsilon m For deviation, let->Then there are:
substituting formula (13) into formula (12) to solve v m ,Iterative optimization is performed in combination with a deterministic annealing algorithm, and a cascade collaborative deployment algorithm can be summarized as algorithm 1.
Algorithm 1 cascade collaborative deployment algorithm
Specifically, based on a deterministic annealing algorithm, the calculation of a global quick optimal solution of a cascade engine deployment strategy facing to delay optimization is realized, and the clustering centroid distribution upsilon of a vulnerability scanning engine can be solved m Distribution of optimal central control enginesAnd obtaining a quick optimal solution, and realizing the global quick optimization of the deployment strategy.
In a cascade vulnerability scanning probe deployment method with low communication time delay, verifying the effectiveness of the cascade vulnerability scanning probe deployment method, and analyzing deployment positions of a local vulnerability scanning engine and a central control engine corresponding to different iteration times; changing the network scale, and analyzing the influence of various indexes on the cascade vulnerability scanning probe deployment method; and comparing and analyzing with other algorithms to judge the time delay optimization performance of the cascade vulnerability scanning probe deployment method.
First, the effectiveness of the cascading collaborative deployment algorithm is verified, the experiment uses a random network topology which obeys gaussian mixture distribution, and the network scale n=80, the number of clusters k=4, and γ=0.1. FIG. 3 illustrates deployment locations of a local vulnerability scanning engine and a central control engine for an algorithm solution.
Then, the influence of the network scale and the parameter gamma on the cascade collaborative deployment algorithm is analyzed. Fig. 4 shows that as gamma increases, the free energy function of the cascade system tends to stabilize, representing that the delay optimization effect tends to stabilize. The jurisdiction of the local vulnerability scanning engine gradually shows a trend of expanding towards the central control engine, and the reason for the phenomenon is that as gamma increases, the gamma increases to cause the local vulnerability scanning engine to be close to the central control engine when deployed, and when the distance is relatively close, the communication delay between the cascade engines is not a main factor for influencing the optimization target any more.
Specifically, the effectiveness and the optimization performance of the cascade vulnerability scanning probe deployment method can be fully embodied through verifying the effectiveness of the deployment method, analyzing different iteration times, changing the network scale, analyzing the influence of various indexes on the cascade vulnerability scanning probe deployment method and comparing and analyzing with other algorithms.
The second aspect of the application discloses a cascade vulnerability scanning probe deployment system with low communication time delay; FIG. 5 is a block diagram of a cascading vulnerability scanning probe deployment system for low communication latency according to an embodiment of the present application; as shown in fig. 5, the system 500 includes: the system comprises:
the first processing module 501 is configured to establish a cascade engine deployment mathematical model facing delay optimization according to communication delay among the central control engine, the local vulnerability scanning engine and the target terminal;
the second processing module 502 is configured to convert the cascade engine deployment problem facing the delay optimization into a cascade system free energy function minimum value problem by adopting a CCDA clustering algorithm;
the third processing module 503 is configured to implement calculation of a global fast optimal solution of a cascade engine deployment strategy oriented to delay optimization based on a deterministic annealing algorithm after being converted into a cascade system free energy function minimum problem, and implement cascade vulnerability scanning probe deployment with low communication delay, where the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine.
A system according to a second aspect of the present application is for implementing the steps in a low communication latency cascading vulnerability scanning probe deployment method of any one of the first aspects of the present disclosure.
In summary, the technical scheme provided by the application has the following technical effects: the expandability of the vulnerability scanning engine under the complex network scene is remarkably improved, any target terminal is ensured to have the vulnerability scanning engine jurisdiction, meanwhile, the communication time delay of the cascade vulnerability scanning engine is reduced to improve the whole network vulnerability scanning efficiency, the cascade engine deployment problem facing time delay optimization is converted into the system free energy function minimum problem, and a cascade collaborative deployment algorithm is designed to solve, so that the overall rapid optimizing of the deployment strategy is realized.
Note that the technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be regarded as the scope of the description. The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (9)
1. A low communication latency cascading vulnerability scanning probe deployment method, the method comprising:
establishing a cascade engine deployment mathematical model oriented to delay optimization according to communication delay among a central control engine, a local vulnerability scanning engine and a target terminal;
adopting a CCDA clustering algorithm to convert the cascade engine deployment problem facing to delay optimization into a cascade system free energy function minimum value problem;
after the problem of the minimum free energy function of the cascade system is converted, the global quick optimal solution calculation of a cascade engine deployment strategy oriented to time delay optimization is realized based on a deterministic annealing algorithm, the cascade vulnerability scanning probe deployment with low communication time delay is realized, and the scanning probe is a bearing entity of a central control engine and a local vulnerability scanning engine;
the method for converting the delay optimization-oriented cascade engine deployment problem into the cascade system free energy function minimum value problem by adopting the CCDA clustering algorithm specifically comprises the following steps:
setting cluster centroid distribution of a local vulnerability scanning engine to be solved, setting distribution representing relative importance of a bottom network node bearing a target terminal, and setting joint deployment probability distribution of the local vulnerability scanning engine and the target terminal;
setting a system energy function and a system energy expected function of cascade engine deployment, wherein the system energy function represents that a local vulnerability scanning engine and a target terminal are in { χ } n ,υ m Energy increment of cascade system in case of state { χ }, said n ,υ m The state indicates that the distribution mode of the target terminal χ at the bottom network node n is χ n When the vulnerability scanning engine borne by the bottom network node n is in a clustering centroid distribution mode of v m M represents a counting variable of the mass center number;
under the condition that the system communication time delay of the cascade engine deployment is in an optimal state, when a distribution mode of a target terminal in a bottom network node is determined, the time delay between a central control engine and a local vulnerability scanning engine is the minimum, and under the condition that the time delay is the minimum, the deployment state of the central control engine is set to obtain an equivalent function of a system energy function of the cascade engine deployment and an equivalent function of a system energy expected function;
according to the characteristics of the central control engine, the equivalent function of the system energy expected function is obtained, and according to the equivalent function of the equivalent function and the cascade engine deployment mathematical model facing the time delay optimization, the minimum function relation of the system energy expected function of the cascade engine deployment is established, and the cascade engine deployment problem facing the time delay optimization is converted into the cascade system free energy function minimum problem.
2. The low communication latency cascading vulnerability scanning probe deployment method of claim 1, wherein the establishing process of the latency optimization-oriented cascading engine deployment mathematical model comprises the following steps:
setting a bottom layer network node set for bearing a target terminal or a local vulnerability scanning engine; setting the type of the resource which can be borne by the bottom layer network node set, and representing the time delay by using the Euclidean distance between any two points in the bottom layer network node set;
setting a deployment mode of deploying a local vulnerability scanning engine on the bottom layer network node set, setting whether the target terminal belongs to the local vulnerability scanning engine jurisdiction, setting a deployment mode of a central control engine on the bottom layer network node set, and defining a link relation between the central control engine and the local vulnerability scanning engine;
establishing a first delay relationship between a local scanning engine and a target terminal according to the deployment relationship among the bottom network node set, the local vulnerability scanning engine and the target terminal; establishing a second delay relation between the central control engine and the local vulnerability scanning engine according to the deployment relation among the bottom network node set, the central control engine and the local vulnerability scanning engine;
and constructing the cascade engine deployment mathematical model facing to the time delay optimization according to the first time delay relation and the second time delay relation.
3. The low communication delay cascade vulnerability scanning probe deployment method of claim 2, wherein parameters of importance degree between the first delay relation and the second delay relation are set when constructing the delay optimization-oriented cascade engine deployment mathematical model according to the first delay relation and the second delay relation.
4. The method for deploying a cascade vulnerability scanning probe with low communication delay according to claim 3, wherein the resource types that can be carried by the underlying network node set comprise: a loadable target terminal, a loadable local vulnerability scanning engine.
5. The low-communication-delay cascade vulnerability scanning probe deployment method of claim 1, wherein the calculation method for realizing the global quick optimal solution of the cascade engine deployment strategy facing to delay optimization based on a deterministic annealing algorithm is as follows:
when the system energy expected function of the cascade engine deployment is determined, defining a free energy function of the system of the cascade engine deployment;
setting the free energy function of a system deployed by a cascading engine to meet two conditions of a deterministic annealing algorithm: when the system temperature approaches infinity, the global minimum value of the free energy function is easy to calculate; when the system temperature is equal to zero, the free energy function is equivalent to the system energy expectation function; and defining the relation among the free energy function, the system energy expected function and the system entropy of the cascade engine deployment, and solving a global quick optimal solution of the cascade engine deployment strategy facing the time delay optimization.
6. The low communication latency cascading vulnerability scanning probe deployment method according to claim 5, wherein after defining the relation among the free energy function, the system energy expected function and the system entropy of cascading engine deployment, in the process of solving the global fast optimal solution of the cascading engine deployment strategy facing to latency optimization:
the free energy function is directed to the joint probability p (v) m |χ n ) Solving the bias guide and enabling the free energy function to pair the joint probability p (upsilon) m |χ n ) The partial derivative of (a) is equal to 0, and the joint probability p (v) is obtained m |χ n ) Is equivalent to the functional relationship of (a); the p (v) m |χ n ) Representing distribution mode χ of target terminal χ at bottom network node n n Clustering centroid distribution v of vulnerability scanning engine borne by bottom network node n m Joint probabilities between m and m, wherein m represents a count variable of the centroid number; solving for p (v) by Bayesian distribution m |χ n );
Defining distribution of optimal central control enginesClustering centroid distribution v for vulnerability scanning engine m Deviation guide is carried out to ensure that free energy function is distributed on cluster centroid of vulnerability scanning engine m The partial derivative of (2) is equal to 0, and clustering centroid distribution upsilon of the vulnerability scanning engine is respectively obtained m Distribution of optimal central control engine>Is equivalent to the functional relationship of (a);
solving clustering centroid distribution v of vulnerability scanning engine m Distribution of optimal central control engines
7. The low-communication-latency cascading vulnerability scanning probe deployment method as claimed in claim 6, wherein the clustering centroid distribution v of the vulnerability scanning engine is solved m Distribution of optimal central control enginesIn the process, a global quick optimal solution of a cascade engine deployment strategy facing to time delay optimization is determined by adopting an iterative optimization method, and cascade vulnerability scanning probe deployment with low communication time delay is completed.
8. The low communication time delay cascade vulnerability scanning probe deployment method according to any one of claims 1-7, wherein the effectiveness of the cascade vulnerability scanning probe deployment method is verified, and deployment positions of a local vulnerability scanning engine and a central control engine corresponding to different iteration times are analyzed; changing the network scale, and analyzing the influence of various indexes on the cascade vulnerability scanning probe deployment method; and comparing and analyzing with other algorithms to judge the time delay optimization performance of the cascade vulnerability scanning probe deployment method.
9. A system for implementing a low communication latency cascading vulnerability scanning probe deployment method of any one of claims 1-8, the system comprising:
the first processing module is configured to establish a cascade engine deployment mathematical model oriented to delay optimization according to communication delay among the central control engine, the local vulnerability scanning engine and the target terminal;
the second processing module is configured to convert the delay optimization-oriented cascade engine deployment problem into a cascade system free energy function minimum value problem by adopting a CCDA clustering algorithm;
the third processing module is configured to realize the calculation of a global quick optimal solution of a cascade engine deployment strategy oriented to delay optimization based on a deterministic annealing algorithm after the conversion to the minimum problem of the free energy function of the cascade system, and realize the deployment of cascade vulnerability scanning probes with low communication delay, wherein the scanning probes are bearing entities of a central control engine and a local vulnerability scanning engine;
the method for converting the delay optimization-oriented cascade engine deployment problem into the cascade system free energy function minimum value problem by adopting the CCDA clustering algorithm specifically comprises the following steps:
setting cluster centroid distribution of a local vulnerability scanning engine to be solved, setting distribution representing relative importance of a bottom network node bearing a target terminal, and setting joint deployment probability distribution of the local vulnerability scanning engine and the target terminal;
setting a system energy function and a system energy expected function of cascade engine deployment, wherein the system energy function represents that a local vulnerability scanning engine and a target terminal are in { χ } n ,υ m Energy increment of cascade system in case of state { χ }, said n ,υ m The state indicates that the distribution mode of the target terminal χ at the bottom network node n is χ n When the vulnerability scanning engine borne by the bottom network node n is in a clustering centroid distribution mode of v m M represents a counting variable of the mass center number;
under the condition that the system communication time delay of the cascade engine deployment is in an optimal state, when a distribution mode of a target terminal in a bottom network node is determined, the time delay between a central control engine and a local vulnerability scanning engine is the minimum, and under the condition that the time delay is the minimum, the deployment state of the central control engine is set to obtain an equivalent function of a system energy function of the cascade engine deployment and an equivalent function of a system energy expected function;
according to the characteristics of the central control engine, the equivalent function of the system energy expected function is obtained, and according to the equivalent function of the equivalent function and the cascade engine deployment mathematical model facing the time delay optimization, the minimum function relation of the system energy expected function of the cascade engine deployment is established, and the cascade engine deployment problem facing the time delay optimization is converted into the cascade system free energy function minimum problem.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310267239.4A CN116599687B (en) | 2023-03-15 | 2023-03-15 | Low-communication-delay cascade vulnerability scanning probe deployment method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310267239.4A CN116599687B (en) | 2023-03-15 | 2023-03-15 | Low-communication-delay cascade vulnerability scanning probe deployment method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116599687A CN116599687A (en) | 2023-08-15 |
| CN116599687B true CN116599687B (en) | 2023-11-24 |
Family
ID=87603310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310267239.4A Active CN116599687B (en) | 2023-03-15 | 2023-03-15 | Low-communication-delay cascade vulnerability scanning probe deployment method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599687B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9438634B1 (en) * | 2015-03-13 | 2016-09-06 | Varmour Networks, Inc. | Microsegmented networks that implement vulnerability scanning |
| US9443198B1 (en) * | 2014-02-27 | 2016-09-13 | Amazon Technologies, Inc. | Low latency cascade-based detection system |
| CN108509792A (en) * | 2017-02-23 | 2018-09-07 | 腾讯科技(深圳)有限公司 | A kind of injection loophole detection method and device |
| CN111753420A (en) * | 2020-06-23 | 2020-10-09 | 中国电力科学研究院有限公司 | Cascade fault simulation method, system and storage medium for power information physical system |
| CN113037758A (en) * | 2021-03-12 | 2021-06-25 | 中国建设银行股份有限公司 | Security vulnerability scanning method and device and computer readable medium |
| CN113592101A (en) * | 2021-08-13 | 2021-11-02 | 大连大学 | Multi-agent cooperation model based on deep reinforcement learning |
| CN113704767A (en) * | 2021-08-10 | 2021-11-26 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system |
| CN114584401A (en) * | 2022-05-06 | 2022-06-03 | 国家计算机网络与信息安全管理中心江苏分中心 | Tracing system and method for large-scale network attack |
| CN115174435A (en) * | 2022-08-12 | 2022-10-11 | 广州市零脉信息科技有限公司 | Comprehensive evaluation method for performance of power communication transmission network |
| CN115209497A (en) * | 2022-07-14 | 2022-10-18 | 南京慧安炬创信息科技有限公司 | Heterogeneous Internet of things terminal access method and system based on SDN |
| CN115348241A (en) * | 2022-08-17 | 2022-11-15 | 深圳市拔超科技股份有限公司 | Microphone cascading method |
| WO2022251371A2 (en) * | 2021-05-25 | 2022-12-01 | Sports Data Labs, Inc. | Method and system for generating dynamic real-time predictions using heart rate variability |
| CN115767562A (en) * | 2022-08-23 | 2023-03-07 | 西安理工大学 | Service function chain deployment method based on reinforcement learning joint cooperation multipoint transmission |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8578059B2 (en) * | 2010-02-01 | 2013-11-05 | Invensys Systems, Inc. | Deploying a configuration for multiple field devices |
| US10785248B2 (en) * | 2017-03-22 | 2020-09-22 | Oracle International Corporation | Routing based on a vulnerability in a processing node |
-
2023
- 2023-03-15 CN CN202310267239.4A patent/CN116599687B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9443198B1 (en) * | 2014-02-27 | 2016-09-13 | Amazon Technologies, Inc. | Low latency cascade-based detection system |
| US9438634B1 (en) * | 2015-03-13 | 2016-09-06 | Varmour Networks, Inc. | Microsegmented networks that implement vulnerability scanning |
| CN108509792A (en) * | 2017-02-23 | 2018-09-07 | 腾讯科技(深圳)有限公司 | A kind of injection loophole detection method and device |
| CN111753420A (en) * | 2020-06-23 | 2020-10-09 | 中国电力科学研究院有限公司 | Cascade fault simulation method, system and storage medium for power information physical system |
| CN113037758A (en) * | 2021-03-12 | 2021-06-25 | 中国建设银行股份有限公司 | Security vulnerability scanning method and device and computer readable medium |
| WO2022251371A2 (en) * | 2021-05-25 | 2022-12-01 | Sports Data Labs, Inc. | Method and system for generating dynamic real-time predictions using heart rate variability |
| CN113704767A (en) * | 2021-08-10 | 2021-11-26 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system |
| CN113592101A (en) * | 2021-08-13 | 2021-11-02 | 大连大学 | Multi-agent cooperation model based on deep reinforcement learning |
| CN114584401A (en) * | 2022-05-06 | 2022-06-03 | 国家计算机网络与信息安全管理中心江苏分中心 | Tracing system and method for large-scale network attack |
| CN115209497A (en) * | 2022-07-14 | 2022-10-18 | 南京慧安炬创信息科技有限公司 | Heterogeneous Internet of things terminal access method and system based on SDN |
| CN115174435A (en) * | 2022-08-12 | 2022-10-11 | 广州市零脉信息科技有限公司 | Comprehensive evaluation method for performance of power communication transmission network |
| CN115348241A (en) * | 2022-08-17 | 2022-11-15 | 深圳市拔超科技股份有限公司 | Microphone cascading method |
| CN115767562A (en) * | 2022-08-23 | 2023-03-07 | 西安理工大学 | Service function chain deployment method based on reinforcement learning joint cooperation multipoint transmission |
Non-Patent Citations (4)
| Title |
|---|
| analog gradient beamformer for a wireless ultrasound scanner;Dilanni.T;optimax;第9卷;全文 * |
| Hongji Zhang ; Tao Ding ; Junjian Qi.Model and Data Driven Machine Learning Approach for Analyzing the Vulnerability to Cascading Outages With Random Initial States in Power Systems. IEEE Transactions on Automation Science and Engineering ( Early Access ).2022,全文. * |
| Weizhang Song ; Chaobo Yin.Research on Extended Power Predictive Control for RMC Working in Unbalanced Power Grid Condition. 2019 14th IEEE Conference on Industrial Electronics and Applications (ICIEA).2019,全文. * |
| 主动式漏洞检测与修复系统的设计与实现;潘峰;李涛;张电;;信息网络安全(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116599687A (en) | 2023-08-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Weber et al. | Rab: Provable robustness against backdoor attacks | |
| Liu et al. | An intrusion detection method for internet of things based on suppressed fuzzy clustering | |
| Gao et al. | Composite event coverage in wireless sensor networks with heterogeneous sensors | |
| An et al. | Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system | |
| US20160330226A1 (en) | Graph-based Instrusion Detection Using Process Traces | |
| Cui et al. | Optimization scheme for intrusion detection scheme GBDT in edge computing center | |
| Li et al. | Recursive stratified sampling: A new framework for query evaluation on uncertain graphs | |
| CN111988845B (en) | Indoor positioning method for fingerprint fusion of differential private multi-source wireless signals under edge computing architecture | |
| Kalinin et al. | Security evaluation of a wireless ad-hoc network with dynamic topology | |
| Ferdowsi et al. | Interdependence-aware game-theoretic framework for secure intelligent transportation systems | |
| CN116599687B (en) | Low-communication-delay cascade vulnerability scanning probe deployment method and system | |
| Bozorgchenani et al. | Joint security-vs-qos framework: Optimizing the selection of intrusion detection mechanisms in 5g networks | |
| Shi et al. | A dynamic programming model for internal attack detection in wireless sensor networks | |
| Prasad | Threat model framework and methodology for personal networks (PNs) | |
| Concone et al. | A novel recruitment policy to defend against sybils in vehicular crowdsourcing | |
| Chen et al. | Dynamic threshold strategy optimization for security protection in Internet of Things: An adversarial deep learning‐based game‐theoretical approach | |
| Cai et al. | A New Model for Securing Networks Based on Attack Graph | |
| Ramesh Babu et al. | Optimal DBN‐based distributed attack detection model for Internet of Things | |
| Hariharakrishnan et al. | A novel approach towards enhancing the performance of trust based RPL protocol in Internet of Things | |
| Cui et al. | Trust Evaluation of Topological Nodes in Intelligent Connected Vehicles Communication Network under Zero-Trust Environment | |
| Tembine et al. | Noisy mean field game model for malware propagation in opportunistic networks | |
| Yang et al. | Exploiting Dynamic Platform Protection Technique for Increasing Service MTTF | |
| Zhang et al. | D-GSPerturb: A distributed social privacy protection algorithm based on graph structure perturbation | |
| Song et al. | Differential Privacy Protection Algorithm Based on Zero Trust Architecture for Industrial Internet | |
| Pei et al. | Privacy-Enhanced Graph Neural Network for Decentralized Local Graphs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |