CN117150508A - Cloud platform-based risk assessment method and system for terminal of Internet of things - Google Patents

Cloud platform-based risk assessment method and system for terminal of Internet of things Download PDF

Info

Publication number
CN117150508A
CN117150508A CN202311142566.3A CN202311142566A CN117150508A CN 117150508 A CN117150508 A CN 117150508A CN 202311142566 A CN202311142566 A CN 202311142566A CN 117150508 A CN117150508 A CN 117150508A
Authority
CN
China
Prior art keywords
internet
things
risk
value
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311142566.3A
Other languages
Chinese (zh)
Inventor
党芳芳
宋宁希
李帅
闫丽景
李丁丁
邱日轩
宋一凡
刘晗
王政
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Henan Electric Power Co Information And Communication Branch
State Grid Henan Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd
Original Assignee
State Grid Henan Electric Power Co Information And Communication Branch
State Grid Henan Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Henan Electric Power Co Information And Communication Branch, State Grid Henan Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Jiangxi Electric Power Co Ltd filed Critical State Grid Henan Electric Power Co Information And Communication Branch
Priority to CN202311142566.3A priority Critical patent/CN117150508A/en
Publication of CN117150508A publication Critical patent/CN117150508A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application provides a cloud platform-based risk assessment method for an Internet of things terminal, which belongs to the technical field of Internet of things and specifically comprises the following steps: the method comprises the steps that an Internet of things terminal which is communicated with a server is obtained in real time based on a cloud platform and is used as a communication Internet of things terminal, the Internet of things terminal which is required to be monitored is used as a monitoring Internet of things terminal, an operation state evaluation value is determined based on current network flow data, the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals and the number of the communication Internet of things terminals, a monitoring time set value is determined based on the operation state evaluation value, and when the monitoring time is greater than or equal to the monitoring time set value, a risk evaluation value is determined based on at least the operation state evaluation value, the number of the communication flow data abnormal Internet of things terminals and the type of the communication flow data abnormal Internet of things terminals, whether operation risks exist or not is determined based on the risk evaluation value, and an early warning signal is sent, and therefore reliability of operation of the Internet of things terminal is guaranteed.

Description

Cloud platform-based risk assessment method and system for terminal of Internet of things
Technical Field
The application belongs to the technical field of the Internet of things, and particularly relates to an Internet of things terminal risk assessment method and system based on a cloud platform.
Background
In order to realize real-time risk assessment of an internet of things terminal based on a cloud platform, in an internet of things cloud platform flow safety analysis method and system of patent grant bulletin No. CN107888605B, safety analysis is carried out on a server according to server side information by extracting internet of things flow from cellular network flow and fixed network flow respectively and extracting server side information and equipment side information from the internet of things flow; according to the equipment side information, safety analysis is carried out on the equipment, but dynamic evaluation of operation risks is carried out by combining historical operation data of the terminals of the Internet of things, other operation data except traffic and the number or types of the terminals of the Internet of things which are abnormal or suspected to be abnormal is omitted, so that the accuracy and the comprehensiveness of final evaluation are affected to a certain extent, and timely intervention of safety risks cannot be effectively carried out in time.
Aiming at the technical problems, the application provides a cloud platform-based risk assessment method and system for an Internet of things terminal.
Disclosure of Invention
In order to achieve the purpose of the application, the application adopts the following technical scheme:
according to one aspect of the application, a risk assessment method for an Internet of things terminal based on a cloud platform is provided.
In order to achieve the purpose of the application, the application adopts the following technical scheme:
according to one aspect of the application, a risk assessment method for an Internet of things terminal based on a cloud platform is provided.
The cloud platform-based risk assessment method for the terminal of the Internet of things is characterized by comprising the following steps of:
s11, acquiring an Internet of things terminal which communicates with a server in real time based on a cloud platform and taking the Internet of things terminal as a communication Internet of things terminal, taking the Internet of things terminal which needs to be monitored as a monitoring Internet of things terminal, determining whether the running state of the monitoring Internet of things terminal has running risk or not based on current network flow data and historical network data, if so, determining that the running risk exists and sending out an early warning signal, and if not, entering into step S12;
s12, determining an operation state evaluation value based on current network flow data, the ratio of the number of communication Internet of things terminals to the number of monitoring Internet of things terminals and the number of communication Internet of things terminals, determining a monitoring time set value based on the operation state evaluation value, and entering the next step when the monitoring time is judged to be larger than the monitoring time set value;
s13, determining whether the operation state of the monitoring internet of things terminal has operation risk or not based on the number of the communication internet of things terminals with abnormal communication flow data in the monitoring time, if so, determining that the operation risk exists and sending out an early warning signal, and if not, entering into step S14;
and S14, determining a risk assessment value at least based on the running state assessment value, the number and the type of the monitoring internet of things terminals with abnormal communication flow data, and determining whether running risk exists and sending out an early warning signal based on the risk assessment value.
The method comprises the steps of firstly carrying out evaluation of abnormal states based on the ratio of the number of communication Internet of things terminals to the number of monitoring Internet of things terminals and then carrying out evaluation of the abnormal states based on current network flow data, so that evaluation of the running states from multiple angles is realized, and the comprehensiveness and the accuracy of the running state evaluation are ensured.
The running state evaluation value is determined based on the current network flow data, the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals, and the monitoring time set value is determined based on the running state evaluation value, so that dynamic and accurate evaluation of the monitoring time of the communication Internet of things terminals needing to be subjected to abnormal communication flow data from multiple angles is realized, unnecessary screening and monitoring are reduced on the basis of ensuring the stability and accuracy of the evaluation of the running state, and the evaluation efficiency is improved.
The risk evaluation value is determined at least based on the running state evaluation value, the number of the internet of things terminals with abnormal communication flow data and the types of the internet of things terminals with abnormal communication flow data, so that the running risk is evaluated in real time from multiple angles, the running risk is evaluated reliably, and the accuracy and the reliability are ensured.
The method comprises the further technical scheme that when the number of the communication Internet of things terminals is smaller than a set number value or the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals is smaller than a fixed value, the running risk of the running state of the monitoring Internet of things terminals is determined.
The further technical scheme is that whether the operation state of the monitoring internet of things terminal has operation risk is judged based on the difference value of the current network flow data and the historical network data or the ratio of the current network flow data and the historical network data.
The further technical scheme is that the specific steps of determining the running state evaluation value are as follows:
s21, constructing a network flow data comprehensive evaluation value based on the difference value between the current network flow data and the historical network data and the ratio of the current network flow data to the historical network data;
s22, constructing a terminal comprehensive evaluation value based on the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals and the difference between the number of the communication Internet of things terminals and the number of the monitoring Internet of things terminals;
s23, constructing an evaluation model based on the comprehensive evaluation of the network flow data and the comprehensive evaluation of the terminal to obtain an operation state basic evaluation value, determining whether the current operation state has operation risk or not based on the operation state basic evaluation value, if so, taking the operation state basic evaluation value as the operation state value, and if not, entering into step S24;
s24, constructing an evaluation model based on a machine learning algorithm to determine the running state evaluation value based on the running state basic evaluation value, the current network flow data and the number of the communication Internet of things terminals.
The further technical scheme is that the monitoring time set value is determined according to the size of the running state evaluation value, wherein the larger the running state evaluation value is, the shorter the monitoring time set value is, and the monitoring time set value is determined in a mode of an empirical formula or a mapping table.
S31, constructing an abnormal evaluation value based on the ratio of the number of the communication flow data abnormal monitoring Internet of things terminals to the number of the communication Internet of things terminals, determining whether the current operation state has operation risk or not based on the abnormal evaluation value, if so, entering a step S32, and if not, directly entering a step S34;
s32, determining whether the current operation state has operation risk or not based on the number of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data, if so, directly outputting the operation risk and sending out an early warning signal, and if not, entering into step S33;
s33, judging whether the running state evaluation value is larger than a set evaluation value, if so, directly outputting running risk and sending out an early warning signal, and if not, entering step S34;
s34, constructing a risk evaluation value based on the abnormal evaluation value and the number and the running state evaluation value of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data.
The specific internet of things terminal is determined according to the importance degree of the internet of things terminal, and the specific internet of things terminal is determined according to the monitoring object of the internet of things terminal.
The further technical scheme is that when the risk evaluation value is larger than a set risk value, the risk is directly output, an early warning signal is sent out, and when the risk evaluation value is larger than a second set risk value and the running state evaluation value is larger than the set evaluation value, the risk is directly output, and the early warning signal is sent out.
On the other hand, the application provides a computer system, which comprises a memory, a processor and a program stored on the memory and capable of running on the processor, wherein the cloud platform-based risk assessment method for the terminal of the Internet of things is realized when the processor executes the program.
In another aspect, the present application provides a computer storage medium, on which a computer program is stored, where when the computer program is executed in a computer, the computer is caused to execute the above-mentioned risk assessment method for an internet of things terminal based on a cloud platform.
Additional features and advantages will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and drawings.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The above and other features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
Fig. 1 is a flowchart of a cloud platform-based risk assessment method for an internet of things terminal according to embodiment 1.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus detailed descriptions thereof will be omitted.
The terms "a," "an," "the," and "said" are used to indicate the presence of one or more elements/components/etc.; the terms "comprising" and "having" are intended to be inclusive and mean that there may be additional elements/components/etc. in addition to the listed elements/components/etc.
The communication Internet of things terminal is a relay Internet of things terminal for monitoring data communication between the Internet of things terminal and the server, and generally the number of the communication Internet of things terminals is smaller than that of the monitoring Internet of things terminals.
The internet of things terminal for monitoring the power equipment generally aims at monitoring the power equipment, such as temperature, humidity and the like, and can only realize data communication with a server through the internet of things terminal.
Example 1
In order to solve the above problems, according to one aspect of the present application, as shown in fig. 1, there is provided a cloud platform-based risk assessment method for an internet of things terminal, which is characterized by specifically including:
s11, acquiring an Internet of things terminal which communicates with a server in real time based on a cloud platform and taking the Internet of things terminal as a communication Internet of things terminal, taking the Internet of things terminal which needs to be monitored as a monitoring Internet of things terminal, determining whether the running state of the monitoring Internet of things terminal has running risk or not based on the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals, if so, determining that the running risk exists and sending out an early warning signal, and if not, entering step S12;
specifically, when the number of the communication internet of things terminals is smaller than a set number value or the ratio of the number of the communication internet of things terminals to the number of the monitoring internet of things terminals is smaller than a fixed value, determining that the running state of the monitoring internet of things terminals has running risk.
Specifically, when the number of the communication terminals of the internet of things is less than 200 or when the ratio of the number of the communication terminals of the internet of things to the number of the monitoring terminals of the internet of things is less than 0.2, it is determined that the running state of the monitoring terminals of the internet of things has running risk.
The method comprises the steps of firstly carrying out evaluation of abnormal states based on the ratio of the number of communication Internet of things terminals to the number of monitoring Internet of things terminals and then carrying out evaluation of the abnormal states based on current network flow data, so that evaluation of the running states from multiple angles is realized, and the comprehensiveness and the accuracy of the running state evaluation are ensured.
S12, taking historical network flow data under the number of the communication Internet of things terminals as historical network data, determining whether the running state of the monitoring Internet of things terminal has running risk or not based on the current network flow data and the historical network data, if so, determining that the running risk exists and sending out an early warning signal, and if not, entering into the step S12;
specifically, based on the difference value between the current network flow data and the historical network data or the ratio of the current network flow data to the historical network data, whether the operation state of the terminal of the monitoring internet of things has an operation risk is judged.
For example, when the difference between the current network traffic data and the historical network data is greater than a certain threshold value or the ratio of the current network traffic data to the historical network data is greater than or less than a certain threshold value, determining that the running state of the terminal of the monitoring internet of things has running risk.
S13, determining an operation state evaluation value based on current network flow data, the ratio of the number of communication Internet of things terminals to the number of monitoring Internet of things terminals and the number of communication Internet of things terminals, determining a monitoring time set value based on the operation state evaluation value, judging whether the monitoring time is greater than or equal to the monitoring time set value, and if so, entering step S14; if not, returning to the step S11;
specifically, the specific steps of determining the running state evaluation value are as follows:
s21, constructing a network flow data comprehensive evaluation value based on the difference value between the current network flow data and the historical network data and the ratio of the current network flow data to the historical network data;
it should be noted that, the comprehensive evaluation of the network traffic data is determined by using a mathematical model based on an analytic hierarchy process.
S22, constructing a terminal comprehensive evaluation value based on the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals and the difference between the number of the communication Internet of things terminals and the number of the monitoring Internet of things terminals;
it should be noted that the terminal comprehensive evaluation amount is determined by using a mathematical model based on an analytic hierarchy process.
S23, constructing an evaluation model based on the comprehensive evaluation of the network flow data and the comprehensive evaluation of the terminal to obtain an operation state basic evaluation value, determining whether the current operation state has operation risk or not based on the operation state basic evaluation value, if so, taking the operation state basic evaluation value as the operation state value, and if not, entering into step S24;
s24, constructing an evaluation model based on a machine learning algorithm to determine the running state evaluation value based on the running state basic evaluation value, the current network flow data and the number of the communication Internet of things terminals.
For example, the evaluation model based on the machine learning algorithm adopts an evaluation model based on an IPSO-GRU algorithm.
The application is different from the traditional learning strategy, the learning factor is always kept unchanged, and the learning factor is optimized in an asynchronous time-varying mode, so that the learning factor c1 is gradually reduced, the learning factor c2 is continuously increased, the global searching capacity of the particle in the initial stage is gradually reduced and enhanced, the particle trapping in a local range in the initial stage can be avoided, meanwhile, the particle in the searching process can be prevented from being prematurely converged due to the continuous increase of c2, and the global optimizing capacity of the particle is enhanced. The improved learning factor formula is as follows:
wherein c1 i, c1f, c2i, c2f are the initial and final values of c1, c2, respectively; k. kmax is the current iteration number and the maximum iteration number, respectively.
Specifically, the monitoring time set value is determined according to the magnitude of the running state evaluation value, wherein the larger the running state evaluation value is, the shorter the monitoring time set value is, and the monitoring time set value is determined specifically by adopting an empirical formula or a mapping table.
The running state evaluation value is determined based on the current network flow data, the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals, and the monitoring time set value is determined based on the running state evaluation value, so that dynamic and accurate evaluation of the monitoring time of the communication Internet of things terminals needing to be subjected to abnormal communication flow data from multiple angles is realized, unnecessary screening and monitoring are reduced on the basis of ensuring the stability and accuracy of the evaluation of the running state, and the evaluation efficiency is improved.
S14, determining whether the operation state of the monitoring internet of things terminal has operation risk or not based on the number of the communication internet of things terminals with abnormal communication flow data in the monitoring time, if so, determining that the operation risk exists and sending out an early warning signal, and if not, entering into a step S15;
and S15, determining a risk assessment value at least based on the running state assessment value, the number and the type of the monitoring internet of things terminals with abnormal communication flow data, and determining whether running risk exists and sending out an early warning signal based on the risk assessment value.
Specifically, the specific steps of constructing the risk assessment value are as follows:
s31, constructing an abnormal evaluation value based on the ratio of the number of the communication flow data abnormal monitoring Internet of things terminals to the number of the communication Internet of things terminals, determining whether the current operation state has operation risk or not based on the abnormal evaluation value, if so, entering a step S32, and if not, directly entering a step S34;
s32, determining whether the current operation state has operation risk or not based on the number of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data, if so, directly outputting the operation risk and sending out an early warning signal, and if not, entering into step S33;
s33, judging whether the running state evaluation value is larger than a set evaluation value, if so, directly outputting running risk and sending out an early warning signal, and if not, entering step S34;
s34, constructing a risk evaluation value based on the abnormal evaluation value and the number and the running state evaluation value of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data.
Specifically, in another possible embodiment, the specific steps of constructing the risk assessment value are as follows:
s31, acquiring the number of the monitoring Internet of things terminals with abnormal communication flow data and the number of the communication Internet of things terminals, determining whether the monitoring Internet of things terminals have operation risks according to the number of the monitoring Internet of things terminals with abnormal communication flow data and the number of the communication Internet of things terminals, if so, entering the next step, and if not, determining a risk evaluation value of the monitoring Internet of things terminals according to the number of the monitoring Internet of things terminals with abnormal communication flow data and the number of the communication Internet of things terminals;
s32, determining whether the current operation state has operation risk or not based on the number of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data, if so, directly outputting the operation risk and sending out an early warning signal, and if not, entering into step S33;
s33, determining an abnormal operation value of the communication Internet of things terminal according to the number of communication Internet of things terminals with abnormal communication flow data, the duty ratio of the communication Internet of things terminals, the communication flow of the communication Internet of things terminals with abnormal communication flow data and the maximum communication flow of the communication Internet of things terminals with normal communication flow data, determining whether the current operation state has operation risk or not according to the abnormal operation value of the communication Internet of things terminal, if so, directly outputting the operation risk and sending out an early warning signal, otherwise, entering step S34;
s34, determining an abnormal operation value of the monitoring Internet of things terminal according to the number of monitoring Internet of things terminals with abnormal communication flow data and the number of the monitoring Internet of things terminals with abnormal communication flow data, determining whether the current operation state has an operation risk or not according to the abnormal operation value of the monitoring Internet of things terminal, if so, directly outputting the operation risk and sending out an early warning signal, and if not, entering step S35;
and S35, constructing a risk evaluation value based on the abnormal operation value and the operation state evaluation value of the monitoring internet of things terminal and the communication internet of things terminal.
Specifically, the specific internet of things terminal determines according to the importance degree of the monitoring internet of things terminal, and specifically determines the specific internet of things terminal according to the monitoring object of the monitoring internet of things terminal.
Specifically, when the risk evaluation value is greater than the set risk value, the risk is directly output, an early warning signal is sent out, and when the risk evaluation value is greater than the second set risk value and the running state evaluation value is greater than the set evaluation value, the risk is directly output, and the early warning signal is sent out.
The risk evaluation value is determined at least based on the running state evaluation value, the number of the internet of things terminals with abnormal communication flow data and the types of the internet of things terminals with abnormal communication flow data, so that the running risk is evaluated in real time from multiple angles, the running risk is evaluated reliably, and the accuracy and the reliability are ensured.
Example 2
The application provides a computer system, which comprises a memory, a processor and a program stored on the memory and capable of running on the processor, wherein the cloud platform-based risk assessment method for the terminal of the Internet of things is realized when the processor executes the program.
Example 3
The application provides a computer storage medium, on which a computer program is stored, which causes a computer to execute the risk assessment method of the internet of things terminal based on a cloud platform when the computer program is executed in the computer.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other manners as well. The system embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored on a computer readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
With the above-described preferred embodiments according to the present application as an illustration, the above-described descriptions can be used by persons skilled in the relevant art to make various changes and modifications without departing from the scope of the technical idea of the present application. The technical scope of the present application is not limited to the description, but must be determined according to the scope of claims.

Claims (10)

1. The cloud platform-based risk assessment method for the terminal of the Internet of things is characterized by comprising the following steps of:
s11, acquiring an Internet of things terminal which communicates with a server in real time based on a cloud platform and taking the Internet of things terminal as a communication Internet of things terminal, taking the Internet of things terminal which needs to be monitored as a monitoring Internet of things terminal, determining whether the running state of the monitoring Internet of things terminal has running risk or not based on current network flow data and the ratio of the communication Internet of things terminal to the monitoring Internet of things terminal, if so, determining that the running risk exists and sending out an early warning signal, and if not, entering step S12;
s12, determining an operation state evaluation value based on current network flow data, the ratio of the number of communication Internet of things terminals to the number of monitoring Internet of things terminals and the number of communication Internet of things terminals, determining a monitoring time set value based on the operation state evaluation value, and entering the next step when the monitoring time is judged to be larger than the monitoring time set value;
s13, determining whether the operation state of the monitoring internet of things terminal has operation risk or not based on the number of the communication internet of things terminals with abnormal communication flow data in the monitoring time, if so, determining that the operation risk exists and sending out an early warning signal, and if not, entering into step S14;
and S14, determining a risk assessment value at least based on the running state assessment value, the number and the type of the monitoring internet of things terminals with abnormal communication flow data, and determining whether running risk exists and sending out an early warning signal based on the risk assessment value.
2. The method for risk assessment of internet of things terminals according to claim 1, wherein when the number of the communication internet of things terminals is smaller than a set number value or a ratio of the number of the communication internet of things terminals to the number of the monitoring internet of things terminals is smaller than a set value, determining that the running state of the monitoring internet of things terminals has running risk.
3. The risk assessment method of an internet of things terminal according to claim 1, wherein the determination of whether the operation state of the monitoring internet of things terminal has an operation risk is performed based on a difference value between the current network traffic data and the historical network data or a ratio of the current network traffic data and the historical network data.
4. The risk assessment method for the internet of things terminal according to claim 1, wherein the specific steps of determining the running state assessment value are as follows:
s21, constructing a network flow data comprehensive evaluation value based on the difference value between the current network flow data and the historical network data and the ratio of the current network flow data to the historical network data;
s22, constructing a terminal comprehensive evaluation value based on the ratio of the number of the communication Internet of things terminals to the number of the monitoring Internet of things terminals and the difference between the number of the communication Internet of things terminals and the number of the monitoring Internet of things terminals;
s23, constructing an evaluation model based on the comprehensive evaluation of the network flow data and the comprehensive evaluation of the terminal to obtain an operation state basic evaluation value, determining whether the current operation state has operation risk or not based on the operation state basic evaluation value, if so, taking the operation state basic evaluation value as the operation state value, and if not, entering into step S24;
s24, constructing an evaluation model based on a machine learning algorithm to determine the running state evaluation value based on the running state basic evaluation value, the current network flow data and the number of the communication Internet of things terminals.
5. The method for risk assessment of an internet of things terminal according to claim 1, wherein the monitoring time set value is determined according to the magnitude of the running state assessment value, and the greater the running state assessment value is, the shorter the monitoring time set value is, and the determining is specifically performed by adopting an empirical formula or a mapping table.
6. The risk assessment method for the internet of things terminal according to claim 1, wherein the specific steps of constructing the risk assessment value are as follows:
s31, constructing an abnormal evaluation value based on the ratio of the number of the communication flow data abnormal monitoring Internet of things terminals to the number of the communication Internet of things terminals, determining whether the current operation state has operation risk or not based on the abnormal evaluation value, if so, entering a step S32, and if not, directly entering a step S34;
s32, determining whether the current operation state has operation risk or not based on the number of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data, if so, directly outputting the operation risk and sending out an early warning signal, and if not, entering into step S33;
s33, judging whether the running state evaluation value is larger than a set evaluation value, if so, directly outputting running risk and sending out an early warning signal, and if not, entering step S34;
s34, constructing a risk evaluation value based on the abnormal evaluation value and the number and the running state evaluation value of the specific Internet of things terminals in the types of the monitoring Internet of things terminals with abnormal communication flow data.
7. The risk assessment method of the internet of things terminal according to claim 6, wherein the specific internet of things terminal determines according to the importance degree of the internet of things terminal, and particularly determines the specific internet of things terminal according to the monitoring object of the internet of things terminal.
8. The method for risk assessment of an internet of things terminal according to claim 1, wherein when the risk assessment value is greater than a set risk value, the risk assessment value directly outputs an operation risk and issues an early warning signal, and when the risk assessment value is greater than a second set risk value and the operation state assessment value is greater than a set assessment value, the risk assessment value directly outputs an operation risk and issues an early warning signal.
9. A computer system comprising a memory, a processor and a program stored on the memory and executable on the processor, wherein the processor implements the cloud platform-based terminal risk assessment method according to any one of claims 1-8 when executing the program.
10. A computer storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform a cloud platform based internet of things terminal risk assessment method according to any of claims 1-8.
CN202311142566.3A 2023-09-06 2023-09-06 Cloud platform-based risk assessment method and system for terminal of Internet of things Pending CN117150508A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311142566.3A CN117150508A (en) 2023-09-06 2023-09-06 Cloud platform-based risk assessment method and system for terminal of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311142566.3A CN117150508A (en) 2023-09-06 2023-09-06 Cloud platform-based risk assessment method and system for terminal of Internet of things

Publications (1)

Publication Number Publication Date
CN117150508A true CN117150508A (en) 2023-12-01

Family

ID=88883909

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311142566.3A Pending CN117150508A (en) 2023-09-06 2023-09-06 Cloud platform-based risk assessment method and system for terminal of Internet of things

Country Status (1)

Country Link
CN (1) CN117150508A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117609248A (en) * 2023-12-07 2024-02-27 世纪鑫睿(北京)传媒科技有限公司 Object storage management method based on storage service

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117609248A (en) * 2023-12-07 2024-02-27 世纪鑫睿(北京)传媒科技有限公司 Object storage management method based on storage service
CN117609248B (en) * 2023-12-07 2024-05-28 世纪鑫睿(北京)传媒科技有限公司 Object storage management method based on storage service

Similar Documents

Publication Publication Date Title
CN111652496B (en) Running risk assessment method and device based on network security situation awareness system
CN117150508A (en) Cloud platform-based risk assessment method and system for terminal of Internet of things
CN107872457B (en) Method and system for network operation based on network flow prediction
CN111585799A (en) Network fault prediction model establishing method and device
CN108009723A (en) A kind of ship navigation state judges and energy efficiency state assessment system
CN109034580B (en) Information system overall health degree evaluation method based on big data analysis
CN114338372B (en) Network information security monitoring method and system
CN114138872A (en) Big data intrusion analysis method and storage medium applied to digital finance
CN116362374A (en) Neural network-based photovoltaic power station power generation state judging method and device
CN114363212B (en) Equipment detection method, device, equipment and storage medium
CN117093461A (en) Method, system, equipment and storage medium for time delay detection and analysis
CN116489666B (en) Wireless sensor network construction method and system for safety monitoring
CN114155703A (en) Traffic control method and device
CN117336228A (en) IGP simulation recommendation method, device and medium based on machine learning
CN111159009B (en) Pressure testing method and device for log service system
CN115659351B (en) Information security analysis method, system and equipment based on big data office
CN116047223A (en) Electricity larceny distinguishing method based on real-time electricity consumption and big data analysis
CN115037559A (en) Data safety monitoring system based on flow, electronic equipment and storage medium
CN112927091A (en) Complaint early warning method and device for annuity insurance, computer equipment and medium
CN115277438B (en) Power communication network node importance evaluation method based on multi-factor evaluation index
CN117332460A (en) Power cloud security risk assessment method and storage device
CN115473340B (en) Transformer running state analysis method based on multisource telemetry data
CN116541405A (en) Electric power marketing data integrity detection and automatic archiving method
CN116596315A (en) Intelligent monitoring and early warning system for production safety of digital factory
CN113315770A (en) Information protection method based on cloud computing, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination