CN117640407A - User data analysis and identification system and method based on 5G communication technology - Google Patents
User data analysis and identification system and method based on 5G communication technology Download PDFInfo
- Publication number
- CN117640407A CN117640407A CN202311608917.5A CN202311608917A CN117640407A CN 117640407 A CN117640407 A CN 117640407A CN 202311608917 A CN202311608917 A CN 202311608917A CN 117640407 A CN117640407 A CN 117640407A
- Authority
- CN
- China
- Prior art keywords
- behavior
- internet
- association
- things
- processes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 338
- 238000004891 communication Methods 0.000 title claims abstract description 29
- 238000005516 engineering process Methods 0.000 title claims abstract description 24
- 238000007405 data analysis Methods 0.000 title claims abstract description 22
- 230000008569 process Effects 0.000 claims abstract description 314
- 230000006399 behavior Effects 0.000 claims abstract description 191
- 238000002955 isolation Methods 0.000 claims abstract description 174
- 238000004140 cleaning Methods 0.000 claims abstract description 39
- 230000003542 behavioural effect Effects 0.000 claims description 30
- 230000009471 action Effects 0.000 claims description 27
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 13
- 230000004888 barrier function Effects 0.000 claims description 12
- 230000006870 function Effects 0.000 claims description 12
- 230000003993 interaction Effects 0.000 claims description 12
- 238000000926 separation method Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 9
- 230000002452 interceptive effect Effects 0.000 claims description 7
- 238000009413 insulation Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010252 digital analysis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 238000004445 quantitative analysis Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a user data analysis and identification system and method based on a 5G communication technology, and belongs to the technical field of data analysis. Establishing an Internet of things virtual cloud database, recording and storing sub-cloud operation data corresponding to an Internet of things end, establishing an operation archive, and classifying and counting processes of sub-cloud execution, an isolation space allocated by the Internet of things virtual cloud and a network isolation layer created by the Internet of things virtual cloud; the architecture operates an associated behavior chain identification model, records the behavior of each process for controlling access to an isolation space by means of a network isolation layer, and adds a time tag to the operation associated behavior chain to generate a behavior association group; the reliability of the process in the behavior association group is calculated by analyzing behavior characteristics of different data behaviors in the same time segment and under different time cycle periods, and the safety limit value of the same network isolation layer in the same time segment is conveniently calculated by cleaning abnormal data behaviors, so that safety early warning can be carried out on user behaviors in real time or periodically.
Description
Technical Field
The invention relates to the technical field of data analysis, in particular to a system and a method for analyzing and identifying user data based on a 5G communication technology.
Background
With the rapid development of the internet, the problems of network attack and data leakage are increasingly prominent, the demands on network security are also becoming urgent, and the virtualized security isolation technology is being widely applied to various industries as an advanced network security protection means;
in the field of multi-scene fusion of a everything interconnection architecture, different users, applications or services can realize isolation and safe access of resources based on virtualized environments, and can realize multifunctional synchronous operation in a mutually noninterfere mode, so that not only the mutually noninterfere of program processes is needed to be considered, but also the resources are prevented from being attacked and maliciously occupied, and the process execution cannot be completed.
Disclosure of Invention
The invention aims to provide a system and a method for analyzing and identifying user data based on a 5G communication technology, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme:
a 5G communication technology based user data analysis and identification system, the system comprising: the system comprises an Internet of things virtual cloud module, a data processing module, a data analysis module and a behavior early warning module;
The virtual cloud module of the Internet of things is used for establishing a virtual cloud database of the Internet of things and recording and storing sub-cloud operation data corresponding to the end of the Internet of things; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
the data processing module is used for constructing an operation association behavior chain identification model, recording the behavior of each process for controlling access to the isolation space by means of the network isolation layer, and attaching a time tag to the operation association behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
the data analysis module calculates the credibility of the process in the behavior association group according to the classification and identification result; data cleaning and updating are carried out on the behavior association group;
the behavior early warning module calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result; and sends out an early warning prompt.
Further, the internet of things virtual cloud module further comprises a database unit and an archive unit;
the system comprises a database unit, an Internet of things virtual cloud database, a network isolation layer and a network mapping unit, wherein the database unit is used for establishing an Internet of things virtual cloud database, the Internet of things virtual cloud database stores operation data corresponding to sub-clouds connected through 5G communication, the sub-clouds are connected with each other in an interactive mode based on ports of an Internet of things terminal, the operation data comprise isolation spaces occupied by processes in the execution process of each sub-cloud and network isolation layers called by the processes in the execution process of each sub-cloud, the isolation spaces are independent memory spaces with the same size and distributed by the Internet of things virtual cloud, the network isolation layers are virtual connection mapping channels which are created by the Internet of things virtual cloud and are used for providing the sub-clouds with the execution process, and the mapping refers to corresponding software service functions which are converted into the Internet of things virtual cloud based on each hardware service function of the Internet of things terminal; one sub cloud corresponds to one Internet of things terminal;
The archive unit is used for establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium set; the process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
Further, the data processing module further comprises a behavior chain recording unit and a classification and identification unit;
the behavior chain recording unit is used for constructing an operation association behavior chain identification model, wherein the operation association behavior chain refers to the behavior that each process accesses an isolation space by means of a network isolation layer control in the process of executing each sub-cloud execution process; dividing the time in one day into k continuous time slices by taking the day as a time cycle period, and marking any one time slice as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
The classification and identification unit performs classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, and the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Implementing control of interactive processBehavior association group, PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
Further, the data analysis module further comprises a credibility analysis unit and a data cleaning unit;
the credibility analysis unit is used for comprehensively planning corresponding behavior association groups under the same network isolation layer according to the classification and identification results, generating a database to be cleaned and marking the database as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group R [ T ] c (t)|IL d ]Reliability in PP [ T ] c (s)|IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the process, T represents the total number of time cycle periods;
if it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if->And->NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
The data cleaning unit is used for cleaning the data of the behavior association group, presetting a credibility threshold, and if the process P is a In the behavior association group R [ T ] c (t)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]A space recognition set consisting of all isolation spaces in the system, and PT c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
Further, the behavior early warning module further comprises a safety limit value analysis unit and an early warning prompt unit;
the safety limit value analysis unit calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result, and the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
the early warning prompt unit is used for presetting a safety limit value threshold value, if the safety limit value SLV (IL) d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
A user data analysis and identification method based on 5G communication technology includes the following steps:
step S100: establishing an Internet of things virtual cloud database, and recording and storing sub-cloud operation data corresponding to an Internet of things terminal; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
step S200: the architecture runs an associated behavior chain identification model, records the behavior of each process for controlling access to an isolation space by means of a network isolation layer, and attaches a time tag to the running associated behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
step S300: calculating the credibility of the process in the behavior association group according to the classification and identification result; data cleaning and updating are carried out on the behavior association group;
step S400: according to the data cleaning result, calculating the safety limit value of the network isolation layer in the time segment; and sends out an early warning prompt.
Further, the specific implementation process of the step S100 includes:
step S101: establishing an Internet of things virtual cloud database, wherein operation data corresponding to sub-clouds connected through 5G communication are stored in the Internet of things virtual cloud database, the sub-clouds are connected with each other in an interactive mode based on ports of an Internet of things terminal, the operation data comprise isolation spaces occupied by processes in the process of executing each sub-cloud and network isolation layers called by the processes in the process of executing each sub-cloud, the isolation spaces are independent memory spaces with the same size and distributed by the Internet of things virtual cloud, the network isolation layers are virtual connection mapping channels which are created by the Internet of things virtual cloud and are used for providing the sub-clouds with the process of executing each sub-cloud, and mapping refers to corresponding software service functions which are realized in the Internet of things virtual cloud based on conversion of hardware service functions of the Internet of things terminal; one sub cloud corresponds to one Internet of things terminal;
step S102: establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium set; the process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
According to the method, in the field of multi-scenario fusion based on the everything interconnection architecture, the multi-internet-of-things terminal can realize interactive access between the processes and the memory resources through the allocation interface protocol, wherein synchronous call of the multi-processes is realized through the network isolation layer, however, although the operation of each process can be effectively isolated through the network isolation layer as the middle layer, access paths of other processes still exist to be attacked or modified through implantation of malicious programs from the source, so that the execution efficiency of the processes is affected, and the use experience of everything interconnection cannot meet the user requirements; according to the invention, by establishing the virtual space, the operation data of each port connected through the 5G communication is stored, and meanwhile, the independent storage spaces of a plurality of units, namely the isolation spaces, are divided, so that when the device is attacked, enough intact spaces can be ensured to be still utilized to the maximum extent.
Further, the specific implementation process of the step S200 includes:
step S201: the method comprises the steps of constructing an operation association behavior chain identification model, wherein the operation association behavior chain refers to the behavior that each process accesses an isolation space by means of a network isolation layer control in the process of executing each sub-cloud; dividing the time in one day into k continuous time slices by taking the day as a time cycle period, and marking any one time slice as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
Step S202: and carrying out classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, wherein the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Behavior association group for realizing control interaction process and PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
According to the method, the process controls access to the isolation space by means of the network isolation layer, a behavior chain is generated in the process, meanwhile, the advantage of dividing continuous time slices is that a large number of behavior chains can be subjected to micro-quantitative segment analysis, in a everything interconnection scene, behavior habits of users in one day are inevitably irregular to a great extent, and the micro-quantitative time segment analysis can grasp the behavior rules of the users from details.
Further, the implementation process of the step S300 includes:
step S301: according to the classification and identification result, corresponding behavior association groups under the same network isolation layer are comprehensively organized, a database to be cleaned is generated, and the database is marked as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group R [ T ] c (t)|IL d ]Reliability in PP [ T ] c (s)|IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the process, T represents the total number of time cycle periods;
if it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if->And->NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
Step S302: data cleaning is carried out on the behavior association group, a credibility threshold value is preset, and if the process P is carried out a In the behavior association group R [ T ] c (t)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
Correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]A space recognition set consisting of all isolation spaces in the system, and PT c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
According to the method, a large amount of behavior data are accumulated in different time cycle periods in the same time segment, the running rule of a process in the same time segment is obtained through quantitative analysis, namely the reliability is obtained, meanwhile, the reliability is obtained based on pairwise comparison analysis of the same time segment in different time cycle periods, long-term behavior habit data analysis is convenient for finding out regularity characteristics, for one process, if the process is simultaneously present in the same time segment in two different time cycle periods, a plurality of processes in the same time segment can be mutually supervised, so that the greater the reliability is, the fact that a certain process is approved by most processes in the same time segment is obtained, namely the process is mutually familiar, namely the process is normal by means of resource access behavior of the process by a network isolation layer, otherwise, the process is extremely likely to be an abnormal malicious process; the effect of the data cleaning is then to clean up the operational data of these abnormal processes so that subsequent digital analysis can be quantified under normal circumstances.
Further, the specific implementation process of the step S400 includes:
step S401: according to the data cleaning result, calculating the safety limit value of the network isolation layer in the time segment, wherein the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
step S402: preset safety margin threshold, if the safety margin SLV (IL d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
According to the method, the safety limit value is analyzed under normal environment, and the formulaThe method is characterized in that the single process is used for obtaining a process behavior stability value which can be borne by the network isolation layer in the same time segment through carrying out occupied memory volume by the network isolation layer and carrying out long-term time cycle period accumulated calculation, namely, a safety limit value is obtained, and the larger the safety limit value is, the larger the process behavior fluctuation which can be borne by the network isolation layer in the same time segment is, and further the risk is also larger.
Compared with the prior art, the invention has the following beneficial effects: in the user data analysis and identification system and method based on the 5G communication technology, an Internet of things virtual cloud database is established, sub-cloud operation data corresponding to an Internet of things end is recorded and stored, an operation archive is established, and the progress of sub-cloud execution, the isolation space allocated by the Internet of things virtual cloud and the network isolation layer created by the Internet of things virtual cloud are classified and counted; the architecture operates an associated behavior chain identification model, records the behavior of each process for controlling access to an isolation space by means of a network isolation layer, and adds a time tag to the operation associated behavior chain to generate a behavior association group; the reliability of the process in the behavior association group is calculated by analyzing behavior characteristics of different data behaviors in the same time segment and under different time cycle periods, and the safety limit value of the same network isolation layer in the same time segment is conveniently calculated by cleaning abnormal data behaviors, so that safety early warning can be carried out on user behaviors in real time or periodically. .
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of a system for analyzing and identifying user data based on 5G communication technology according to the present invention;
fig. 2 is a schematic diagram of steps of a method for analyzing and identifying user data based on a 5G communication technology according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-2, the present invention provides the following technical solutions:
referring to fig. 1, in a first embodiment: there is provided a 5G communication technology-based user data analysis and identification system, the system comprising: the system comprises an Internet of things virtual cloud module, a data processing module, a data analysis module and a behavior early warning module;
The virtual cloud module of the Internet of things is used for establishing a virtual cloud database of the Internet of things and recording and storing sub-cloud operation data corresponding to the Internet of things terminal; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
the virtual cloud module of the Internet of things further comprises a database unit and an archive unit;
the system comprises a database unit, a network isolation unit and a network management unit, wherein the database unit is used for establishing an Internet of things virtual cloud database, the Internet of things virtual cloud database stores operation data corresponding to sub-clouds connected through 5G communication, the sub-clouds are used for carrying out the interconnection of the Internet of things virtual clouds based on ports of an Internet of things terminal, the operation data comprises an isolation space occupied by processes in the execution process of each sub-cloud and a network isolation layer called by the processes in the execution process of each sub-cloud, the isolation space is an independent memory space with the same size and distributed by the Internet of things virtual cloud, the network isolation layer is a virtual connection mapping channel which is created by the Internet of things virtual cloud and is used for providing the execution process of each sub-cloud, and mapping refers to conversion of each hardware service function based on the Internet of things terminal into a corresponding software service function realized in the Internet of things virtual cloud; one sub cloud corresponds to one Internet of things terminal;
The archive unit is used for establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium set; the process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
The data processing module is used for constructing an operation association behavior chain identification model, recording the behavior of each process for controlling access to the isolation space by means of the network isolation layer, and attaching a time tag to the operation association behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
the data processing module further comprises a behavior chain recording unit and a classification and identification unit;
the behavior chain recording unit is used for constructing an operation association behavior chain identification model, wherein the operation association behavior chain refers to the behavior of each process for controlling access to an isolation space by means of a network isolation layer in the process of executing each sub-cloud; dividing the time in one day into k continuous time slices by taking the day as a time cycle period, and marking any one time slice as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
The classification and identification unit performs classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, and the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Behavior association group for realizing control interaction process and PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
The data analysis module is used for calculating the credibility of the process in the behavior association group according to the classification and identification results; data cleaning and updating are carried out on the behavior association group;
the data analysis module further comprises a credibility analysis unit and a data cleaning unit;
the credibility analysis unit is used for comprehensively planning a corresponding behavior association group under the same network isolation layer according to the classification and identification result, generating a database to be cleaned and marking the database as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group R [ T ] c (t)|IL d ]Reliability in PP [ T ] c (s)|IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the fileT represents the total number of time cycle periods;
If it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if->And->NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
The data cleaning unit is used for cleaning the data of the behavior association group, presetting a credibility threshold, and if the process P is performed a In the behavior association group R [ T ] c (T)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Space knowledge composed of all isolation spaces in the systemOther sets, and PT c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
The behavior early warning module calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result; and sending out an early warning prompt;
the behavior early warning module further comprises a safety limit value analysis unit and an early warning prompt unit;
The safety limit value analysis unit calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result, and the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
an early warning prompt unit for presetting a safety threshold value if the safety threshold value SLV (IL) d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
Referring to fig. 2, in the second embodiment: the method for analyzing and identifying the user data based on the 5G communication technology comprises the following steps:
step S100: establishing an Internet of things virtual cloud database, and recording and storing sub-cloud operation data corresponding to an Internet of things terminal; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
specifically, an Internet of things virtual cloud database is established, operation data corresponding to sub-clouds connected through 5G communication are stored in the Internet of things virtual cloud database, the sub-clouds are connected with each other in an interactive mode based on ports of an Internet of things terminal, the operation data comprise isolation spaces occupied by processes in the process of executing each sub-cloud and network isolation layers called by the processes in the process of executing each sub-cloud, the isolation spaces are independent memory spaces with the same size and distributed by the Internet of things virtual cloud, the network isolation layers are virtual connection mapping channels which are created by the Internet of things virtual cloud and are used for providing the sub-clouds with the process of executing each sub-cloud, and mapping refers to conversion of each hardware service function based on the Internet of things terminal into corresponding software service functions realized in the Internet of things virtual cloud; one sub cloud corresponds to one Internet of things terminal;
Establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium set; the process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
For example, for the case of everything interconnection in the smart home field, each smart home can be allocated a dedicated sub-cloud space docking interaction.
Step S200: the architecture runs an associated behavior chain identification model, records the behavior of each process for controlling access to an isolation space by means of a network isolation layer, and attaches a time tag to the running associated behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
specifically, the architecture runs an associated behavior chain identification model, and the associated behavior chain is run in the process of executing processes of all sub-clouds, and all processes control the behavior of accessing an isolation space by means of a network isolation layer; cycle with day as time The period is divided into k continuous time slices for the time of day, and any time slice is recorded as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
And carrying out classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, wherein the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Behavior association group for realizing control interaction process and PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
Step S300: calculating the credibility of the process in the behavior association group according to the classification and identification result; data cleaning and updating are carried out on the behavior association group;
specifically, according to the classification and identification result, corresponding behavior association groups under the same network isolation layer are comprehensively organized, a database to be cleaned is generated, and the database is marked as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group R [ T ] c (t)|IL d ]Reliability in PP [ T ] c (s)|IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the process, T represents the total number of time cycle periods;
if it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if- >And->Make NUM{PP[T c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
Data cleaning is carried out on the behavior association group, a credibility threshold value is preset, and if the process P is carried out a In the behavior association group R [ T ] c (t)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]A space recognition set consisting of all isolation spaces in the system, and PT c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
Step S400: according to the data cleaning result, calculating the safety limit value of the network isolation layer in the time segment; and sending out an early warning prompt;
specifically, according to the data cleaning result, the safety limit value of the network isolation layer in the time segment is calculated, and the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
preset safety margin threshold, if the safety margin SLV (IL d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention and is not intended to limit the present invention, but although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the technical solutions described in the foregoing embodiments, or equivalents may be substituted for some of the technical features thereof. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A 5G communication technology-based user data analysis and identification method, comprising the steps of:
step S100: establishing an Internet of things virtual cloud database, and recording and storing sub-cloud operation data corresponding to an Internet of things terminal; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
step S200: the architecture runs an associated behavior chain identification model, records the behavior of each process for controlling access to an isolation space by means of a network isolation layer, and attaches a time tag to the running associated behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
step S300: calculating the credibility of the process in the behavior association group according to the classification and identification result; data cleaning and updating are carried out on the behavior association group;
step S400: according to the data cleaning result, calculating the safety limit value of the network isolation layer in the time segment; and sends out an early warning prompt.
2. The method for analyzing and identifying user data based on the 5G communication technology according to claim 1, wherein the specific implementation process of step S100 includes:
Step S101: establishing an Internet of things virtual cloud database, wherein operation data corresponding to sub-clouds connected through 5G communication are stored in the Internet of things virtual cloud database, the sub-clouds are connected with each other in an interactive mode based on ports of an Internet of things terminal, the operation data comprise isolation spaces occupied by processes in the process of executing each sub-cloud and network isolation layers called by the processes in the process of executing each sub-cloud, the isolation spaces are independent memory spaces with the same size and distributed by the Internet of things virtual cloud, the network isolation layers are virtual connection mapping channels which are created by the Internet of things virtual cloud and are used for providing the sub-clouds with the process of executing each sub-cloud, and mapping refers to corresponding software service functions which are realized in the Internet of things virtual cloud based on conversion of hardware service functions of the Internet of things terminal; one sub cloud corresponds to one Internet of things terminal;
step S102: establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium setThe method comprises the steps of carrying out a first treatment on the surface of the The process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
3. The method for analyzing and identifying user data based on 5G communication technology according to claim 2, wherein the specific implementation process of step S200 includes:
step S201: the method comprises the steps of constructing an operation association behavior chain identification model, wherein the operation association behavior chain refers to the behavior that each process accesses an isolation space by means of a network isolation layer control in the process of executing each sub-cloud; dividing the time in one day into k continuous time slices by taking the day as a time cycle period, and marking any one time slice as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
Step S202: and carrying out classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, wherein the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Behavior association group for realizing control interaction process and PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
4. The method for analyzing and identifying user data based on 5G communication technology according to claim 3, wherein the specific implementation process of step S300 includes:
step S301: according to the classification and identification result, corresponding behavior association groups under the same network isolation layer are comprehensively organized, a database to be cleaned is generated, and the database is marked as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group Rf c (t)|IL d ]Reliability in PP [ T ] c (s)|IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the process, T represents the total number of time cycle periods;
if it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if->Eye->NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
Step S302: data cleaning is carried out on the behavior association group, a credibility threshold value is preset, and if the process P is carried out a In the behavior association group R [ T ] c (t)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior Association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]A space recognition set consisting of all isolation spaces in the system, and Pv c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
5. The method for analyzing and identifying user data based on 5G communication technology according to claim 4, wherein the specific implementation process of step S400 includes:
step S401: according to the data cleaning result, calculating the safety limit value of the network isolation layer in the time segment, wherein the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
step S402: preset safety margin threshold, if the safety margin SLV (IL d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
6. A 5G communication technology based user data analysis and identification system, the system comprising: the system comprises an Internet of things virtual cloud module, a data processing module, a data analysis module and a behavior early warning module;
The virtual cloud module of the Internet of things is used for establishing a virtual cloud database of the Internet of things and recording and storing sub-cloud operation data corresponding to the end of the Internet of things; establishing an operation archive, and classifying and counting processes executed by the sub-cloud, an isolation space allocated by the virtual cloud of the Internet of things and a network isolation layer created by the virtual cloud of the Internet of things;
the data processing module is used for constructing an operation association behavior chain identification model, recording the behavior of each process for controlling access to the isolation space by means of the network isolation layer, and attaching a time tag to the operation association behavior chain; classifying and identifying the operation association behavior chains according to the time labels to generate a behavior association group;
the data analysis module calculates the credibility of the process in the behavior association group according to the classification and identification result; data cleaning and updating are carried out on the behavior association group;
the behavior early warning module calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result; and sends out an early warning prompt.
7. The system for analyzing and identifying user data based on 5G communication technology according to claim 6, wherein: the virtual cloud module of the Internet of things further comprises a database unit and an archive unit;
The system comprises a database unit, an Internet of things virtual cloud database, a network isolation layer and a network mapping unit, wherein the database unit is used for establishing an Internet of things virtual cloud database, the Internet of things virtual cloud database stores operation data corresponding to sub-clouds connected through 5G communication, the sub-clouds are connected with each other in an interactive mode based on ports of an Internet of things terminal, the operation data comprise isolation spaces occupied by processes in the execution process of each sub-cloud and network isolation layers called by the processes in the execution process of each sub-cloud, the isolation spaces are independent memory spaces with the same size and distributed by the Internet of things virtual cloud, the network isolation layers are virtual connection mapping channels which are created by the Internet of things virtual cloud and are used for providing the sub-clouds with the execution process, and the mapping refers to corresponding software service functions which are converted into the Internet of things virtual cloud based on each hardware service function of the Internet of things terminal; one sub cloud corresponds to one Internet of things terminal;
the archive unit is used for establishing an operation archive, wherein the operation archive comprises a process item set, a space pointer set and a channel medium set; the process item set comprises processes executed by all sub-clouds, and is recorded as PP= { P a |a∈[1,A]}, wherein P a Represents an a-th process, A represents the total number of processes; the space pointer set comprises an isolation space allocated by the virtual cloud of the Internet of things, and the space pointer set is recorded as SP= { LS b |b∈[1,B]-LS, where b Represents the B-th isolation space, and B represents the total number of isolation spaces; the channel medium set comprises a network isolation layer created by the virtual cloud of the Internet of things, and the channel medium set is recorded as CM= { IL d |d∈[1,D]}, wherein IL d Represents the D-th network separation layer, and D represents the total number of network separation layers.
8. The 5G communication technology based user data analysis and identification system of claim 7, wherein: the data processing module further comprises a behavior chain recording unit and a classification and identification unit;
the behavior chain recording unit is used for constructing an operation association behavior chain identification model, wherein the operation association behavior chain refers to the behavior that each process accesses an isolation space by means of a network isolation layer control in the process of executing each sub-cloud execution process; dividing the time in one day into k continuous time slices by taking the day as a time cycle period, and marking any one time slice as T c Wherein c represents the sequence number of the time segment; adding a time tag to the operation association action chain, recording the time range of the occurrence of the operation association action chain, and marking any operation association action chain as P a →IL d →LS b The time tag attached to the operation association action chain is marked as T c (t):P a →IL d →LS b Time tag T c (t) represents the run-related behavior chain P a →IL d →LS b Time segment T in the T-th time cycle c Happens in, run associated behavior chain P a →IL d →LS b Representing process P a By means of a network barrier layer IL d Controlling access to an isolation space LS b And occupy an isolated space LS b ;
The classification and identification unit performs classification and identification on the operation association behavior chain according to the time segment and the network isolation layer, and the classification and identification mode is as follows:
at time tag T c Under (T), obtaining all processes and all isolation spaces for implementing control interaction between processes and isolation spaces by means of network isolation layer, and creating behavior association group, and recording it as R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Wherein R < T > c (t)|IL d ]Representing a time segment T during the T-th time cycle c By isolating layer IL via a network d Behavior association group for realizing control interaction process and PP [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]Process identification set consisting of all processes in a program, LL [ T ] c (t)|IL d ]Representing behavioral association groups R [ T ] c (t)|IL d ]A space recognition set consisting of all isolation spaces in the model, and PP [ T ] c (t)|IL d ]∈PP,LL[T c (t)|IL d ]∈SP。
9. The system for analyzing and identifying user data based on 5G communication technology according to claim 8, wherein: the data analysis module further comprises a credibility analysis unit and a data cleaning unit;
The credibility analysis unit is used for comprehensively planning corresponding behavior association groups under the same network isolation layer according to the classification and identification results, generating a database to be cleaned and marking the database as Q; acquiring process P in process item set a Any behavior association group R [ T ] is obtained from a database Q to be cleaned c (t)|IL d ]If P a ∈PP[T c (t)|IL d ]Extracting behavior association group R [ T ] c (t)|IL d ]Computing process P a In the behavior association group R [ T ] c (t)|IL d ]The specific calculation formula is as follows:
wherein RL { P a →R[T c (t)|IL d ]Process P is represented by a In the behavior association group R [ T ] c (t)|IL d ]Reliability in (C) and PP [ Tc(s) |IL d ]Representing behavioral association groups R [ T ] c (s)|IL d ]Process identification set composed of all processes in (a) NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]Process identification set PP [ T ] c (t)|IL d ]And process identification set PP [ T ] c (s)|IL d ]The total number of processes contained in the intersection of (1) NUM { PP [ T ] c (t)|IL d ]Process identification set PP [ T ] c (t)|IL d ]The total number of processes contained in the process, T represents the total number of time cycle periods;
if it isNUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]0, if->Eye->NUM { PP [ T ] c (t)|IL d ]∩PP[T c (s)|IL d ]}=0;
The data cleaning unit is used for cleaning the data of the behavior association group, presetting a credibility threshold, and if the process P is a In the behavior association groupR[T c (t)|IL d ]If the credibility in the process P is smaller than or equal to the credibility threshold value, the process P is processed a Identifying a set PP [ T ] from a process c (t)|IL d ]While simultaneously clearing process P a Occupied insulation space LS b Identifying a set LL [ T ] from space c (t)|IL d ]Is cleared and associated with behavior association group R [ T ] c (t)|IL d ]Updating;
acquiring another process in the process item set, returning to step S301, and performing cleaning iteration until all processes in the process item set participate in the completion behavior association group R [ T ] c (t)|IL d ]Is updated, and the iteration is cleared;
correlating the final updated behavior into a group R [ T ] c (t)|IL d ]:PP[T c (t)|IL d ]→LL[T c (t)|IL d ]Is denoted as r [ T ] c (t)|IL d ]:P[T c (t)|IL d ]→L[T c (t)|IL d ]Wherein, P [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]Process identification set composed of all processes in the system, L [ T ] c (t)|IL d ]Representing behavioral association groups rT c (t)|IL d ]A space recognition set consisting of all isolation spaces in the system, and PT c (t)|IL d ]∈PP[T c (t)|IL d ],L[T c (t)|IL d ]∈LL[T c (t)|IL d ]。
10. The system for analyzing and identifying user data based on 5G communication technology according to claim 9, wherein: the behavior early warning module further comprises a safety limit value analysis unit and an early warning prompt unit;
the safety limit value analysis unit calculates the safety limit value of the network isolation layer in the time segment according to the data cleaning result, and the specific calculation formula is as follows:
wherein SLV (IL) d ) Representing a network barrier layer IL d In time segment T c Within the safety margin value, NUM { L [ T ] c (t)|IL d ][ T ] represents a set of spatial recognitions c (t)|IL d ]The total number of isolation spaces contained in the memory card is NUM { P [ T ] c (t)|IL d ]Process identification set P [ T ] c (t)|IL d ]The total number of processes involved;
the early warning prompt unit is used for presetting a safety limit value threshold value, if the safety limit value SLV (IL) d |T c ) And if the safety threshold value is greater than or equal to the safety threshold value, sending out an early warning prompt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311608917.5A CN117640407B (en) | 2023-11-29 | 2023-11-29 | User data analysis and identification system and method based on 5G communication technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311608917.5A CN117640407B (en) | 2023-11-29 | 2023-11-29 | User data analysis and identification system and method based on 5G communication technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117640407A true CN117640407A (en) | 2024-03-01 |
| CN117640407B CN117640407B (en) | 2024-05-14 |
Family
ID=90037099
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311608917.5A Active CN117640407B (en) | 2023-11-29 | 2023-11-29 | User data analysis and identification system and method based on 5G communication technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640407B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112883369A (en) * | 2021-03-25 | 2021-06-01 | 中国科学院信息工程研究所 | Credible virtualization system |
| KR102307641B1 (en) * | 2021-04-30 | 2021-10-01 | 나무기술 주식회사 | Parallel processing control system for cloud operation data analysis |
| CN114172930A (en) * | 2021-11-09 | 2022-03-11 | 清华大学 | Large-scale Internet of things service domain isolated communication method and device, electronic equipment and storage medium |
| CN115987644A (en) * | 2022-12-26 | 2023-04-18 | 中国电力科学研究院有限公司 | Intelligent power distribution internet of things safety authentication system |
| CN116647836A (en) * | 2023-07-27 | 2023-08-25 | 深圳市芯保迪电子科技有限公司 | Network security intelligent monitoring system and method based on 5G communication technology |
-
2023
- 2023-11-29 CN CN202311608917.5A patent/CN117640407B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112883369A (en) * | 2021-03-25 | 2021-06-01 | 中国科学院信息工程研究所 | Credible virtualization system |
| KR102307641B1 (en) * | 2021-04-30 | 2021-10-01 | 나무기술 주식회사 | Parallel processing control system for cloud operation data analysis |
| CN114172930A (en) * | 2021-11-09 | 2022-03-11 | 清华大学 | Large-scale Internet of things service domain isolated communication method and device, electronic equipment and storage medium |
| CN115987644A (en) * | 2022-12-26 | 2023-04-18 | 中国电力科学研究院有限公司 | Intelligent power distribution internet of things safety authentication system |
| CN116647836A (en) * | 2023-07-27 | 2023-08-25 | 深圳市芯保迪电子科技有限公司 | Network security intelligent monitoring system and method based on 5G communication technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117640407B (en) | 2024-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Atat et al. | Big data meet cyber-physical systems: A panoramic survey | |
| Yang et al. | A spatiotemporal compression based approach for efficient big data processing on cloud | |
| JP6783887B2 (en) | Treatment route analysis and management platform | |
| US8260622B2 (en) | Compliant-based service level objectives | |
| CN106371975B (en) | A kind of O&M automation method for early warning and system | |
| US20190065738A1 (en) | Detecting anomalous entities | |
| US20190311114A1 (en) | Man-machine identification method and device for captcha | |
| CN112148987A (en) | Message pushing method based on target object activity and related equipment | |
| CN110544109A (en) | user portrait generation method and device, computer equipment and storage medium | |
| CN105607952B (en) | Method and device for scheduling virtualized resources | |
| US10785243B1 (en) | Identifying evidence of attacks by analyzing log text | |
| WO2016073776A1 (en) | System for management of health resources | |
| CN114124503B (en) | Intelligent network sensing method for optimizing efficiency of progressive concurrent cache | |
| CN111447246B (en) | Node vulnerability estimation method and system based on heterogeneous information network | |
| CN107844406A (en) | Method for detecting abnormality and system, service terminal, the memory of distributed system | |
| US11392821B2 (en) | Detecting behavior patterns utilizing machine learning model trained with multi-modal time series analysis of diagnostic data | |
| CN110460662A (en) | The processing method and system of internet of things data | |
| CN115237857A (en) | Log processing method and device, computer equipment and storage medium | |
| CN116545740B (en) | Threat behavior analysis method and server based on big data | |
| CN117640407B (en) | User data analysis and identification system and method based on 5G communication technology | |
| US10057274B1 (en) | Systems and methods for profiling client systems | |
| CN115860366B (en) | Intelligent coordination control method and system for community robot and readable storage medium | |
| Lee et al. | Detecting anomaly teletraffic using stochastic self-similarity based on Hadoop | |
| CN115883392A (en) | Data perception method and device of computing power network, electronic equipment and storage medium | |
| CN107526794A (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |