CN118075007A - Security protection method and device, electronic equipment and storage medium - Google Patents

Security protection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN118075007A
CN118075007A CN202410300325.5A CN202410300325A CN118075007A CN 118075007 A CN118075007 A CN 118075007A CN 202410300325 A CN202410300325 A CN 202410300325A CN 118075007 A CN118075007 A CN 118075007A
Authority
CN
China
Prior art keywords
security
service system
rail transit
matrix
intelligent service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410300325.5A
Other languages
Chinese (zh)
Inventor
张景雯
高婷婷
吴昊
侯日根
张跃军
周颖
汤蓓蓓
韩蕾
肖翔
田惠文
刘静
王飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRSC Research and Design Institute Group Co Ltd
Original Assignee
CRSC Research and Design Institute Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRSC Research and Design Institute Group Co Ltd filed Critical CRSC Research and Design Institute Group Co Ltd
Priority to CN202410300325.5A priority Critical patent/CN118075007A/en
Publication of CN118075007A publication Critical patent/CN118075007A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0637Strategic management or analysis, e.g. setting a goal or target of an organisation; Planning actions based on goals; Analysis or evaluation of effectiveness of goals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Educational Administration (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Marketing (AREA)
  • Bioethics (AREA)
  • General Business, Economics & Management (AREA)
  • Virology (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Algebra (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a safety protection method, a safety protection device, electronic equipment and a storage medium, and relates to the technical field of rail transit. The method comprises the following steps: constructing a safety hierarchy structure of an intelligent regional rail transit service system; according to the security hierarchy, determining a target security object and a target model element which are most required to be focused on by the security protection of the regional track traffic intelligent service system; and adjusting the security policy corresponding to the information security model according to the target security object and the target model element so as to carry out security protection on the regional track traffic intelligent service system based on the adjusted security policy. The scheme of the invention can determine the security objects and model elements which are most required to be focused in different periods, and further can ensure that the security protection of the regional rail transit intelligent service system is more reliable and more accurate by pertinently adjusting the security policy.

Description

Security protection method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of rail transit technologies, and in particular, to a method and apparatus for protecting security of an intelligent information service system for regional rail transit, an electronic device, and a storage medium.
Background
At present, information technologies such as the Internet of things, cloud computing, big data, mobile interconnection and the like are rapidly developed and widely applied, but the introduction of new information technologies leads to the fact that an intelligent information service system for regional rail transit is more network security threats while promoting intelligence and improving information service quality. Because the regional rail transit intelligent information service system needs to master and process mass data, various applications and system architectures have isomerism and the industry chain is complex, and the system threat faced by the regional rail transit intelligent information service system is increased continuously. Worldwide, attack events for regional rail transit intelligent service industry frequently occur, and the regional rail transit intelligent service system aggregates massive high-value user data. These unprecedented security risks have raised widespread concerns about information security issues. How to realize the safety protection of the regional track traffic intelligent information service system becomes a technical problem to be solved.
Disclosure of Invention
The invention provides a safety protection method, a safety protection device, electronic equipment and a storage medium.
According to an aspect of the present invention, there is provided a security protection method for an intelligent service system for regional rail transit, including:
Constructing a security hierarchy of the regional rail transit intelligent service system; the first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object;
According to the security hierarchy, determining a target security object and a target model element which are most required to be focused on by security protection of the regional rail transit intelligent service system;
and adjusting the security policy corresponding to the information security model according to the target security object and the target model element so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
According to another aspect of the present invention, there is provided a safety protection device for an intelligent service system for regional rail transit, comprising:
The hierarchical division module is used for constructing a safety hierarchical structure of the regional rail transit intelligent service system; the first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object;
The screening module is used for determining a target security object and a target model element which are most required to be focused on by the security protection of the regional rail transit intelligent service system according to the security hierarchical structure;
And the protection module is used for adjusting the security policy corresponding to the information security model according to the target security object and the target model element so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the security protection method according to the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a security protection method according to an embodiment of the present invention.
The technical scheme of the embodiment of the invention can determine the security objects and model elements which are most required to be focused in different periods, and further can ensure that the security protection of the regional rail transit intelligent service system is more reliable and more accurate through targeted adjustment of the security policy.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1a is a schematic flow chart of a method for protecting security according to an embodiment of the present invention;
FIG. 1b is a schematic diagram of a security hierarchy of an intelligent service system for regional rail transit provided according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for protecting security according to an embodiment of the present invention;
FIG. 3 is a schematic view of a safety device according to an embodiment of the present invention;
Fig. 4 is a schematic structural diagram of an electronic device implementing a security protection method according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
In order to ensure the safety protection of the regional track traffic intelligent server system, the scheme of the invention provides a safety framework suitable for the regional track traffic intelligent server system, and the safety framework comprises a center and five layers; the system comprises a cloud security management center deployed with an information security model, five layers of security objects in an intelligent service system of regional track traffic, namely a perception layer security object (comprising a perception device, an internet of things end, a vehicle-mounted terminal and the like), a network layer security object (comprising a network architecture, a communication protocol, a security log and the like), a platform layer security object (comprising platform access, platform development and the like), an application support layer security object (comprising information management, user management, application management and the like) and a data analysis layer security object (comprising data acquisition, transmission, use, storage and the like).
To facilitate understanding of the solution, a center and five security objects will first be explained. Specifically, the cloud security management center is a management core of a security policy of the system, and the highest level and authority management of the cloud platform is achieved. The cloud security management center mainly has the following functions:
The action is as follows: the system realizes unified management and scheduling on all servers, service terminals, security devices and network devices of the system, ensures reasonable utilization of resources to the greatest extent, and mainly comprises user management, resource management, virtual machine management, image management, resource scheduling management, virtual data center management, system management and the like.
The second action is: the system realizes unified safety monitoring on all servers, service terminals, safety equipment and network equipment of the system, comprehensively knows the running conditions of various equipment, timely discovers equipment faults and timely alarms, and greatly improves the network monitoring early warning capability and the accident response processing speed.
The third action is: virus protection. The virus protection system should have the characteristics of uniformity and integrity. The cloud computing platform becomes an engine of antivirus software, and when a virus or Trojan horse is scanned, a program which cannot be identified is found, and the program is uploaded to a virus protection system of the cloud for analysis and sample reservation. And identifying, checking and killing viruses, and collecting, analyzing and processing the platform and the terminal in real time by virtue of a unified virus protection system of the cloud. The system has the functions of automatic distribution of virus libraries, centralized configuration and management of automatic upgrading, unified event and alarm processing and the like, and forms a unified virus protection system. If the system adopts a private cloud mode, the virus protection system needs to acquire the latest virus library from antivirus software manufacturers at regular time, and physical isolation equipment is used for isolating the private cloud from the outside when the private cloud is connected with the outside.
The four actions are as follows: PKI authentication. The system has the functions of user application auditing, certificate issuing, certificate revocation, certificate management, key management, user management and the like, and meets all requirements as key management by using CA certificates, such as confidentiality of information, authentication of information, non-repudiation of information, integrity of information and the like.
The fifth action is: and (5) security audit. The system has a lot of automatically identified data and access information of non-manual operation, so that log information is more important for daily operation maintenance, security event tracing, case investigation evidence collection and the like. And unified and complete audit analysis is carried out, and the post-examination capability of illegal events is improved through the security audit of various logs such as operation, maintenance and the like. And effective measures are taken to ensure the accuracy and the integrity of the cloud computing user activity log. And (3) establishing a perfect system log and an audit mechanism, wherein the content of the log comprises a user ID, an operation date and time, operation content, whether the operation is successful or not and the like.
In this embodiment, the information security model deployed in the cloud security management center is optionally an SAP2DR2 security model. The SAP2DR2 security model includes a situation awareness module (Situation Awareness, SA), a Policy module (Policy), a Protection module (Protection), a Detection module (Detection), a Response module (Response), and a Recovery module (Recovery).
Specifically, for the situation awareness module, the situation awareness SA is to learn and understand environmental factors in a certain space-time range, and predict future development trends, including network security situation awareness, network security situation understanding and network security situation projection. The network security situation awareness mainly carries out noise reduction and standardization processing on the related detection equipment in the network and the original data generated by the management system to obtain effective information, and then carries out relevance analysis on the information to identify a subject and an object in the system and further distinguish abnormal activities. The method comprises the following specific steps:
Step one, aiming at a security event, analyzing various detection parameter values, thereby setting a reasonable threshold value for the detection parameter values and assigning a value for the detection parameter weight by combining a host role and a guest role;
step two, creating an event library based on the step one, wherein the event library comprises trigger conditions and pre-judging types
And thirdly, establishing a feedback mechanism, evaluating the judgment effect according to the implementation effect of the measures taken for the judged abnormal activities, and alarming the error judgment to further optimize the judgment algorithm.
Network security situation understanding is to find out attack activities on the basis of network security situation awareness, understand and relate the semantics of the attack activities, and then understand the intention on the basis of the attack activities.
The main task of network security posture projection is to analyze and evaluate the threat situation of the attack activities on the respective objects in the current system on the basis of the first two steps, and such projection includes finding the effects that these attack activities have and may have on the objects.
Network security posture awareness represents network security conditions in visual form as "Who is Where and what affects Who (wha, white, impact)".
The core of the policy module, which is the whole model, is the security policy. Each link in the model is performed under the control and guidance of a security policy. Different networks require different policies, and before policies are formulated, it is necessary to comprehensively consider the various risks and vulnerabilities that may exist in the networks and determine the corresponding safeguards and implementations.
The protection module generally adopts the technologies of strong password authentication, packet authorized access, firewall, antivirus, intrusion protection and the like, combines the security services of log analysis, security reinforcement, emergency response and the like, defends network attacks from the outside, and cuts off illegal access inside.
The detection module timely discovers weak links of the network through dynamic performance detection, honeypot spoofing, intrusion detection, vulnerability scanning and other methods, and if the network is monitored to be attacked or the network is scanned to have vulnerabilities, the detection module immediately repairs the network and transmits feedback results to the next module.
The response module can be used for realizing the active defense response and the important information instant recovery function of the attack. "response" refers to an emergency procedure after a security event has occurred, and may be considered as further "protection".
The recovery module is used for immediately adopting a series of measures when the system suffers an emergency, recovering the system function as soon as possible and providing normal service. The destroyed network system is restored to the state before being destroyed by comprehensively using the modes of system upgrading, patching and the like, and the lost information during the safety accident can be recovered in a recovery module or the network can be repaired by means of software upgrading, patching and the like. Recovery is a guarantee for realizing dynamic network security, and is an important embodiment of system viability.
On the basis of the above description, the specific flow of the safety protection method for the regional rail transit intelligent service system can be seen in the following embodiment.
Example 1
Fig. 1a provides a flowchart of a security protection method according to an embodiment of the present invention, where the method may be implemented by a security protection device, and the security protection device may be implemented in a form of hardware and/or software, and the security protection device may be configured in an electronic device.
As shown in fig. 1a, the safety protection method for the regional rail transit intelligent service system comprises the following steps:
S101, constructing a security hierarchy structure of the regional rail transit intelligent service system.
In this embodiment, the regional rail transit intelligent service system is a comprehensive service system integrated with a plurality of subsystems, and optionally includes an automatic train monitoring system (ATS), an automatic toll collection system (AFC), a network communication system, a weighing system, a closed-circuit television system, and the like. The system aims to provide information management services for rail transit operators, passengers and other related personnel, and screen, repair and semanteme unification are carried out on multi-source information data through a data analysis layer, so that the collection, analysis and processing of the information data are completed, and the information release requirements are met.
Further, as can be seen from the foregoing description, the security architecture of the regional rail transit intelligent service system includes a cloud security management center deployed with an information security model and security objects to be protected, where the security objects include a perception layer security object, a network layer security object, a platform layer security object, an application support layer security object, and a data analysis layer security object. Therefore, the security hierarchy structure of the regional rail transit intelligent service system can be constructed according to the security architecture of the regional rail transit intelligent service system. For example, referring to FIG. 1b, a schematic diagram of a security hierarchy of a regional rail transit intelligent service system is shown. The first layer of the security hierarchy is an area rail transit intelligent service system needing security protection, the second layer is a security object (B 1-B5 in the figure) needing security protection in the area rail transit intelligent service system, the third layer is a model element (C 11-C55 in the figure, namely each module composing the model) composing an information security model, and the information security model is used for detecting and protecting threats existing in the security object.
S102, determining a target security object and a target model element which are most required to be focused on by the security protection of the regional rail transit intelligent service system according to the security hierarchical structure.
In this embodiment, on the basis of determining the security hierarchy, since the security protection of the regional rail transit intelligent service system has different degrees of attention to each security object and model element in different periods, it is necessary to determine the target security object and target model element that the security protection most needs to pay attention to in different periods from the security hierarchy.
In an alternative implementation, determining a target security object that most needs attention for security protection of the regional rail transit intelligent service system includes: firstly, determining importance degrees of the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object relative to the regional track traffic intelligent service system respectively; optionally, the importance degree of each security object can be quantitatively measured according to the probability of each security object causing the security fault of the system and the fault recovery time; for example, the greater the probability that a security object will cause a security failure in a system, the greater the importance of the security object relative to the system; the longer the fault recovery time of a security fault caused by a security object, the more important the security object. Further, the importance degrees corresponding to the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object are compared in pairs, and the comparison result is recorded through a first result matrix. Illustratively, according to a= (a ij)n×n,aij >0, Where a ij is the result of a comparison of security objects B i and B j, a scale of 1-9 is typically used, the significance of which is shown in Table 1.
TABLE 1
In an alternative implementation, the difference or quotient of the importance levels of the two security objects can be determined to determine the importance level when comparing the two security objects. Optionally, each scale corresponds to a difference value interval or a quotient value interval of importance degree, so that the scale corresponding to the comparison result can be determined according to the difference value or the quotient value interval determined by comparing every two. Illustratively, the first result matrix a is obtained by a matrix formula as follows:
further, after the first result matrix is obtained, an object index weight of each security object may be determined according to the first result matrix, and the target security object may be determined according to the object index weight. Alternatively, the first result matrix may be normalized by rows, to obtain a normalized matrix as follows: w= [0.364 0.072 0.277 0.183 0.103] T, each element in the normalized matrix may be used as an object index weight of each security object, for example, 0.364 may be used as an object index weight of a security object of a perception layer, 0.072 may be used as an object index weight of a security object of a network layer, 0.277 may be used as an object index weight of a security object of a platform layer, 0.183 may be used as an object index weight of a security object of an application support layer, and 0.103 may be used as an object index weight of a security object of a data analysis layer. Therefore, the objects can be ranked according to the weight of the object index, and the weight values are ranked in the first two bits to serve as target safety objects.
Because each security object corresponds to a group of model elements, the method for determining the target model elements which are most required to be concerned by the security protection of the regional track traffic intelligent service system comprises the following steps: firstly, determining importance degrees of the model elements relative to the safe object respectively; and comparing the importance of the model elements corresponding to any safety object with the importance of the model elements corresponding to other safety objects respectively, and recording a comparison result through a second result matrix. Because the requirements of different safety objects on different model elements are different, the importance degree of the different model elements on each safety object is different, so that the importance degree of the different model elements on each safety object can be determined according to the different requirements, and then the comparison is performed; the scale to which the importance is assigned is determined based on the difference or quotient of the importance levels. It will be appreciated that since 5 security objects are included, the resulting second result matrix is also five. Illustratively, the five second result matrices are as follows:
and when the element index weight of each model element corresponding to the safety object is determined according to the second result matrix, normalizing the matrix according to rows to obtain:
W1=[0.120 0.186 0.352 0.246 0.096]T
W2=[0.064 0.260 0.130 0.186 0.372]T
W3=[0.084 0.172 0.172 0.172 0.352]T
W4=[0.079 0.158 0.404 0.246 0.120]T
W5=[0.100 0.447 0.227 0.186 0·079]T
optionally, for each normalized matrix, an element represents an element index weight of each model element under a certain security object.
Illustratively, table 2 gives the weight values of the different security object and model element indicators.
TABLE 2
Determining the weighting weight corresponding to the model element according to the object index weight of the safety object and the element index weight of each model element corresponding to the safety object, namely, for one model element, carrying out weighted summation on the model element index weight of the model element aiming at different safety objects and the object index weight of the safety object to obtain the weighting weight; and determining the target model element according to the weighted weight, for example, taking the target model element with the largest weighted weight or the top N-bit row as the target model element.
Illustratively, referring to table 2, for a perception-layer security object, then detect > response > protection > threat prediction > recovery; for the network layer security object, recovering the > protection > response > detection > threat prediction; for a platform layer security object, then resume > protect = respond = detect > threat prediction; for an application support layer security object, detecting > response > protection > restoration > threat prediction; for the data analysis layer security object, then protection > detection > response > threat prediction > recovery.
Based on the data and the sequence, the security protection of the regional track traffic intelligent service system is the security of the security objects of the perception layer and the security objects of the platform layer which are most important; the most important in the information security model is to detect and respond to two model elements.
S103, according to the target security object and the target model element, adjusting a security policy corresponding to the information security model so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
After determining the target security object and the target model element that need to be focused most through steps S101-S102, the security policy corresponding to the information security model is adjusted, for example, the security policy related to the target security object and the target model element is adjusted, for example, a security rule is newly added, or a triggering condition of the security policy is modified, and so on.
In the embodiment, the security objects and the model elements which are most required to be focused in different periods can be determined, and further, the security protection of the regional rail transit intelligent service system can be ensured to be more reliable and more accurate through targeted adjustment of the security policy.
Example two
Fig. 2 is a schematic flow chart of a security protection method according to an embodiment of the present invention. Referring to fig. 2, the flow of the safety protection method is as follows:
S201, constructing a security hierarchical structure of the regional rail transit intelligent service system.
The first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object.
According to the security hierarchy, the process of determining the target security object and the target model element that most need to be focused on by the security protection of the regional rail transit intelligent service system can be seen in steps S202-S207.
S202, importance degrees of the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object relative to the regional track traffic intelligent service system are respectively determined.
S203, the importance degrees corresponding to the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object are compared in pairs, and the comparison result is recorded through a first result matrix.
In this embodiment, after the first result matrix is obtained, consistency verification may be performed on the first result matrix, and only after the consistency verification is passed, a subsequent step may be performed, so as to ensure accuracy of the target security object and the target model element that are determined subsequently. The process of consistency verification is as follows: firstly, carrying out normalization processing on the first result matrix to obtain a first normalization matrix; multiplying the first result matrix with the first normalization matrix, and determining a matrix characteristic value according to the multiplication result; illustratively, the process of multiplying the first result matrix a with the first normalized matrix W is as follows:
The matrix eigenvalue λ max can be determined according to the following formula: /(I)
Determining a matrix consistency ratio according to the matrix eigenvalue lambda max, the order n of the first result matrix and an average random consistency index (which can be calculated for a plurality of times in advance); determining whether the first result matrix meets consistency requirements according to the matrix consistency proportion; illustratively, if the matrix uniformity ratio is less than the preset threshold, then the uniformity requirement is deemed satisfied and the step of S204 may be performed.
S204, determining object index weights of all the safety objects according to the first result matrix, and determining the target safety objects according to the object index weights.
S205, determining importance degrees of the model elements relative to the safe object respectively; and comparing the importance of the model elements corresponding to any safety object with the importance of the model elements corresponding to other safety objects respectively, and recording a comparison result through a second result matrix.
In this embodiment, after the second result matrix is obtained, normalization processing may be performed on the second result matrix to obtain a second normalized matrix; multiplying the second result matrix with the second normalization matrix, and determining a matrix characteristic value according to the multiplication result; determining a matrix consistency ratio according to the matrix eigenvalue, the order of the second result matrix and the average random consistency index; and determining whether the second result matrix meets the consistency requirement according to the matrix consistency proportion. The subsequent steps are only performed on the basis of meeting the consistency requirements.
S206, determining the element index weight of each model element corresponding to the safety object according to the second result matrix.
S207, determining the weighting weight corresponding to the model element according to the object index weight of the safe object and the element index weight of each model element corresponding to the safe object; and determining target model elements according to the weighting weights.
S208, according to the target security object and the target model element, adjusting a security policy corresponding to the information security model so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
In the scheme of the embodiment, after the first result matrix and the second result matrix are obtained, matrix consistency verification is performed, and subsequent steps can be performed only after the first result matrix and the second result matrix pass through the matrix consistency verification, so that the accuracy of the selected target safety object and the target model element can be ensured, and further targeted safety protection is ensured.
Example III
Fig. 3 is a schematic structural diagram of a safety protection device according to an embodiment of the present invention, where the embodiment is applicable to a scenario of safety protection of an intelligent service system for regional rail transit. As shown in fig. 3, the apparatus specifically includes:
The hierarchy dividing module 301 is configured to construct a security hierarchy of the regional rail transit intelligent service system; the first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object;
the screening module 302 is configured to determine, according to the security hierarchy, a target security object and a target model element that most need to be focused on by security protection of the regional rail transit intelligent service system;
And the protection module 303 is configured to adjust a security policy corresponding to the information security model according to the target security object and the target model element, so as to perform security protection on the regional rail transit intelligent service system based on the adjusted security policy.
In an alternative implementation, the method further includes:
The safety framework determining module is used for determining the safety framework of the regional rail transit intelligent service system; the security architecture comprises a cloud security management center deployed with an information security model and security objects to be protected, wherein the security objects comprise a perception layer security object, a network layer security object, a platform layer security object, an application support layer security object and a data analysis layer security object.
In an alternative implementation, the hierarchical partitioning module is further configured to:
And constructing a security hierarchy of the regional rail transit intelligent service system according to the security architecture of the regional rail transit intelligent service system.
In an alternative implementation, the screening module is further configured to:
Determining importance degrees of the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object relative to the regional rail transit intelligent service system respectively;
the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object are compared in pairs according to the importance degrees corresponding to the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object, and comparison results are recorded through a first result matrix;
and determining object index weights of all the safety objects according to the first result matrix, and determining the target safety objects according to the object index weights.
When the method is realized, the importance degree of each security object can be quantitatively measured according to the probability of the security object causing the security fault of the system and the fault recovery time; for example, the greater the probability that a security object will cause a security failure in a system, the greater the importance of the security object relative to the system; the longer the fault recovery time of a security fault caused by a security object, the more important the security object. Thus, when the two security objects are compared in pairs, the difference value or quotient of the importance degrees of the two security objects can be determined to determine the importance degree. Optionally, each scale corresponds to a difference value interval or a quotient value interval of importance degree, so that the scale corresponding to the comparison result can be determined according to the difference value or the quotient value interval determined by comparing every two.
In an alternative implementation, each security object corresponds to a respective set of model elements;
the screening module is also used for:
Determining the importance degree of the model elements relative to the safety object respectively;
for any safety object, respectively comparing the importance of the model element corresponding to the safety object with the model elements corresponding to other safety objects, and recording a comparison result through a second result matrix;
determining element index weights of the model elements corresponding to the safety object according to the second result matrix;
Determining the weighting weight corresponding to the model element according to the object index weight of the safety object and the element index weight of each model element corresponding to the safety object;
And determining target model elements according to the weighting weights.
In an alternative implementation, the method further includes a first verification module configured to:
normalizing the first result matrix to obtain a first normalized matrix;
Multiplying the first result matrix with the first normalization matrix, and determining a matrix characteristic value according to the multiplication result;
Determining a matrix consistency ratio according to the matrix eigenvalue, the order of the first result matrix and an average random consistency index;
and determining whether the first result matrix meets the consistency requirement according to the matrix consistency proportion.
In an alternative implementation, the method further includes a second verification module configured to:
normalizing the second result matrix to obtain a second normalized matrix;
multiplying the second result matrix with the second normalization matrix, and determining a matrix characteristic value according to the multiplication result;
Determining a matrix consistency ratio according to the matrix eigenvalue, the order of the second result matrix and the average random consistency index;
and determining whether the second result matrix meets the consistency requirement according to the matrix consistency proportion.
The safety protection device provided by the embodiment of the invention can execute the safety protection method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 4 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as performing a security method.
In some embodiments, the security protection method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM12 and/or the communication unit 19. One or more of the steps of the security protection method described above may be performed when the computer program is loaded into RAM13 and executed by processor 11. Alternatively, in other embodiments, processor 11 may be configured to perform the security protection method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above can be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable security device such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for safeguarding an intelligent service system for regional rail transit, comprising:
Constructing a security hierarchy of the regional rail transit intelligent service system; the first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object;
According to the security hierarchy, determining a target security object and a target model element which are most required to be focused on by security protection of the regional rail transit intelligent service system;
and adjusting the security policy corresponding to the information security model according to the target security object and the target model element so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
2. The method as recited in claim 1, further comprising:
Determining a safety architecture of the regional rail transit intelligent service system; the security architecture comprises a cloud security management center deployed with an information security model and security objects to be protected, wherein the security objects comprise a perception layer security object, a network layer security object, a platform layer security object, an application support layer security object and a data analysis layer security object.
3. The method of claim 2, wherein constructing the security hierarchy of the regional rail transit intelligent service system comprises:
And constructing a security hierarchy of the regional rail transit intelligent service system according to the security architecture of the regional rail transit intelligent service system.
4. The method of claim 2, wherein determining a target security object that most requires attention for security protection of the regional rail transit intelligent service system comprises:
Determining importance degrees of the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object relative to the regional rail transit intelligent service system respectively;
the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object are compared in pairs according to the importance degrees corresponding to the perception layer security object, the network layer security object, the platform layer security object, the application support layer security object and the data analysis layer security object, and comparison results are recorded through a first result matrix;
and determining object index weights of all the safety objects according to the first result matrix, and determining the target safety objects according to the object index weights.
5. The method of claim 4, wherein each secure object corresponds to a respective set of model elements;
The method for determining the target model element which most needs to be focused on by the safety protection of the regional track traffic intelligent service system comprises the following steps:
Determining the importance degree of the model elements relative to the safety object respectively;
for any safety object, respectively comparing the importance of the model element corresponding to the safety object with the model elements corresponding to other safety objects, and recording a comparison result through a second result matrix;
determining element index weights of the model elements corresponding to the safety object according to the second result matrix;
Determining the weighting weight corresponding to the model element according to the object index weight of the safety object and the element index weight of each model element corresponding to the safety object;
And determining target model elements according to the weighting weights.
6. The method as recited in claim 4, further comprising:
normalizing the first result matrix to obtain a first normalized matrix;
Multiplying the first result matrix with the first normalization matrix, and determining a matrix characteristic value according to the multiplication result;
Determining a matrix consistency ratio according to the matrix eigenvalue, the order of the first result matrix and an average random consistency index;
and determining whether the first result matrix meets the consistency requirement according to the matrix consistency proportion.
7. The method as recited in claim 5, further comprising:
normalizing the second result matrix to obtain a second normalized matrix;
multiplying the second result matrix with the second normalization matrix, and determining a matrix characteristic value according to the multiplication result;
Determining a matrix consistency ratio according to the matrix eigenvalue, the order of the second result matrix and the average random consistency index;
and determining whether the second result matrix meets the consistency requirement according to the matrix consistency proportion.
8. A safety device for an intelligent service system for regional rail transit, comprising:
The hierarchical division module is used for constructing a safety hierarchical structure of the regional rail transit intelligent service system; the first layer of the security hierarchy structure is an area rail transit intelligent service system needing security protection, the second layer is a security object needing security protection in the area rail transit intelligent service system, the third layer is a model element forming an information security model, and the information security model is used for detecting threat existing in the security object and protecting the security object;
The screening module is used for determining a target security object and a target model element which are most required to be focused on by the security protection of the regional rail transit intelligent service system according to the security hierarchical structure;
And the protection module is used for adjusting the security policy corresponding to the information security model according to the target security object and the target model element so as to carry out security protection on the regional rail transit intelligent service system based on the adjusted security policy.
9. An electronic device, comprising:
at least one processor; and
A memory communicatively coupled to the at least one processor; wherein,
The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A computer readable storage medium storing computer instructions for causing a processor to perform the method of any one of claims 1-7.
CN202410300325.5A 2024-03-15 2024-03-15 Security protection method and device, electronic equipment and storage medium Pending CN118075007A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410300325.5A CN118075007A (en) 2024-03-15 2024-03-15 Security protection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410300325.5A CN118075007A (en) 2024-03-15 2024-03-15 Security protection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118075007A true CN118075007A (en) 2024-05-24

Family

ID=91103777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410300325.5A Pending CN118075007A (en) 2024-03-15 2024-03-15 Security protection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118075007A (en)

Similar Documents

Publication Publication Date Title
CN114584405B (en) Electric power terminal safety protection method and system
CN107204876B (en) Network security risk assessment method
KR100838799B1 (en) System and operating method of detecting hacking happening for complementary security management system
EP3789896B1 (en) Method and system for managing security vulnerability in host system using artificial neural network
CN113839935B (en) Network situation awareness method, device and system
CN112926048B (en) Abnormal information detection method and device
CN117879970B (en) Network security protection method and system
KR101113615B1 (en) Total analysis system of network risk and method thereof
Uemura et al. Availability analysis of an intrusion tolerant distributed server system with preventive maintenance
CN117750467B (en) Zero-trust safe and reliable access method for 5G dual-domain private network
CN109992963A (en) The protecting information safety method and system of a kind of electric power terminal and its embedded system
KR102592868B1 (en) Methods and electronic devices for analyzing cybersecurity threats to organizations
CN108429746B (en) Privacy data protection method and system for cloud tenants
CN116628705A (en) Data security processing method, system, electronic equipment and storage medium
CN116094817A (en) Network security detection system and method
CN116032629A (en) Classification treatment method, system electronic equipment and storage medium for alarm traffic
CN113691498B (en) Electric power internet of things terminal safety state evaluation method and device and storage medium
CN114625074A (en) Safety protection system and method for DCS (distributed control System) of thermal power generating unit
CN115632884B (en) Network security situation perception method and system based on event analysis
CN117273460A (en) Grade protection security assessment method, system, terminal equipment and storage medium
US20230156019A1 (en) Method and system for scoring severity of cyber attacks
CN118075007A (en) Security protection method and device, electronic equipment and storage medium
Dohi et al. An adaptive mode control algorithm of a scalable intrusion tolerant architecture
CN115622790A (en) Cloud service safety protection method
Schneidewind Metrics for mitigating cybersecurity threats to networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination