CN110445801B - Situation sensing method and system of Internet of things - Google Patents
Situation sensing method and system of Internet of things Download PDFInfo
- Publication number
- CN110445801B CN110445801B CN201910757483.2A CN201910757483A CN110445801B CN 110445801 B CN110445801 B CN 110445801B CN 201910757483 A CN201910757483 A CN 201910757483A CN 110445801 B CN110445801 B CN 110445801B
- Authority
- CN
- China
- Prior art keywords
- situation
- single key
- data
- information
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a situation awareness method and a situation awareness system for the Internet of things, which collect data of different information sources, preprocessing to obtain data stream with uniform format, extracting high-frequency project group elements from the data stream, generating high-frequency association rule, sending into situation evaluation for evaluation and quantification, the situation values of single equipment and a local network are obtained through fusion with different evaluation systems and fuzzy processing of data elements, the situation value of the whole system is obtained by combining the framework composition of the whole network, the situation values of different levels are led into a neural network model for prediction, the prediction result is displayed in a visualized manner, the whole Internet of things system and each single equipment are fully evaluated, and may be associated with each device, each tier based on the given situational value, therefore, the future system can be scientifically predicted, and valuable reference suggestions are provided for users.
Description
Technical Field
The application relates to the technical field of network security, in particular to a situation awareness method and system of the Internet of things.
Background
The existing situation perception technology adopts simple situation understanding, so that a safety situation assessment result of the whole system can be obtained, a situation assessment report cannot be quantitatively given, the safety situation can not be predicted based on the situation assessment result, and the utilization value of the situation perception technology is very limited. Especially in the internet of things system, the included devices are various, each device relates to various different services, and each service can also encounter different attacks.
The situation assessment of the Internet of things not only fully assesses the whole Internet of things system and each single device in an algorithm, but also can establish association with each device and each layer based on given situation values, so that future systems can be scientifically predicted, and valuable reference suggestions are provided for users. This is the technical problem to be solved by the present invention.
Disclosure of Invention
The invention aims to provide a situation awareness method and system of an Internet of things, which are used for acquiring data of different information sources, preprocessing the data to obtain a data stream with a uniform format, extracting high-frequency project group elements from the data stream, generating a high-frequency association rule, sending the high-frequency association rule into situation assessment to evaluate and quantify, fusing different assessment systems and fuzzily processing the data elements to obtain situation values of single equipment and a local network, combining the framework composition of the whole network to obtain the situation values of the whole system, importing the situation values of different layers into a neural network model to predict, and finally visually displaying a prediction result.
In a first aspect, the present application provides a situational awareness method for an internet of things, the method including:
collecting running state data of sensors, information platforms and detection equipment from different sources;
after receiving the collected data, clearing redundant information in the data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields, and combining the fields into a data stream;
extracting elements from the merged data stream, finding information of behavior action, access object, source address and instantaneous flow included in the elements, discovering high-frequency project group, generating high-frequency association rule according to the information corresponding to the high-frequency project group, increasing the corresponding weight of the high-frequency project group, and forming a frequent pattern tree structure;
according to the frequent pattern tree structure, inquiring the asset situation information adjacent and close to the address, inquiring the asset situation information of the same layer to which the access object belongs, and inquiring the asset situation information with similar flow speed and flow total;
judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHostThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
respectively importing the security situation values of a single key device, a local network and the whole network into a neural network model, and obtaining the prediction about the source and the attack range of an attacker in a future period of time through deduction of the neural network model;
and visually displaying the security situation values of the single key equipment, the local network and the whole network, the source of the attacker and the prediction result of the attack range.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the extracting elements from the merged data stream includes: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the removing redundant information in the data, converting the data format into a uniform format according to the type of the source, and performing parallel computing processing based on a Map Reduce internet of things.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the fuzzy processing calculation is based on a method that combines a D-S theory and a fuzzy set, and calculates a probability that an attack is supported.
In a second aspect, the present application provides a situational awareness system for the internet of things, the system comprising:
the acquisition unit is used for acquiring running state data of the sensors, the information platform and the detection equipment from different sources;
the preprocessing unit is used for clearing redundant information in the data after receiving the acquired data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields and combining the fields into a data stream;
the situation understanding unit is used for extracting elements from the merged data stream, finding information of behavior actions, access objects, source addresses and instantaneous flow included in the elements, discovering high-frequency project groups from the information, generating high-frequency association rules according to the information corresponding to the high-frequency project groups, increasing the corresponding weights of the high-frequency project groups and forming a frequent pattern tree structure;
the situation evaluation unit is used for inquiring the asset situation information with adjacent and similar addresses, inquiring the asset situation information of the same layer to which the access object belongs and inquiring the asset situation information with similar flow speed and flow total amount according to the frequent mode tree structure; judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHostThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
the situation prediction unit is used for respectively importing the security situation values of the single key device, the local network and the whole network into the neural network model, and obtaining the prediction about the source and the attack range of the attacker in a future period of time through deduction of the neural network model;
and the situation display unit is used for visually displaying the security situation values of the single key device, the local network and the whole network, the source of the attacker and the prediction result of the attack range.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the extracting, by the situation understanding unit, elements from the merged data stream includes: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
With reference to the second aspect, in a second possible implementation manner of the second aspect, the preprocessing unit removes redundant information in the data, converts the data format into a uniform format according to the type of the source, and performs parallel computing processing based on the Map Reduce internet of things.
With reference to the second aspect, in a third possible implementation manner of the second aspect, the situation assessment unit calculates the probability of attack occurrence support based on a method that combines a D-S theory and a fuzzy set.
The invention provides a situation awareness method and a situation awareness system for the Internet of things, which collect data of different information sources, preprocessing to obtain data stream with uniform format, extracting high-frequency project group elements from the data stream, generating high-frequency association rule, sending into situation evaluation for evaluation and quantification, the situation values of single equipment and a local network are obtained through fusion with different evaluation systems and fuzzy processing of data elements, the situation value of the whole system is obtained by combining the framework composition of the whole network, the situation values of different levels are led into a neural network model for prediction, the prediction result is displayed in a visualized manner, the whole Internet of things system and each single equipment are fully evaluated, and may be associated with each device, each tier based on the given situational value, therefore, the future system can be scientifically predicted, and valuable reference suggestions are provided for users.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a situational awareness method of the Internet of things of the present invention;
fig. 2 is an architecture diagram of the situational awareness system of the internet of things of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art, and the scope of the present invention will be more clearly and clearly defined.
Fig. 1 is a flowchart of a situational awareness method for an internet of things provided by the present application, where the method includes:
collecting running state data of sensors, information platforms and detection equipment from different sources;
after receiving the collected data, clearing redundant information in the data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields, and combining the fields into a data stream;
extracting elements from the merged data stream, finding information of behavior action, access object, source address and instantaneous flow included in the elements, discovering high-frequency project group, generating high-frequency association rule according to the information corresponding to the high-frequency project group, increasing the corresponding weight of the high-frequency project group, and forming a frequent pattern tree structure;
according to the frequent pattern tree structure, inquiring the asset situation information adjacent and close to the address, inquiring the asset situation information of the same layer to which the access object belongs, and inquiring the asset situation information with similar flow speed and flow total;
judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHosThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
respectively importing the security situation values of a single key device, a local network and the whole network into a neural network model, and obtaining the prediction about the source and the attack range of an attacker in a future period of time through deduction of the neural network model;
and visually displaying the security situation values of the single key equipment, the local network and the whole network, the source of the attacker and the prediction result of the attack range.
In some preferred embodiments, said extracting elements from the merged data stream comprises: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
In some preferred embodiments, the removing of redundant information in the data, converting the data format into a uniform format according to the type of the source, is based on Map Reduce internet of things parallel computing processing.
In some preferred embodiments, the fuzzy processing calculation is based on a method of combining D-S theory and fuzzy sets, and the probability of attack occurrence support is calculated.
Fig. 2 is an architecture diagram of a situational awareness system of the internet of things provided in the present application, the system including:
the acquisition unit is used for acquiring running state data of the sensors, the information platform and the detection equipment from different sources;
the preprocessing unit is used for clearing redundant information in the data after receiving the acquired data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields and combining the fields into a data stream;
the situation understanding unit is used for extracting elements from the merged data stream, finding information of behavior actions, access objects, source addresses and instantaneous flow included in the elements, discovering high-frequency project groups from the information, generating high-frequency association rules according to the information corresponding to the high-frequency project groups, increasing the corresponding weights of the high-frequency project groups and forming a frequent pattern tree structure;
the situation evaluation unit is used for inquiring the asset situation information with adjacent and similar addresses, inquiring the asset situation information of the same layer to which the access object belongs and inquiring the asset situation information with similar flow speed and flow total amount according to the frequent mode tree structure; judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHostThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
the situation prediction unit is used for respectively importing the security situation values of the single key device, the local network and the whole network into the neural network model, and obtaining the prediction about the source and the attack range of the attacker in a future period of time through deduction of the neural network model;
and the situation display unit is used for visually displaying the security situation values of the single key device, the local network and the whole network, the source of the attacker and the prediction result of the attack range.
In some preferred embodiments, the situation understanding unit extracts elements from the merged data stream, including: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
In some preferred embodiments, the preprocessing unit removes redundant information in the data, converts the data format into a uniform format according to the type of the source, and processes the data based on the Map Reduce internet of things parallel computing.
In some preferred embodiments, the situation assessment unit calculates the probability of attack occurrence support based on a method of combining D-S theory and fuzzy sets.
In specific implementation, the present invention further provides a computer storage medium, where the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments of the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The same and similar parts in the various embodiments of the present specification may be referred to each other. In particular, for the embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the description in the method embodiments.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention.
Claims (6)
1. A situation awareness method for the Internet of things is characterized by comprising the following steps:
collecting running state data of sensors, information platforms and detection equipment from different sources;
after receiving the collected data, clearing redundant information in the data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields, and combining the fields into a data stream;
extracting elements from the merged data stream, finding information of behavior action, access object, source address and instantaneous flow included in the elements, discovering high-frequency project group, generating high-frequency association rule according to the information corresponding to the high-frequency project group, increasing the corresponding weight of the high-frequency project group, and forming a frequent pattern tree structure;
according to the frequent pattern tree structure, inquiring the asset situation information adjacent and close to the address, inquiring the asset situation information of the same layer to which the access object belongs, and inquiring the asset situation information with similar flow speed and flow total;
judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHostThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
respectively importing the security situation values of a single key device, a local network and the whole network into a neural network model, and obtaining the prediction about the source and the attack range of an attacker in a future period of time through deduction of the neural network model;
visually displaying the security situation values of a single key device, a local network and the whole network, the source of an attacker and the prediction result of the attack range;
the extracting elements from the merged data stream includes: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
2. The method according to claim 1, wherein the removing of redundant information in the data, the converting of the data format into a unified format according to the type of the source, is based on a Map Reduce internet of things parallel computing process.
3. The method of claim 2, wherein the fuzzy processing calculation is based on a method of combining D-S theory and fuzzy sets, and calculates the probability of attack support.
4. A situational awareness system for the Internet of things, the system comprising:
the acquisition unit is used for acquiring running state data of the sensors, the information platform and the detection equipment from different sources;
the preprocessing unit is used for clearing redundant information in the data after receiving the acquired data, converting the data format into a uniform format according to the type of a source, dividing the uniform format into corresponding fields and combining the fields into a data stream;
the situation understanding unit is used for extracting elements from the merged data stream, finding information of behavior actions, access objects, source addresses and instantaneous flow included in the elements, discovering high-frequency project groups from the information, generating high-frequency association rules according to the information corresponding to the high-frequency project groups, increasing the corresponding weights of the high-frequency project groups and forming a frequent pattern tree structure;
the situation evaluation unit is used for inquiring the asset situation information with adjacent and similar addresses, inquiring the asset situation information of the same layer to which the access object belongs and inquiring the asset situation information with similar flow speed and flow total amount according to the frequent mode tree structure; judging whether a single key device has a security vulnerability identical to the adjacent similar assets of the address, judging whether a concurrent thread, a bandwidth, a network topology and an access frequency of the single key device have an alarm identical to the assets of the same layer, judging whether the inflow increase rate, the distribution proportion of different protocol data packets and the distribution proportion of different size data packets of the single key device have the same change identical to the assets similar to the flow speed and the flow total amount, and calculating the security situation value of the single key device;
and the safety situation value calculation considers the weight Vs of the equipment H, the services in all the services opened by the equipment, the safety situation value Rservice of the service used by the equipment, the defense strength DF on the equipment and the time t in the Internet of things to obtain the safety situation value of a single key equipment in the Internet of things
When R isHostThe larger the value of (A), the larger the threat degree of the equipment H is, and the defense strategy needs to be adjusted in time;
a plurality of adjacent single key devices or a plurality of single key devices with service interaction form a local network, and the security situation value of the local network is calculated by introducing fuzzy processing according to the service priority by the security loophole, concurrent thread, bandwidth, network topology, access frequency, inflow increase rate, different protocol data packet distribution proportion and different size data packet distribution proportion corresponding to each key device in the local network;
according to the topological relations of the local networks, carrying out fuzzy processing to calculate the security situation value of the whole network;
the situation prediction unit is used for respectively importing the security situation values of the single key device, the local network and the whole network into the neural network model, and obtaining the prediction about the source and the attack range of the attacker in a future period of time through deduction of the neural network model;
the situation display unit is used for visually displaying the security situation values of the single key device, the local network and the whole network, the source of the attacker and the prediction result of the attack range;
the situation understanding unit extracts elements from the merged data stream, including: and extracting element information from corresponding fields of the data stream according to an evaluation model, an association rule and an index library of the past historical data.
5. The system of claim 4, wherein the preprocessing unit removes redundant information from the data, converts the data format to a uniform format according to the type of source, and is based on a Map Reduce internet of things parallel computing process.
6. The system according to claim 5, wherein the situation assessment unit fuzzy processing calculation is based on a method of combining D-S theory and fuzzy set, and calculates the probability of attack occurrence support.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910757483.2A CN110445801B (en) | 2019-08-16 | 2019-08-16 | Situation sensing method and system of Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910757483.2A CN110445801B (en) | 2019-08-16 | 2019-08-16 | Situation sensing method and system of Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110445801A CN110445801A (en) | 2019-11-12 |
CN110445801B true CN110445801B (en) | 2022-04-12 |
Family
ID=68435915
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910757483.2A Active CN110445801B (en) | 2019-08-16 | 2019-08-16 | Situation sensing method and system of Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110445801B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112995115B (en) * | 2019-12-17 | 2023-04-25 | 中国移动通信集团河南有限公司 | Internet of things security situation sensing method and device |
CN111586046B (en) * | 2020-05-08 | 2021-02-09 | 武汉思普崚技术有限公司 | Network traffic analysis method and system combining threat intelligence and machine learning |
CN111866027B (en) * | 2020-08-10 | 2021-05-25 | 武汉思普崚技术有限公司 | Asset safety assessment method and system based on intelligence analysis |
CN112270362A (en) * | 2020-11-02 | 2021-01-26 | 山东万里红信息技术有限公司 | Internet of things health big data situation sensing method |
CN113709114A (en) * | 2021-08-05 | 2021-11-26 | 浪潮云信息技术股份公司 | Edge node safety monitoring method under edge computing scene |
CN115664697B (en) * | 2022-09-01 | 2023-06-13 | 国网河南省电力公司信息通信公司 | Multistage cascade Internet of things situation awareness system |
CN117768247B (en) * | 2024-02-22 | 2024-05-14 | 广东电网有限责任公司中山供电局 | Security detection method and device for market transaction Internet of things data and electronic equipment |
CN118316739B (en) * | 2024-06-11 | 2024-08-20 | 长春工程学院 | Internet of things security situation monitoring method and system based on big data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102263410A (en) * | 2010-05-31 | 2011-11-30 | 河南省电力公司 | Security risk assessment model, assessment method and assessment parameter determining method |
CN102624696A (en) * | 2011-12-27 | 2012-08-01 | 中国航天科工集团第二研究院七〇六所 | Network security situation evaluation method |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
WO2016172514A1 (en) * | 2015-04-24 | 2016-10-27 | Siemens Aktiengesellschaft | Improving control system resilience by highly coupling security functions with control |
CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404400B (en) * | 2017-07-20 | 2020-05-19 | 中国电子科技集团公司第二十九研究所 | Network situation awareness implementation method and device |
CN108494810B (en) * | 2018-06-11 | 2021-01-26 | 中国人民解放军战略支援部队信息工程大学 | Attack-oriented network security situation prediction method, device and system |
-
2019
- 2019-08-16 CN CN201910757483.2A patent/CN110445801B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102263410A (en) * | 2010-05-31 | 2011-11-30 | 河南省电力公司 | Security risk assessment model, assessment method and assessment parameter determining method |
CN102624696A (en) * | 2011-12-27 | 2012-08-01 | 中国航天科工集团第二研究院七〇六所 | Network security situation evaluation method |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
WO2016172514A1 (en) * | 2015-04-24 | 2016-10-27 | Siemens Aktiengesellschaft | Improving control system resilience by highly coupling security functions with control |
CN108769048A (en) * | 2018-06-08 | 2018-11-06 | 武汉思普崚技术有限公司 | A kind of secure visualization and Situation Awareness plateform system |
Non-Patent Citations (1)
Title |
---|
基于RAN-RBF神经网络的网络安全态势预测模型;甘文道等;《计算机科学》;20161115;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN110445801A (en) | 2019-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110445801B (en) | Situation sensing method and system of Internet of things | |
US12047396B2 (en) | System and method for monitoring security attack chains | |
CN110460608B (en) | Situation awareness method and system including correlation analysis | |
CN110474904B (en) | Situation awareness method and system for improving prediction | |
CN111586046B (en) | Network traffic analysis method and system combining threat intelligence and machine learning | |
CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
CN110493043B (en) | Distributed situation awareness calling method and device | |
CN107623697B (en) | Network security situation assessment method based on attack and defense random game model | |
CN111786950B (en) | Network security monitoring method, device, equipment and medium based on situation awareness | |
CN111614690A (en) | Abnormal behavior detection method and device | |
CN112600800A (en) | Network risk assessment method based on map | |
Hostiadi et al. | Hybrid model for bot group activity detection using similarity and correlation approaches based on network traffic flows analysis | |
CN114629674A (en) | Attention mechanism-based industrial control network security risk assessment method | |
CN110493217B (en) | Distributed situation perception method and system | |
CN110493044B (en) | Quantifiable situation perception method and system | |
CN110471975B (en) | Internet of things situation awareness calling method and device | |
CN109313541A (en) | For showing and the user interface of comparison attacks telemetering resource | |
CN110493218B (en) | Situation awareness virtualization method and device | |
CN109871711B (en) | Ocean big data sharing and distributing risk control model and method | |
Su et al. | Detection ddos of attacks based on federated learning with digital twin network | |
CN107231383A (en) | The detection method and device of CC attacks | |
CN110460472B (en) | Weighted quantization situation perception method and system | |
Li et al. | Web application-layer DDOS attack detection based on generalized Jaccard similarity and information entropy | |
CN110474805B (en) | Method and device for situation awareness analysis capable of being called | |
Shanker et al. | Fss-part: Feature grouping subset model for predicting network attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |