CN119128901A - An information security cloud computing platform based on intelligent computing center - Google Patents
An information security cloud computing platform based on intelligent computing center Download PDFInfo
- Publication number
- CN119128901A CN119128901A CN202411118203.0A CN202411118203A CN119128901A CN 119128901 A CN119128901 A CN 119128901A CN 202411118203 A CN202411118203 A CN 202411118203A CN 119128901 A CN119128901 A CN 119128901A
- Authority
- CN
- China
- Prior art keywords
- security
- data
- threat
- module
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of information security, in particular to an information security cloud computing platform based on an intelligent computing center, which comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module performs identity verification and management, the self-adaptive threat detection module automatically analyzes and identifies novel security threats, the data protection and backup module encrypts stored and transmitted data, the virtualization and resource management module manages and monitors the security state of a virtual machine, the edge computing cooperative security module deploys a security agent at an edge node, and the security event management module records the security event of the platform. The invention improves the accuracy and the real-time performance of threat detection and response and ensures the efficient and safe operation of the platform.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an information security cloud computing platform based on an intelligent computing center.
Background
With the rapid development of cloud computing technology, the application of cloud computing platforms in various industries is more and more widespread, however, the information security problem under the cloud computing environment is also increasingly prominent, and becomes an important factor for restricting the further development of cloud computing, the cloud computing platforms generally relate to sensitive data and business operations of a large number of users, once security events occur, huge losses are caused to the users and the platforms, so how to construct an efficient and safe information security cloud computing platform is a problem to be solved in the current cloud computing field.
The existing cloud computing platform has many defects in the aspect of information security, firstly, a user identity authentication and access control mechanism is single and is easy to bypass or attack, unauthorized access and data leakage are caused, secondly, the existing threat detection technology mainly depends on a traditional rule matching and statistical analysis method, is difficult to cope with complex and changeable novel security threats, the detection accuracy and the response speed are insufficient, in addition, the traditional centralized security management mode is easy to cause system bottlenecks, data transmission and processing delay are large, real-time and efficient security detection and response cannot be realized, the prior art lacks effective utilization of distributed security detection and edge calculation, and the overall security and management efficiency are to be improved.
The invention aims to provide an information security cloud computing platform based on an intelligent computing center, which improves the overall security and response efficiency of a system, solves a plurality of defects in the prior art, and remarkably improves the information security management level of the cloud computing platform.
Disclosure of Invention
Based on the above purpose, the invention provides an information security cloud computing platform based on an intelligent computing center.
An information security cloud computing platform based on an intelligent computing center comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module is used for detecting the self-adaptive threat;
the user identity and access control module performs identity verification and management on a user accessing the platform;
The self-adaptive threat detection module automatically analyzes and identifies novel security threats and provides threat detection and response, and the self-adaptive threat detection module specifically comprises:
collecting safety monitoring data in real time, wherein the safety monitoring data comprises network flow, operation logs and user behavior data;
Extracting threat features from the collected safety monitoring data;
threat identification, namely constructing a threat detection model based on the extracted threat features, and identifying and classifying security threats through the threat detection model;
threat response, namely automatically generating a response strategy according to a threat identification result and executing the response strategy;
the data protection and backup module encrypts the stored and transmitted data and periodically backs up the user data;
The virtualization and resource management module is used for managing and monitoring the safety state of the virtual machine, and scheduling and managing the computing resources of the intelligent computing center;
The edge computing cooperative security module deploys a security agent at an edge node, and distributed security detection and response are carried out by utilizing edge computing resources;
the security event management module records and analyzes security events of the platform and provides security logs.
Further, the user identity and access control module includes:
a multi-factor authentication mechanism, which combines the authentication means of using passwords, short message authentication, fingerprint recognition, facial recognition or iris recognition;
role and authority management, namely dynamically distributing access authorities according to roles and authority levels of users;
Real-time monitoring and log recording, namely monitoring the access behavior of a user in real time and recording an access log;
the security policy application, which applies a predefined security policy and dynamically adjusts the access control rule according to the identity and the access behavior of the user;
and (3) identity management and verification, namely periodically verifying and updating the identity information of the user, and carrying out identity verification and authentication management on the user.
Further, the feature extraction includes:
Data preprocessing, namely cleaning, normalizing and dimension reducing the collected safety monitoring data to eliminate noise and redundant information;
Time sequence analysis, namely performing time sequence analysis on network traffic and user behavior data, and calculating traffic characteristics and behavior patterns by using a sliding window technology;
frequency domain analysis, namely performing frequency domain analysis on the operation log, and extracting frequency characteristics by using Fast Fourier Transform (FFT);
the statistical feature extraction, namely calculating basic statistical features of the safety monitoring data, including mean, standard deviation, skewness and kurtosis;
High-dimensional feature mapping-mapping high-dimensional features to low-dimensional space using Principal Component Analysis (PCA).
Further, the threat detection model employs a Convolutional Neural Network (CNN) model, the Convolutional Neural Network (CNN) model comprising:
data preprocessing, namely normalizing and standardizing the collected safety monitoring data;
multi-scale convolution, namely adopting multi-scale convolution kernels (convolution kernels with different sizes) to carry out convolution operation, wherein a calculation formula is as follows:
small scale convolution kernel: ;
large scale convolution kernel: ;
Wherein, AndThe sizes of the small-scale and large-scale convolution kernels respectively,For the convolution kernel weights,In order for the offset to be a function of,Is convolution output;
Attention mechanism, namely introducing an attention mechanism, weighting the output of the convolution layer, and calculating the formula as follows:
;
Wherein, As a score of the importance of a feature,In order for the attention to be weighted,AndThe width and the height of the feature map respectively;
;
Wherein, For the output characteristics of the convolutional layer,Is a weighted feature;
And the pooling layer adopts a strategy of combining maximum pooling and average pooling, and the calculation formula is as follows:
;
;
Wherein, For the purpose of pooling the window size,The output of the maximum pooling and the average pooling respectively;
Flattening the characteristic diagram output by the pooling layer, inputting the characteristic diagram into the full-connection layer for classification, wherein the calculation formula is as follows:
;
Wherein, For the output of the flattened pooling layer,For the full connection layer weight,In order for the offset to be a function of,In order to output the output of the device,Is the activation function (softmax).
Further, the threat response includes:
Threat assessment, namely assessing the severity of the threat according to a threat identification result, determining the threat level, and adopting a calculation formula:
;
Wherein, Is a threat score that is a function of the threat,Is the firstThe weight of the individual features is determined,Is the firstThe values of the individual characteristics are used to determine,Is the feature number;
and selecting a response strategy from a predefined response strategy library based on the threat level, wherein the calculation formula is as follows:
;
Wherein, In order to select a response strategy to be used,In response to the set of policies,To select policies under a given threat scoreProbability of (2);
generating a strategy, namely generating response operation including blocking, isolating, alarming and logging according to the selected response strategy;
Policy enforcement-the execution of generated response operations by the automation script and security tool.
Further, the virtualization and resource management module includes:
The virtual machine safety monitoring, namely monitoring the running state, the network flow and the operation log of the virtual machine in real time through an integrated safety agent, detecting abnormal behaviors and potential threats, wherein the calculation formula is as follows:
;
Wherein, To score the security of the virtual machine,Is the firstThe weight of the individual monitored parameters is determined,Is the firstThe values of the individual monitoring parameters are used,To monitor the number of parameters;
the resource utilization monitoring comprises the steps of monitoring the resource utilization conditions of the virtual machine and the physical host in real time, wherein the resource utilization conditions comprise CPU utilization rate, memory utilization amount, storage utilization rate and network bandwidth utilization condition, and the calculation formula is as follows:
;
Wherein, In order to have used the amount of resources,Is the total resource amount;
Dynamic resource scheduling, namely dynamically adjusting the resource allocation and scheduling strategy of the virtual machine according to the real-time resource utilization monitoring result;
the security policy application, which is to automatically apply or adjust the security policy according to the security monitoring result of the virtual machine, including network isolation, access control and patch management;
and the automation management tool is used for executing configuration, migration and backup operation of the virtual machine.
Further, the edge computing cooperative security module includes:
Edge security agent deployment, namely deploying lightweight security agents on each edge node, and taking charge of local data acquisition and preliminary analysis;
Distributed data processing, namely performing distributed processing on locally acquired data by utilizing computing resources of edge nodes;
performing real-time security detection including intrusion detection, abnormal behavior analysis and malicious activity recognition through a security agent of the edge node;
And the cooperative response is that the edge node independently or cooperatively executes a safety response strategy according to the safety detection result, wherein the safety response strategy comprises blocking suspicious traffic, isolating infected equipment and sending an alarm to a central server.
Further, the edge security proxy deployment includes:
the lightweight security agent deployment, namely deploying the lightweight security agent on each edge node, wherein the lightweight security agent runs on the edge equipment and monitors network traffic, operation logs and user behavior data, and the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstData points;
preliminary data analysis, namely, carrying out preliminary analysis on the collected data by a lightweight security agent, and identifying abnormal behaviors and potential threats based on an abnormality detection algorithm of statistical analysis, wherein the method specifically comprises the following steps of:
;
;
Wherein, As a mean value of the data set,Is the standard deviation of the two-dimensional image,Is the firstA data point is provided for each of the data points,Number of data points;
;
Wherein, Is the firstAbnormal scores for data points;
If it is Then considerIs abnormal data;
and (3) edge data aggregation, namely aggregating and transmitting the result of the primary data analysis to a central server for analysis and response, wherein the calculation formula is as follows:
;
Wherein, For the aggregate anomaly score sum of the edge nodes,Is the number of outlier data points.
Further, the distributed data processing includes:
dividing a locally acquired data set into a plurality of data blocks, wherein the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstA data point is provided for each of the data points,Is the firstThe number of data blocks in a block of data,The number of the fragments;
parallel processing, namely parallel processing is carried out on the divided data blocks by utilizing the computing resources of the edge nodes, wherein the computing formula is as follows:
;
Wherein, Is the firstThe result of the processing of the individual data blocks,In order to process the function,Is the firstA number of data blocks;
and (3) aggregating the processing results of the data blocks to form an integral processing result, wherein the calculation formula is as follows:
;
Wherein, As a result of the overall processing,Is the firstThe result of the processing of the individual data blocks,Is the number of slices.
Further, the security detection includes:
Intrusion detection, namely identifying intrusion behaviors by analyzing network flow and operation logs, wherein a calculation formula is as follows:
;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,For the data to be normalized,Is a known intrusion signature pattern;
abnormal behavior analysis, namely identifying abnormal behaviors and potential threats by analyzing user behavior data and based on an abnormal detection algorithm of statistical analysis;
malicious activity recognition by analyzing the oplogs and network traffic, malicious activity is recognized using a naive bayes classifier.
The invention has the beneficial effects that:
The invention constructs a comprehensive, intelligent and efficient information security management system by integrating the user identity and access control module, the self-adaptive threat detection module, the data protection and backup module, the virtualization and resource management module, the edge computing cooperative security module and the security event management module.
The invention can carry out multi-factor authentication, role and authority management, real-time monitoring and log recording and dynamic adjustment of security policy on the user through the cooperative work of the user identity, the access control module and the self-adaptive threat detection module, effectively prevents unauthorized access and data leakage, and simultaneously, the self-adaptive threat detection module utilizes advanced convolutional neural network model and improved algorithm through the steps of data collection, feature extraction, threat identification, threat response and the like, thereby improving the identification capability and detection accuracy of complex threat features, enhancing the attention of important features and providing a rapid and accurate threat coping policy.
According to the invention, the lightweight security agent is deployed at each edge node, the edge computing resources are utilized to perform distributed data processing and real-time security detection, the distributed security detection and response are realized through intrusion detection, abnormal behavior analysis and malicious activity recognition, and the virtualization and resource management module ensures the efficient utilization and load balance of resources by dynamically adjusting the resource allocation and scheduling strategy, so that the system performance is improved, the resource waste is reduced, and the system stability and response capability are enhanced.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only of the invention and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a platform function module according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an adaptive threat detection module according to an embodiment of the invention.
Detailed Description
The present invention will be further described in detail with reference to specific embodiments in order to make the objects, technical solutions and advantages of the present invention more apparent.
It is to be noted that unless otherwise defined, technical or scientific terms used herein should be taken in a general sense as understood by one of ordinary skill in the art to which the present invention belongs. The terms "first," "second," and the like, as used herein, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
1-2, An information security cloud computing platform based on an intelligent computing center comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module is used for detecting a self-adaptive threat;
The user identity and access control module performs identity verification and management on a user accessing the platform, unauthorized access is prevented, and the uniqueness and safety of the user identity are ensured;
the self-adaptive threat detection module automatically analyzes and identifies novel security threats and provides threat detection and response, and the self-adaptive threat detection module specifically comprises:
collecting safety monitoring data in real time, wherein the safety monitoring data comprises network flow, operation logs and user behavior data;
Extracting threat features from the collected safety monitoring data;
threat identification, namely constructing a threat detection model based on the extracted threat features, and identifying and classifying security threats through the threat detection model;
threat response, namely automatically generating a response strategy according to a threat identification result and executing the response strategy;
The data protection and backup module encrypts the stored and transmitted data and periodically backs up the user data, so that the leakage and loss of the data in the transmission process are prevented;
The virtualization and resource management module manages and monitors the safety state of the virtual machine, schedules and manages the computing resources of the intelligent computing center, and ensures the efficient utilization and safety isolation of the resources;
the edge computing cooperative security module deploys security agents at edge nodes, and distributed security detection and response are carried out by utilizing edge computing resources, so that instantaneity and processing efficiency are improved;
The security event management module records and analyzes the security event of the platform, provides a security log, and ensures the coordinated operation of all modules;
Through the content, comprehensive management and protection of user identities, data, virtual machines and security events are realized, efficient threat detection and response, data transmission security, efficient resource utilization and real-time security detection are provided, efficient and safe operation of a platform is ensured, the information security problem in the prior art is effectively solved, and the method has high innovation and practical value.
The user identity and access control module comprises:
A multi-factor authentication mechanism, which combines the identity authentication means of using passwords, short message authentication, fingerprint recognition, facial recognition or iris recognition to ensure the uniqueness and the safety of the user identity;
role and authority management, namely dynamically distributing access authorities according to the roles and authority levels of users, ensuring that only authorized users can access specific resources and execute specific operations;
Real-time monitoring and log recording, namely monitoring access behaviors of users in real time, recording access logs, and timely finding and responding to abnormal access behaviors;
the security policy application is to apply a predefined security policy, dynamically adjust the access control rule according to the user identity and the access behavior, and prevent unauthorized access and data disclosure;
The identity management and verification comprises periodically verifying and updating the identity information of the user, ensuring the validity and accuracy of the identity of the user, and carrying out identity verification and authentication management on the user;
Through the content, the uniqueness and the safety of the user identity can be effectively ensured, unauthorized access and data leakage are prevented, dynamic access control and compliance management are realized, and the overall safety and the management efficiency of the platform are improved.
The feature extraction includes:
Data preprocessing, namely cleaning, normalizing and dimension reducing the collected safety monitoring data, eliminating noise and redundant information, and ensuring the data quality;
Time sequence analysis, namely performing time sequence analysis on network traffic and user behavior data, calculating traffic characteristics and behavior patterns by using a sliding window technology, wherein a calculation formula is as follows:
;
Wherein, As the raw data in the time series,As a mean value within the sliding window,For the standard deviation within the sliding window,Is normalized data;
frequency domain analysis, namely performing frequency domain analysis on the operation log, extracting frequency characteristics by using Fast Fourier Transform (FFT), wherein the calculation formula is as follows:
;
Wherein, In the case of a time-domain signal,As a signal in the frequency domain,For the number of points of the data,Is frequency;
the statistical feature extraction, namely calculating basic statistical features of safety monitoring data, including mean value, standard deviation, skewness and kurtosis, wherein a calculation formula is as follows:
Mean value of ;
Standard deviation of;
Degree of deviation;
Kurtosis degree;
Wherein, As a function of the data points,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,Counting the number of the data points;
high-dimensional feature mapping, namely mapping the high-dimensional features into a low-dimensional space by using Principal Component Analysis (PCA), so that subsequent analysis is facilitated, wherein the calculation formula is as follows:
;
Wherein, In order to reduce the data after the dimension,As a matrix of raw data,Is a feature vector matrix;
by the method, threat features can be efficiently extracted from the safety monitoring data, accurate feature input is provided for threat identification and response, and the accuracy and response speed of threat detection are remarkably improved.
The threat detection model employs a Convolutional Neural Network (CNN) model, which includes:
And (3) data preprocessing, namely carrying out normalization and standardization processing on the collected safety monitoring data to reduce the influence of noise and data deviation on model training, wherein a calculation formula is as follows:
;
Wherein, As the raw data is to be processed,AndRespectively the minimum and maximum values of the data,Is normalized data;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,Is normalized data;
multi-scale convolution, namely, adopting multi-scale convolution kernels (convolution kernels with different sizes) to carry out convolution operation so as to capture the features with different scales and improve the recognition capability of threat features, wherein a calculation formula is as follows:
small scale convolution kernel: ;
large scale convolution kernel: ;
Wherein, AndThe sizes of the small-scale and large-scale convolution kernels respectively,For the convolution kernel weights,In order for the offset to be a function of,Is convolution output;
Attention mechanism, namely introducing an attention mechanism, weighting the output of the convolution layer to highlight important characteristics and improve the detection accuracy of the model, wherein a calculation formula is as follows:
;
Wherein, As a score of the importance of a feature,In order for the attention to be weighted,AndThe width and the height of the feature map respectively;
;
Wherein, For the output characteristics of the convolutional layer,Is a weighted feature;
And the pooling layer adopts a strategy of combining maximum pooling and average pooling so as to reserve important characteristics and reduce data dimension, wherein the calculation formula is as follows:
;
;
Wherein, For the purpose of pooling the window size,The output of the maximum pooling and the average pooling respectively;
Flattening the characteristic diagram output by the pooling layer, inputting the characteristic diagram into the full-connection layer for classification, wherein the calculation formula is as follows:
;
Wherein, For the output of the flattened pooling layer,For the full connection layer weight,In order for the offset to be a function of,In order to output the output of the device,Is an activation function (softmax);
through the content, the safety monitoring data can be processed and analyzed better, the recognition capability and detection accuracy of the model to complex threat features are improved, the attention to important features is enhanced, the data dimension is reduced, and the calculation efficiency is improved, so that more accurate and efficient threat detection and response capability is provided.
The threat response includes:
Threat assessment, namely assessing the severity of the threat according to a threat identification result, determining the threat level, and adopting a calculation formula:
;
Wherein, Is a threat score that is a function of the threat,Is the firstThe weight of the individual features is determined,Is the firstThe values of the individual characteristics are used to determine,Is the feature number;
and selecting a response strategy from a predefined response strategy library based on the threat level, wherein the calculation formula is as follows:
;
Wherein, In order to select a response strategy to be used,In response to the set of policies,To select policies under a given threat scoreProbability of (2);
generating a strategy, namely generating response operation including blocking, isolating, alarming and logging according to the selected response strategy;
executing the strategy, namely executing the generated response operation through an automation script and a security tool;
Through the content, an effective response strategy can be automatically generated and executed according to the threat identification result, so that rapid and accurate threat response is realized, the safety and stability of the platform are improved, the human intervention and response time are reduced, and the timely treatment of various security threats and the continuous protection of the system are ensured.
The virtualization and resource management module comprises:
The virtual machine safety monitoring, namely monitoring the running state, the network flow and the operation log of the virtual machine in real time through an integrated safety agent, detecting abnormal behaviors and potential threats, wherein the calculation formula is as follows:
;
Wherein, To score the security of the virtual machine,Is the firstThe weight of the individual monitored parameters is determined,Is the firstThe values of the individual monitoring parameters are used,To monitor the number of parameters;
The resource utilization monitoring comprises the steps of monitoring the resource utilization conditions of the virtual machine and the physical host in real time, wherein the resource utilization conditions comprise CPU utilization rate, memory utilization amount, storage utilization rate and network bandwidth utilization condition, so that the high-efficiency utilization and load balance of the resources are ensured, and the calculation formula is as follows:
;
Wherein, In order to have used the amount of resources,Is the total resource amount;
Dynamic resource scheduling, namely dynamically adjusting resource allocation and scheduling strategies of the virtual machine according to the real-time resource utilization monitoring result, optimizing the resource utilization rate and reducing resource waste;
The security policy application, which is to automatically apply or adjust the security policy according to the security monitoring result of the virtual machine, including network isolation, access control and patch management, so as to ensure the security of the virtual machine;
the automatic management tool is used for executing configuration, migration and backup operations of the virtual machine, so that the management flow is simplified, and the management efficiency is improved;
Through the above, the resource allocation and scheduling strategy can be dynamically adjusted, the efficient utilization and load balancing of the resources are ensured, the load balancing is realized by automatically increasing or reducing the resource allocation and migrating the virtual machine, the system performance is improved, the resource waste is reduced, the stability and the response capability of the system are enhanced, the management flow is simplified, and the overall management efficiency is improved.
The edge computing cooperative security module includes:
Edge security agent deployment, namely deploying lightweight security agents on each edge node, and taking charge of local data acquisition and preliminary analysis;
The distributed data processing is carried out by utilizing the computing resources of the edge nodes to carry out distributed processing on locally acquired data, so that the pressure of data transmission to a central server is reduced, and the response speed is improved;
performing real-time security detection including intrusion detection, abnormal behavior analysis and malicious activity recognition through a security agent of the edge node;
The cooperative response is that the edge node executes a safety response strategy independently or cooperatively with the adjacent edge node according to the safety detection result, and the safety response strategy comprises blocking suspicious traffic, isolating infected equipment and sending an alarm to a central server;
through the content, the security agent can be deployed at the edge node, distributed security detection and response are performed by utilizing the edge computing resources, and the security and response efficiency of the whole system are improved.
The edge security agent deployment includes:
the lightweight security agent deployment, namely deploying the lightweight security agent on each edge node, wherein the lightweight security agent runs on the edge equipment and monitors network traffic, operation logs and user behavior data, and the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstData points;
preliminary data analysis, namely, carrying out preliminary analysis on the collected data by a lightweight security agent, and identifying abnormal behaviors and potential threats based on an abnormality detection algorithm of statistical analysis, wherein the method specifically comprises the following steps of:
;
;
Wherein, As a mean value of the data set,Is the standard deviation of the two-dimensional image,Is the firstA data point is provided for each of the data points,Number of data points;
;
Wherein, Is the firstAbnormal scores for data points;
If it is Then considerIs abnormal data;
and (3) edge data aggregation, namely aggregating and transmitting the result of the primary data analysis to a central server for analysis and response, wherein the calculation formula is as follows:
;
Wherein, For the aggregate anomaly score sum of the edge nodes,Is the number of outlier data points;
by the method, the lightweight security agents can be effectively deployed on the edge nodes, local data acquisition and preliminary analysis can be performed, and security threats can be timely found and dealt with.
The distributed data processing includes:
Dividing a locally acquired data set into a plurality of data blocks so as to be convenient for parallel processing on edge nodes, wherein the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstA data point is provided for each of the data points,Is the firstThe number of data blocks in a block of data,The number of the fragments;
Parallel processing, namely parallel processing is carried out on the divided data blocks by utilizing the computing resources of the edge nodes, so that the processing efficiency and the response speed are improved, and the computing formula is as follows:
;
Wherein, Is the firstThe result of the processing of the individual data blocks,In order to process the function,Is the firstA number of data blocks;
and (3) aggregating the processing results of the data blocks to form an integral processing result, wherein the calculation formula is as follows:
;
Wherein, As a result of the overall processing,Is the firstThe result of the processing of the individual data blocks,The number of the fragments;
Through the content, the efficiency and the response speed of data processing are improved, the pressure of data transmission to a central server is reduced, the real-time performance and the reliability of the system are ensured, and meanwhile, the effective integration of the processing results of all edge nodes is ensured, so that the safety and the management efficiency of the whole system are improved.
Processing functionThe method specifically comprises the following steps:
data preprocessing, namely carrying out normalization and denoising treatment on the data, wherein the calculation formula is as follows:
;
Wherein, For the data to be normalized,As the raw data is to be processed,AndRespectively minimum and maximum values in the data set;
Extracting key features in the extracted data, including mean value, standard deviation and kurtosis, wherein the calculation formula is as follows:
;
;
;
And (3) performing preliminary analysis, namely classifying or performing cluster analysis on the data by using K-means clusters, wherein the calculation formula is as follows:
;
Wherein, For the purpose of clustering the objective functions,As the number of clusters to be clustered,Is the firstThe center of the individual clusters is the center of the cluster,Is the normalized data point.
The security detection includes:
Intrusion detection, namely identifying intrusion behaviors by analyzing network flow and operation logs, wherein a calculation formula is as follows:
;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,For the data to be normalized,Is a known intrusion signature pattern;
abnormal behavior analysis, namely identifying abnormal behaviors and potential threats by analyzing user behavior data and based on an abnormal detection algorithm of statistical analysis;
Malicious activity identification, namely identifying malicious activity by analyzing operation logs and network traffic and using a naive Bayesian classifier;
the naive bayes classifier includes:
posterior probability calculation: ;
Wherein, For a category (malicious or normal),As a feature vector of the object set,For the posterior probability of the probability of a posterior,For the purpose of likelihood,Is a priori probability;
Naive bayes hypothesis: ;
Wherein, Is characterized byIs the feature number;
Classification decision: ;
Wherein, Is a predicted category;
Through the above, real-time security detection can be realized, potential invasion, abnormal behaviors and malicious activities can be identified and responded in time, the distributed detection method improves the overall security and response efficiency of the system, reduces the burden of a central server, and ensures the real-time performance and accuracy of data processing.
It will be appreciated by persons skilled in the art that the above discussion of any embodiment is merely exemplary and is not intended to imply that the scope of the invention is limited to these examples, that combinations of technical features in the above embodiments or in different embodiments may also be implemented in any order, and that many other variations of the different aspects of the invention as described above exist, which are not provided in detail for the sake of brevity.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202411118203.0A CN119128901A (en) | 2024-08-15 | 2024-08-15 | An information security cloud computing platform based on intelligent computing center |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202411118203.0A CN119128901A (en) | 2024-08-15 | 2024-08-15 | An information security cloud computing platform based on intelligent computing center |
Publications (1)
Publication Number | Publication Date |
---|---|
CN119128901A true CN119128901A (en) | 2024-12-13 |
Family
ID=93769797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202411118203.0A Pending CN119128901A (en) | 2024-08-15 | 2024-08-15 | An information security cloud computing platform based on intelligent computing center |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN119128901A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN119402293A (en) * | 2024-12-31 | 2025-02-07 | 深圳润迅数据通信有限公司 | Network security early warning method and system based on edge intelligent data center |
-
2024
- 2024-08-15 CN CN202411118203.0A patent/CN119128901A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN119402293A (en) * | 2024-12-31 | 2025-02-07 | 深圳润迅数据通信有限公司 | Network security early warning method and system based on edge intelligent data center |
CN119402293B (en) * | 2024-12-31 | 2025-04-11 | 深圳润迅数据通信有限公司 | Network security early warning method and system based on edge intelligent data center |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Deshpande et al. | HIDS: A host based intrusion detection system for cloud computing environment | |
Garg et al. | Statistical vertical reduction‐based data abridging technique for big network traffic dataset | |
Zhe et al. | DoS attack detection model of smart grid based on machine learning method | |
EP3465515B1 (en) | Classifying transactions at network accessible storage | |
Ullah et al. | A filter-based feature selection model for anomaly-based intrusion detection systems | |
CN118260158A (en) | Cloud computing service operation and maintenance management platform | |
Liu et al. | Mltracer: Malicious logins detection system via graph neural network | |
CN117811764A (en) | Zero trust network construction method and system | |
CN119128901A (en) | An information security cloud computing platform based on intelligent computing center | |
CN117807590B (en) | Information security prediction and monitoring system and method based on artificial intelligence | |
CN118869267A (en) | An adaptive zero-trust network assessment method and system based on edge computing | |
CN118381672B (en) | Data security dynamic protection method and system based on artificial intelligence | |
Somwang et al. | Computer network security based on support vector machine approach | |
CN119339464A (en) | Remote control and authority management system for smart locks of power facilities | |
Fernando et al. | Network attacks identification using consistency based feature selection and self organizing maps | |
CN111475380A (en) | Log analysis method and device | |
RU180789U1 (en) | DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS | |
CN117640432B (en) | Operation and maintenance monitoring method for distributed data center | |
Umathe et al. | Artificial Intelligence based Anomaly detection in Distributed energy resources for Smart Grid | |
CN117932233A (en) | User behavior model fine-tuning method, system and medium based on similar abnormal behavior | |
Vijayalakshmi et al. | Detection of man in the middle attack in 5G IOT using machine learning | |
CN117376010A (en) | Network security method and system based on intelligent network | |
Jingyi et al. | ELM network intrusion detection model based on SLPP feature extraction | |
Zhu et al. | Research of intrusion detection based on support vector machine | |
Arivardhini et al. | A Hybrid Classifier Approach for Network Intrusion Detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |