CN116684202B - Internet of things information security transmission method - Google Patents
Internet of things information security transmission method Download PDFInfo
- Publication number
- CN116684202B CN116684202B CN202310966325.4A CN202310966325A CN116684202B CN 116684202 B CN116684202 B CN 116684202B CN 202310966325 A CN202310966325 A CN 202310966325A CN 116684202 B CN116684202 B CN 116684202B
- Authority
- CN
- China
- Prior art keywords
- access
- user
- value
- cluster
- characteristic value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000005540 biological transmission Effects 0.000 title claims abstract description 42
- 230000002159 abnormal effect Effects 0.000 claims abstract description 38
- 238000012937 correction Methods 0.000 claims abstract description 27
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 21
- 230000008859 change Effects 0.000 claims abstract description 8
- 238000012216 screening Methods 0.000 claims abstract description 3
- 230000005856 abnormality Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 8
- 230000006399 behavior Effects 0.000 description 61
- 238000004364 calculation method Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/75—Information technology; Communication
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/20—Analytics; Diagnosis
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Business, Economics & Management (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of data transmission, in particular to an information security transmission method of the Internet of things, which comprises the following steps: obtaining access habit characteristic values according to the difference of the access times and the access time; obtaining access behavior characteristic values according to the access habit characteristic values and the access times; clustering the access behavior characteristic values of each user to obtain a plurality of clusters, and obtaining access behavior abnormal values according to the number of users in each cluster and the access behavior characteristic values; correcting the abnormal value of the access behavior of each user according to the change of each cluster to obtain an access behavior correction value; and obtaining an access abnormal characteristic value of each user according to the access habit characteristic value and the access behavior correction value, and carrying out threshold screening on the access abnormal characteristic value of each user to realize the safe transmission of the information of the Internet of things. The invention reduces the risk of data theft, and identifies the access user through the more intelligent authentication of the user identity, thereby improving the security of data transmission.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to an information security transmission method of the Internet of things.
Background
The internet of things is a technology for connecting a sensor, intelligent equipment and the internet with each other and realizing remote monitoring, control and management of articles through a wireless network. The Internet of things contains massive data, and enterprises and organizations can be helped to better know user demands, forecast market trends, improve operation efficiency and the like. Secure transmission of information refers to a series of security measures taken when data is transmitted over a network or other communication channel to ensure that the data is not accessed, modified or destroyed by unauthorized personnel during the transmission process. Because core data of an enterprise can only be transferred inside the enterprise, in order to prevent leakage and loss of the core data, information needs to be protected during transmission.
In the prior art, the method for protecting the information in the transmission process mainly encrypts the information, and only obtains the key to obtain the corresponding information, but if the key is leaked, the information is lost, and in the transmission process in the enterprise, the authority levels of different personnel are different, and when the personnel covered by the key are too many, the personnel are unsafe. Therefore, in order to improve the safety in the information transmission process, the invention provides the information safety transmission method of the Internet of things, which is used for protecting the information by analyzing the change of the information in the transmission process, so that the obtained information is not complete original information, and even if information leakage occurs, no method is available for restoring the information, thereby improving the safety of the information transmission.
Disclosure of Invention
The invention provides an information security transmission method of the Internet of things, which aims to solve the existing problems.
The invention discloses an information security transmission method of the Internet of things, which adopts the following technical scheme:
the embodiment of the invention provides a safe transmission method of information of the Internet of things, which comprises the following steps:
collecting log data such as access times, access time and the like of each user;
obtaining an access habit characteristic value of each user according to the difference between the access times of each user and the access time of each user;
obtaining an access behavior characteristic value of each user according to the access habit characteristic value, the access time and the access times of each user; clustering the access behavior characteristic values of each user to obtain a plurality of clusters, and obtaining access behavior abnormal values of each user according to the number of users in each cluster, access time and the access behavior characteristic values; correcting the abnormal value of the access behavior of each user according to the change of each cluster to obtain the correction value of the access behavior of each user;
and obtaining an access abnormal characteristic value of each user according to the access habit characteristic value of each user and the access behavior correction value of each user, and carrying out threshold screening on the access abnormal characteristic value of each user to realize the safe transmission of the information of the Internet of things.
Preferably, the obtaining the access habit characteristic value of each user according to the difference between the access times of each user and the access time of each user includes the following specific methods:
in (1) the->Indicating the access habit characteristic value of the ith user; />Indicating the number of times the ith user accesses successfully; />Indicating the total number of accesses by the ith user; />Indicating the time of the jth access of the ith user; />Represents the ith user jth-time of 1 visit;
and obtaining the access habit characteristic value of each user.
Preferably, the obtaining the access behavior feature value of each user according to the access habit feature value, the access time and the access times of each user includes the following specific methods:
for any day, formula (I)>Representing the access behavior characteristic value of the ith user; t1 represents the total time of day; />Representing the total time of day for the ith user's access procedure; />Indicating the total number of accesses by the ith user; />Indicating the access habit characteristic value of the ith user;
and obtaining the access behavior characteristic value of each user.
Preferably, the method for obtaining the abnormal value of the access behavior of each user according to the number of users in each cluster, the access time and the characteristic value of the access behavior includes the following specific steps:
for any cluster, wherein +.>Representing access behavior abnormal values of a z-th user in the cluster; />Representing the total time of the z-th user in the cluster during the access process of one day; n represents a poly (N-vinyl acetate)The number of users in the class cluster; />Showing the total time of the access process of the jth user in the cluster in one day; />Representing the average value of the access behavior characteristic values in the cluster; />Representing the minimum value of the access behavior characteristic value mean value in all cluster; />Representing the access behavior characteristic value of the z-th user in the cluster;
and obtaining the access behavior abnormal value of each user.
Preferably, the correcting the abnormal value of the access behavior of each user according to the change of each cluster to obtain the corrected value of the access behavior of each user comprises the following specific steps:
for any cluster, wherein +.>Representing the correction value of the access behavior of the z-th user in the cluster; />Representing access behavior abnormal values of a z-th user in the cluster; m represents the number of clusters; />The absolute value of the difference value between the abnormal access behavior value of the z-th user in the cluster and the minimum abnormal access behavior value in the cluster is expressed and recorded as a first difference absolute value; />Indicate->The number of users in the cluster; />Indicate->A first difference absolute value of a j-th user in the cluster;
and acquiring an access behavior correction value of each user.
Preferably, the method for obtaining the access abnormality characteristic value of each user according to the access habit characteristic value of each user and the access behavior correction value of each user includes the following specific steps:
the absolute value of the difference value between the access habit characteristic value of the ith user and the access behavior correction value of the ith user is recorded as the access abnormality characteristic value of the ith user;
and obtaining the access abnormal characteristic value of each user.
The technical scheme of the invention has the beneficial effects that: when guaranteeing the security of the information transmission process of the Internet of things, the security of the information in the transmission process is evaluated by analyzing the risk of being cracked in a common encryption mode, and the access abnormal characteristics of the access user are obtained by analyzing the access habit and the access behavior of the access user of the server, so that the access user is judged; when the access user is analyzed, the abnormal degree of the access habit and the access behavior of the user is obtained by constructing an ellipse description analysis method, and then the access information of the user is verified by adjusting ellipse parameters, so that the abnormal degree is minimum when the access habit and the access behavior feature of the user are equal, and further the abnormality of the access user is determined. And whether to terminate the transmission of the information is determined according to the abnormal degree of the user, compared with the prior art, the method can reduce the risk of data theft, and the identity of the access user is identified by more intelligently authenticating the identity of the user, so that the safety of data transmission is improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of steps of an information security transmission method of the internet of things.
Detailed Description
In order to further describe the technical means and effects adopted by the invention to achieve the preset aim, the following detailed description is given below of a specific implementation, structure, characteristics and effects of the method for transmitting information of internet of things according to the invention in combination with the accompanying drawings and the preferred embodiment. In the following description, different "one embodiment" or "another embodiment" means that the embodiments are not necessarily the same. Furthermore, the particular features, structures, or characteristics of one or more embodiments may be combined in any suitable manner.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The invention provides a specific scheme of an information security transmission method of the Internet of things, which is specifically described below with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of steps of a method for securely transmitting information of internet of things according to an embodiment of the present invention is shown, and the method includes the following steps:
step S001: user log data is collected.
It should be noted that, in the prior art, the method for protecting information in the transmission process mainly encrypts the information, and only obtains the key to obtain the corresponding information, but if the key leaks, the information is lost, and in the transmission process inside the enterprise, the authority levels of different people are different, and when the number of people covered by the key is too large, the key is unsafe. Therefore, in order to improve the security in the information transmission process, the embodiment proposes an internet of things information security transmission method for protecting the information by analyzing the change of the information in the transmission process, so that the obtained information is not complete original information, and even if information leakage occurs, there is no way to restore the information, thereby improving the security of the information transmission.
Specifically, in order to implement the method for securely transmitting information of the internet of things provided in this embodiment, log data of a user needs to be acquired first, and the specific process is as follows: the method comprises the steps of opening a super manager login interface of a system, inputting an account number and a password of the super manager to log in the super manager account number, obtaining the authority of the super manager, opening an operating system in the system to check a history login log in a near week, and deriving log data of the week, wherein the login log data comprises log data of login time, IP addresses, login time and the like, each different IP address corresponds to one user, and the embodiment is described by taking log data of any day as an example.
So far, log data of all users are obtained.
Step S002: and obtaining the access habit characteristic value of the user according to the difference of the access times and the access time of the user.
It should be noted that, the internet of things information transmission process mainly includes steps of data encoding, data transmission, data decoding, etc., and when data transmission operation is performed, in order to improve security of data transmission, a firewall is generally established in a system, an IP address is verified through the firewall, and after verification, transmission is performed through a receiving end and a transmitting end in the system, but for some malicious users, an IP address which originally has no authority is camouflaged into a false IP address with authority, so that data leakage is caused by entering the system. In order to reduce the occurrence of such a situation, when the firewall verifies the IP address, the access habit of the user can be analyzed according to the access record of the user, so that the identity security of the user can be evaluated, and whether the access of the user is blocked or not can be finally determined according to the security.
It should be further noted that, in this embodiment, the security of the user is analyzed by using an elliptic equation, and according to a priori knowledge, the security is determined by using an elliptic equationWherein h represents the abscissa of the center of the ellipse, k represents the ordinate of the center of the ellipse, a represents the length of half the major axis of the ellipse, b represents the length of half the minor axis of the ellipse, parameters a and b have a direct influence on the shape and size of the ellipse, if +.>The ellipse becomes a standard circle; if->The oval shape is flatter; if it isThe oval shape is more slender. In this embodiment, the abnormal situation of the user identity can be seen as a and b controlling the elliptical shape, only if +.>When the ellipse becomes a standard circle, the identity of the user is not abnormal; if the difference between a and b is larger, the identity of the user is indicated to be abnormal. Through the analysis of the security of the user by using the elliptic equation, the abnormal condition of the identity of the user can be well reflected by the elliptic equation.
Specifically, in this embodiment, the ith user is taken as an example to describe, and the user access habit characteristic value is obtained according to the access record of the user, where the calculation formula of the user access habit characteristic value is as follows:
in (1) the->Indicating the access habit characteristic value of the ith user; />Indicating the number of times the ith user accesses successfully; />Indicating the total number of accesses by the ith user; />Indicating the time of the jth access of the ith user; />Indicating the time of the j-1 th access of the ith user; />Representing the time difference between two adjacent accesses of the ith user; />The average of access time intervals is represented because the higher the frequency of access is, the more likely to be abnormal access when the user makes an access, and thus the frequency of access is represented by the time interval of each access. />The success rate of the i-th user accessing the system is indicated, because normal access is usually wrong but is wrong a small number of times, while malicious access disguised of the IP address is successful only after a large number of attempts, and a large number of times of errors exist, so that the access habit characteristic value of the visitor is indicated by calculating the access success rate.
Acquiring access habit characteristic values of other users; and obtaining access habit characteristic values of all users.
So far, the access habit characteristic values of all users are obtained through the method.
Step S003: obtaining access behavior characteristic values of the user according to the access habit characteristic values, the access time and the access times of the user, clustering the access behavior characteristic values to obtain a plurality of clusters, obtaining access behavior abnormal values of the user according to the clusters, and correcting the access behavior abnormal values to obtain access behavior correction values of the user.
It should be noted that, the obtained characteristic value of the access habit of the user mainly aims at the situation that a single IP address has a large number of times of errors by a large number of attempts aiming at malicious access of the disguised IP address; when analyzing the access behaviors of users, the malicious access disguised by a plurality of IP addresses exists, and the plurality of IP addresses are tried in a small amount, so that a plurality of new users are added in the system, and the parameters of the access abnormality can be determined according to the behaviors of the users.
Specifically, the access behavior characteristic value of each user is obtained according to the access time and the access frequency of the user, wherein the calculation formula of the access behavior characteristic value of the user is as follows:
in (1) the->The access behavior characteristic value of the ith user is represented, and if the characteristic value is larger, the abnormal access behavior of the user is indicated; t1 represents the total time of day; />Representing the total time of day for the ith user's access procedure; />Indicating the total number of accesses by the ith user; />Indicating the access habit characteristic value of the ith user; here, it is calculated that the frequency of access by a certain user in one day is greater, and access is possible at any time in one day due to the greater randomness of malicious access, and the number of accesses is higher, so that the number of accesses by the user in one day is compared with the difference in access time.
Acquiring access behavior characteristic values of other users; acquiring access behavior characteristic values of all users, and performing aggregation clustering on access behavior data of all users to obtain a plurality of clustering clusters; the clustering algorithm is a known technology, and this embodiment is not described.
Further, in this embodiment, a z-th user in any cluster is taken as an example to describe, and an access behavior abnormal value of the user is obtained according to an access behavior characteristic value of the user in the cluster, where a calculation formula of the access behavior characteristic value of the user is as follows:
in (1) the->Representing access behavior abnormal values of a z-th user in the cluster; />Representing the total time of the z-th user in the cluster during the access process of one day; n represents the number of users in the cluster; />Representing the total time of the access process of the jth user in the cluster in one day; />Representing the average value of the access behavior characteristic values in the cluster; />Representing the minimum value of the access behavior characteristic value mean value in all cluster; />Representing the access behavior characteristic value of the z-th user in the cluster; />Representing all accesses within the clusterThe user accesses the accumulated sum of the total time of the process in one day; />The larger the difference of the access time of the z-th user in the cluster compared with the difference of other users is, the larger the difference is, which means that the access characteristic of the z-th user when accessing the system is larger than the access characteristic difference of other users; />Representing the difference of the cluster from other clusters; />And representing the difference between the z-th user in the cluster and other users in the cluster, and if the difference is smaller, indicating that the degree of abnormality of the z-th user in the cluster is smaller.
Acquiring access behavior abnormal values of other users in the cluster; acquiring access behavior abnormal values of all users in the cluster; and obtaining access behavior abnormal values of all users in each cluster.
It should be further noted that, because the access behavior has a certain randomness, if the access behavior of the normal IP address is simulated all the time when the IP address is disguised for malicious access, the feature distinction between users is small, and there is a certain offset of the access behavior outlier obtained according to the large difference feature of the users in the cluster, so that the access behavior outlier of the users needs to be corrected according to the change of different clusters, and the access behavior correction value of the users in the cluster is obtained.
Specifically, the calculation formula of the correction value of the access behavior of the user in the cluster is as follows:
in (1) the->Indicating the correction value of the access behavior of the z-th user in the cluster; />Representing access behavior abnormal values of a z-th user in the cluster; m represents the number of clusters; />The absolute value of the difference value between the abnormal access behavior value of the z-th user in the cluster and the minimum abnormal access behavior value in the cluster is recorded as a first absolute difference value; />Indicate->The number of users in the cluster; />Indicate->A first difference absolute value of a j-th user in the cluster; />Representing the difference ratio of the access behavior abnormal values of the z-th user, and reflecting the deviation degree of the access behavior abnormal values; />And (4) representing the clustering entropy, wherein the larger the distance entropy is, the larger the abnormal degree of the access behavior of the z-th user in the clustering cluster is.
Acquiring the access behavior correction values of other users in the cluster; acquiring access behavior correction values of all users in the cluster; and acquiring the access behavior correction values of all the users in each cluster, thereby acquiring the access behavior correction values of all the users.
So far, the access behavior correction values of all users obtained through the method are obtained.
Step S004: and carrying out networking information security transmission according to the access habit characteristic value and the access behavior correction value of the user and the access abnormal characteristic value of the user.
The access habit characteristic value and the access behavior correction value of the user obtained in step S002 and step S003 are equivalent to the parameter a and the parameter b for controlling the shape and the size of the ellipse in the ellipse equation, and the smaller the difference between the two parameters is, the smaller the access abnormality characteristic value of the user is.
Specifically, according to the access habit characteristic value and the access behavior correction value of the user, the access abnormality characteristic value of the user is calculated according to the calculation formula of the access abnormality characteristic value of the user:
in (1) the->An access anomaly characteristic value representing an i-th user; />Indicating the access habit characteristic value of the ith user; />An access behavior modification value representing an i-th user; if the access abnormal characteristic value of the ith user is smaller, the access of the ith user is normal; if the access abnormality characteristic value of the ith user is larger, the abnormality degree of the access of the ith user is larger.
Acquiring access abnormal characteristic values of other users; and obtaining access abnormal characteristic values of all users.
Presetting an access abnormality characteristic threshold S, wherein the embodiment is described by s=0.05, and the embodiment is not particularly limited, wherein S may be determined according to the specific implementation situation; if the access abnormality characteristic value of the ith user is smaller than S, the access of the ith user is not abnormal; if the access abnormality characteristic value of the ith user is greater than or equal to S, the access of the ith user is abnormal.
And acquiring all users with abnormal access, intercepting the accessed users with abnormal access by a firewall, interrupting data transmission of the corresponding user end, and completing safe transmission of the information of the Internet of things.
This embodiment is completed.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (5)
1. The method for safely transmitting the information of the Internet of things is characterized by comprising the following steps of:
collecting log data of each user; the log data includes: access times, access time;
obtaining an access habit characteristic value of each user according to the difference between the access times of each user and the access time of each user;
obtaining an access behavior characteristic value of each user according to the access habit characteristic value, the access time and the access times of each user; clustering the access behavior characteristic values of each user to obtain a plurality of clusters, and obtaining access behavior abnormal values of each user according to the number of users in each cluster, access time and the access behavior characteristic values; correcting the abnormal value of the access behavior of each user according to the change of each cluster to obtain the correction value of the access behavior of each user;
obtaining an access abnormal characteristic value of each user according to the access habit characteristic value of each user and the access behavior correction value of each user, and carrying out threshold screening on the access abnormal characteristic value of each user to realize the safe transmission of the information of the Internet of things;
correcting the access behavior abnormal value of each user according to the change of each cluster to obtain the access behavior correction value of each user, wherein the specific method comprises the following steps:
for any cluster, wherein +.>Representing the correction value of the access behavior of the z-th user in the cluster; />Representing access behavior abnormal values of a z-th user in the cluster; m represents the number of clusters; />The absolute value of the difference value between the abnormal access behavior value of the z-th user in the cluster and the minimum abnormal access behavior value in the cluster is expressed and recorded as a first difference absolute value; />Indicate->The number of users in the cluster; />Indicate->A first difference absolute value of a j-th user in the cluster;
and acquiring an access behavior correction value of each user.
2. The method for securely transmitting information of the internet of things according to claim 1, wherein the obtaining the access habit characteristic value of each user according to the difference between the access times of each user and the access time of each user comprises the following specific steps:
in (1) the->Indicating the access habit characteristic value of the ith user; />Indicating the number of times the ith user accesses successfully; />Indicating the total number of accesses by the ith user; />Indicating the time of the jth access of the ith user;indicating the time of the j-1 th access of the ith user;
and obtaining the access habit characteristic value of each user.
3. The method for securely transmitting information of the internet of things according to claim 1, wherein the obtaining the access behavior characteristic value of each user according to the access habit characteristic value, the access time and the access times of each user comprises the following specific steps:
for any day, formula (I)>Representing the access behavior characteristic value of the ith user; t1 represents the total time of day; />Representing the total time of day for the ith user's access procedure; />Indicating the total number of accesses by the ith user; />Indicating the access habit characteristic value of the ith user;
and obtaining the access behavior characteristic value of each user.
4. The method for securely transmitting information of the internet of things according to claim 1, wherein the obtaining the access behavior abnormal value of each user according to the number of users in each cluster, the access time and the access behavior characteristic value comprises the following specific steps:
for any cluster, wherein +.>Representing access behavior abnormal values of a z-th user in the cluster; />Representing the total time of the z-th user in the cluster during the access process of one day; n represents the number of users in the cluster; />Representing the total time of the access process of the jth user in the cluster in one day; />Representing the average value of the access behavior characteristic values in the cluster; />Representing the minimum value of the access behavior characteristic value mean value in all cluster; />Representing the access behavior characteristic value of the z-th user in the cluster;
and obtaining the access behavior abnormal value of each user.
5. The method for securely transmitting information of the internet of things according to claim 1, wherein the obtaining the access abnormality characteristic value of each user according to the access habit characteristic value of each user and the access behavior correction value of each user comprises the following specific steps:
the absolute value of the difference value between the access habit characteristic value of the ith user and the access behavior correction value of the ith user is recorded as the access abnormality characteristic value of the ith user;
and obtaining the access abnormal characteristic value of each user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310966325.4A CN116684202B (en) | 2023-08-01 | 2023-08-01 | Internet of things information security transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310966325.4A CN116684202B (en) | 2023-08-01 | 2023-08-01 | Internet of things information security transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116684202A CN116684202A (en) | 2023-09-01 |
| CN116684202B true CN116684202B (en) | 2023-10-24 |
Family
ID=87782236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310966325.4A Active CN116684202B (en) | 2023-08-01 | 2023-08-01 | Internet of things information security transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684202B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117978543B (en) * | 2024-03-28 | 2024-06-04 | 贵州华谊联盛科技有限公司 | Network security early warning method and system based on situation awareness |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106296465A (en) * | 2016-08-23 | 2017-01-04 | 四川大学 | A kind of intelligent grid exception electricity consumption behavioral value method |
| CN108809745A (en) * | 2017-05-02 | 2018-11-13 | ***通信集团重庆有限公司 | A kind of user's anomaly detection method, apparatus and system |
| CN109697332A (en) * | 2019-01-14 | 2019-04-30 | 重庆邮电大学 | A kind of exception monitoring scheme of the stream calculation system based on unsupervised learning method |
| CN109753989A (en) * | 2018-11-18 | 2019-05-14 | 韩霞 | Power consumer electricity stealing analysis method based on big data and machine learning |
| WO2019109741A1 (en) * | 2017-12-05 | 2019-06-13 | 阿里巴巴集团控股有限公司 | Abnormal data access identification method and apparatus |
| US10721236B1 (en) * | 2016-12-30 | 2020-07-21 | EMC IP Holding Company LLC | Method, apparatus and computer program product for providing security via user clustering |
| CN113535823A (en) * | 2021-07-26 | 2021-10-22 | 北京天融信网络安全技术有限公司 | Abnormal access behavior detection method and device and electronic equipment |
| CN114640499A (en) * | 2022-02-11 | 2022-06-17 | 深圳昂楷科技有限公司 | Method and device for carrying out abnormity identification on user behavior |
| CN115150206A (en) * | 2022-09-06 | 2022-10-04 | 广东广泰信息科技有限公司 | Intrusion detection safety early warning system and method for information safety |
| CN116243097A (en) * | 2023-05-11 | 2023-06-09 | 新风光电子科技股份有限公司 | Electric energy quality detection method based on big data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11483327B2 (en) * | 2019-11-17 | 2022-10-25 | Microsoft Technology Licensing, Llc | Collaborative filtering anomaly detection explainability |
-
2023
- 2023-08-01 CN CN202310966325.4A patent/CN116684202B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106296465A (en) * | 2016-08-23 | 2017-01-04 | 四川大学 | A kind of intelligent grid exception electricity consumption behavioral value method |
| US10721236B1 (en) * | 2016-12-30 | 2020-07-21 | EMC IP Holding Company LLC | Method, apparatus and computer program product for providing security via user clustering |
| CN108809745A (en) * | 2017-05-02 | 2018-11-13 | ***通信集团重庆有限公司 | A kind of user's anomaly detection method, apparatus and system |
| WO2019109741A1 (en) * | 2017-12-05 | 2019-06-13 | 阿里巴巴集团控股有限公司 | Abnormal data access identification method and apparatus |
| CN109753989A (en) * | 2018-11-18 | 2019-05-14 | 韩霞 | Power consumer electricity stealing analysis method based on big data and machine learning |
| CN109697332A (en) * | 2019-01-14 | 2019-04-30 | 重庆邮电大学 | A kind of exception monitoring scheme of the stream calculation system based on unsupervised learning method |
| CN113535823A (en) * | 2021-07-26 | 2021-10-22 | 北京天融信网络安全技术有限公司 | Abnormal access behavior detection method and device and electronic equipment |
| CN114640499A (en) * | 2022-02-11 | 2022-06-17 | 深圳昂楷科技有限公司 | Method and device for carrying out abnormity identification on user behavior |
| CN115150206A (en) * | 2022-09-06 | 2022-10-04 | 广东广泰信息科技有限公司 | Intrusion detection safety early warning system and method for information safety |
| CN116243097A (en) * | 2023-05-11 | 2023-06-09 | 新风光电子科技股份有限公司 | Electric energy quality detection method based on big data |
Non-Patent Citations (2)
| Title |
|---|
| Drift-Aware Methodology for Anomaly Detection in Smart Grid;GIUSEPPE FENZA et al.;《IEEE Xplore》;全文 * |
| 基于Web日志的并行化聚类算法研究及应用;王颖;《硕士电子期刊》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116684202A (en) | 2023-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11509679B2 (en) | Trust topology selection for distributed transaction processing in computing environments | |
| EP2545680B1 (en) | Behavior-based security system | |
| Wang et al. | Security issues and challenges for cyber physical system | |
| CN112182519B (en) | Computer storage system security access method and access system | |
| US9197652B2 (en) | Method for detecting anomalies in a control network | |
| KR102024142B1 (en) | A access control system for detecting and controlling abnormal users by users’ pattern of server access | |
| CN116684202B (en) | Internet of things information security transmission method | |
| CA2526759A1 (en) | Event monitoring and management | |
| Song et al. | Enhancing Packet‐Level Wi‐Fi Device Authentication Protocol Leveraging Channel State Information | |
| CN112583810B (en) | Zero trust method for context-based virtual network | |
| CN115065469B (en) | Data interaction method and device for power internet of things and storage medium | |
| CN114338105B (en) | Zero trust based system for creating fort | |
| Essa et al. | Cyber physical sensors system security: threats, vulnerabilities, and solutions | |
| EP4045998A1 (en) | Token-based device access restriction systems | |
| CN115348037A (en) | Identity authentication method, device and equipment of terminal equipment | |
| RU2760625C1 (en) | METHOD FOR CONFIGURATION OF IoT APPARATUSES DEPENDING ON THE TYPE OF NETWORK | |
| CN115168830A (en) | Login method and login device for detecting user login environment | |
| CN114915427A (en) | Access control method, device, equipment and storage medium | |
| CN116996238A (en) | Processing method and related device for network abnormal access | |
| CN114024957A (en) | Method for carrying out risk judgment on user behavior in zero trust architecture | |
| CN116132196B (en) | Safety transmission method for social security platform data | |
| CN117390708B (en) | Privacy data security protection method and system | |
| CN117371048B (en) | Remote access data processing method, device, equipment and storage medium | |
| CN109510828B (en) | Method and system for determining threat disposal effect in network | |
| RU2757651C1 (en) | Method for creating and applying an application interaction rule on an iot device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Tu Jie Inventor after: Sun Wufeng Inventor after: Hu Xinli Inventor after: Yan Keda Inventor after: Yu Liangjun Inventor after: Chen Geng Inventor after: Gui Lin Inventor after: Zhu Xinqiao Inventor before: Tu Jie Inventor before: Sun Wufeng Inventor before: Hu Xinli Inventor before: Yan Keda Inventor before: Yu Liangjun Inventor before: Chen Geng Inventor before: Gui Lin Inventor before: Zhu Xinqiao |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |