CN117614978A - Information security communication management system for digital workshop - Google Patents

Abstract

The invention discloses an information security communication management system for a digital workshop, and particularly relates to the technical field of information security, comprising an information acquisition module, an information processing module, an information transmission module, an information authentication module, an information storage module and an information monitoring module; constructing a relational context network through an information transmission module, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high-importance level data and low-importance level data to target equipment according to the data transmission path; the identity and the authority of the user can be effectively verified through the information authentication module, and whether data transmission and operation execution are allowed or not is judged according to the authority requirement; the information transmission and storage processes are monitored in real time through the information monitoring module, abnormal behaviors and safety events are detected, corresponding measures are taken for processing and alarming, and the information safety communication risk of workshops is reduced.

Description

Information security communication management system for digital workshop

Technical Field

The invention relates to the technical field of information security, in particular to an information security communication management system for a digital workshop.

Background

With the advent of industry 4.0, the digitizing shop has become an important component of modern manufacturing; however, the information security problem of the digital workshop is also increasingly prominent, and how to effectively ensure the secure transmission and storage of information becomes an important problem.

The existing information security communication management system for the digital workshop can provide security measures such as encryption and authentication, ensure confidentiality and integrity of data in the transmission and storage processes, and effectively prevent unauthorized access and data tampering. However, it is mainly focused on security protection in terms of users and data, and may lead to a decrease in data transmission efficiency in the face of a large data amount, and at the same time, maintenance costs of the system may be relatively high; therefore, the existing information security communication management system cannot meet the requirement of the digital workshop on information security communication management.

Disclosure of Invention

In order to overcome the defects in the prior art, the invention provides an information safety communication management system for a digital workshop, which is characterized in that an information acquisition module is used for acquiring production data of the digital workshop by using a sensor, a wireless communication technology is used for replacing wired wiring, the complexity and maintenance cost of the system are reduced, and the wireless communication technology has better flexibility and can adapt to the change of workshop layout; the acquired production data is processed and analyzed in real time through the information processing module, the parameter importance degree coefficient is calculated, the production data is divided into high importance level data and low importance level data according to the parameter importance degree coefficient, and the data transmission and access authority of a higher security level are ensured to be distributed to the most important production data; the information transmission module is used for constructing a relational context network, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high-importance level data and low-importance level data to target equipment according to the data transmission path, so that hierarchical transmission of production data is realized, and data transmission efficiency is improved; the identity and the authority of the user can be effectively verified through the information authentication module, and whether data transmission and operation execution are allowed or not is judged according to the authority requirement, so that the safety and the credibility of production data are ensured; the information is safely stored through the information storage module, so that information leakage is prevented; the information transmission and storage processes are monitored in real time through the information monitoring module, abnormal behaviors and safety events are detected, corresponding measures are taken for processing and alarming, and the information safety communication risk of workshops is reduced, so that the problems in the background technology are solved.

In order to achieve the above purpose, the present invention provides the following technical solutions: an information security communication management system for a digitizing shop, comprising:

and the information acquisition module is used for: the production data acquisition module is used for acquiring production data of the digital workshop in real time; the production data comprises, but is not limited to, processing, testing, maintenance, personnel and implementation data of each link of the material; the implementation data includes, but is not limited to, equipment operating state, operating process parameters, energy consumption, and environmental parameters;

an information processing module: the method is used for processing and analyzing the acquired production data in real time by adopting a data analysis algorithm and an artificial intelligence technology, calculating parameter importance degree coefficients, and dividing the production data into high importance level data and low importance level data according to the parameter importance degree coefficients;

and an information transmission module: the method comprises the steps of recording departments of a digital workshop as flow nodes, constructing a relation context network according to the flow nodes, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high and low importance level data to target equipment according to the data transmission path; the relation context network, specifically refers to a network structure formed by the mutual connection of data flow between nodes;

and an information authentication module: the method comprises the steps of performing authority authentication on requests initiated by flow nodes, and judging whether the requests of the flow nodes accord with the authority of current production data;

an information storage module: the system comprises a user identity library, a process node authority library and a database, wherein the user identity library, the process node authority library and the database are used for safely storing information;

and the information monitoring module: the system is used for monitoring the information transmission and storage process in real time, detecting abnormal behaviors and safety events, and adopting corresponding measures to process and alarm.

In a preferred embodiment, the specific processing procedure of the information processing module is as follows:

a1, cleaning, denoising and correcting the acquired production data, and ensuring the accuracy and consistency of the data;

a2, extracting features from the cleaned data; the characteristics comprise a temperature change rate, a pressure change rate, a speed change rate, equipment operation time, equipment fault occurrence times, a temperature average value, a pressure average value, a flow average value, error code frequency distribution and abnormal event frequency distribution;

a3, normalizing the temperature change rate, the pressure change rate, the speed change rate, the equipment operation time, the equipment failure occurrence times, the temperature average value, the pressure average value and the flow average value; converting the error code frequency distribution and the abnormal event frequency distribution into a digitized format using one-hot encoding;

a4, taking the characteristics as independent variables, taking production data as target variables, and constructing a decision tree model by using a decision tree algorithm;

a5, inputting the characteristics and the target variables into a decision tree model by using a training data set, and training the model; extracting parameter importance degree coefficients corresponding to each feature from the trained decision tree model; the parameter importance degree coefficient is used for measuring the importance degree of each feature on the production data;

and A6, dividing the production data into different importance levels according to the parameter importance degree coefficients so as to determine the security transmission level and the permission requirement of the data.

In a preferred embodiment, the calculation formula of the parameter importance coefficient is:

η= ≡ (Tzj ×gjdx) +≡ (IRj ×hjdx); wherein Tzj and IRj respectively represent weight factors of each item, hj represents an information gain ratio of a j-th node,

x represents an argument and τ represents a regularization parameter for controlling the accuracy of the calculation; gj represents the decrease in the base index of the j-th node,

n and m represent the number of rows and columns of the sample, pli and pi represent the actual observations and the overall mean, respectively, and pi-pli pi represents the absolute value of the difference between the observations and the overall mean.

In a preferred embodiment, the production data are divided into different importance levels according to the parameter importance coefficients, and the processing is as follows:

a61, setting a threshold according to the parameter importance degree coefficient; wherein the threshold may be determined based on a priori knowledge, business requirements, or by experimentation and verification;

a62, according to the magnitude of the parameter importance degree coefficient, carrying out descending order sequencing on the features to obtain a sequence, namely, the sequence represents the features from the most important features to the least important features;

a63, dividing the production data into high and low importance level data based on a threshold value according to the sequence;

a64, determining proper security transmission level and authority requirements according to the high and low importance level data, and storing the security transmission level and the authority requirements in a process node authority library; the process node authority library comprises authority lists and permission rules of all process nodes.

In a preferred embodiment, the specific processing procedure of the information transmission module is as follows:

b1, constructing a relation context network according to flow nodes of each department of the digital workshop, and determining a data flow relation among the flow nodes;

b2, determining a data transmission path and target equipment according to the relation context network, and configuring related network parameters including an IP address and a port number;

and B3, transmitting the data to the target equipment according to the determined data transmission path according to the security transmission level and the permission requirements corresponding to the high and low importance level data.

In a preferred embodiment, the data transmission path and the target device are determined according to the relational context network, and the processing procedure is as follows:

b21, determining target transmission data and target equipment according to the relation context network and the service requirement; the target devices include, but are not limited to, a data storage server, a production monitoring system, and an analysis platform;

b22, evaluating the network connection quality among the process nodes, and ensuring that the network connection can meet the requirement of data transmission; the calculation formula of the network connection quality Q is as follows:

where Wlv denotes the path length between all node pairs, R is the number of node pairs, specifically any two nodes, delta ² Representing the number, delta, of edges present between neighboring nodes of a node ^-2 Representing the number of edges that may exist between neighboring nodes of a node, wk representing network bandwidth, λ representing an impact factor including, but not limited to, packet loss rate, transmission delay time of data from a source node to a target device, r1, r2, r3 representing scaling coefficients of the respective items, respectively;

b23, designing a data transmission path based on the relation context network, and selecting a transmission path with highest network connection quality for each source node as a transmission path from the source node to the target device, wherein the transmission path comprises an intermediate node and network equipment;

b24, configuring relevant network parameters including IP address and port number to ensure correct routing and accessibility of data in the transmission process.

In a preferred embodiment, the specific processing procedure of the information authentication module is as follows:

c1, establishing a user identity library, including user registration, identity verification and authority allocation; maintaining a permission list and permission rules of the process nodes in the process node permission library;

c2, comparing the request with the authority of the process node according to the authority requirements corresponding to the high and low importance level data, and judging whether the current production data authority requirements are met; if yes, the authentication is successful, otherwise, the authentication is failed;

c3, determining whether to allow data transmission and operation execution according to the authentication result; for a request for successful authentication, allowing data transmission and operation execution; access is denied or other security measures are taken for requests for authentication failures.

In a preferred embodiment, the specific processing procedure of the information monitoring module is as follows:

d1, continuously monitoring the transmission speed, the transmission interruption condition and the state of the storage equipment to ensure the normal operation of information transmission and storage;

d2, carrying out real-time analysis on the generated logs by a real-time log analysis technology;

d3, setting up a risk score model, and calculating a risk score P;

d4, judging and comparing the risk score P with a predefined risk score threshold value P, if the risk score P is more than or equal to the threshold value P, indicating that the risk exceeds the standard, immediately sending an alarm, and sending a notification to related personnel; and conversely, the risk is within a controllable range.

In a preferred embodiment, the risk score model is set up to calculate a risk score P; the treatment process is as follows:

d31, marking all abnormal behaviors and security events according to real-time log analysis results;

d32, defining severity, frequency and influence range indexes according to event attributes;

d33, assigning an appropriate weight to each index, and for each event, performing weighted summation calculation according to the defined index and the weight to obtain a comprehensive risk score P, wherein p=α× Zau +β× Zbu +γ× Zcu, zau represents a severity score, zbu represents a frequency score, zcu represents an influence range score, and α, β, γ represent weights of each index.

The invention has the technical effects and advantages that:

the invention uses the sensor to collect the production data of the digital workshop through the information collection module, adopts the wireless communication technology to replace the wired wiring, reduces the complexity and maintenance cost of the system, has better flexibility and can adapt to the change of the workshop layout; the acquired production data is processed and analyzed in real time by an information processing module by adopting a data analysis algorithm and an artificial intelligence technology, a parameter importance degree coefficient is calculated, the production data is divided into high and low importance grade data according to the parameter importance degree coefficient, and the data transmission and access authority of a higher security grade are ensured to be distributed to the most important production data; the information transmission module is used for constructing a relational context network, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high-importance level data and low-importance level data to target equipment according to the data transmission path, so that hierarchical transmission of production data is realized, and data transmission efficiency is improved; the identity and the authority of the user can be effectively verified through the information authentication module, and whether data transmission and operation execution are allowed or not is judged according to the authority requirement, so that the safety and the credibility of production data are ensured; the information is safely stored through the information storage module, so that information leakage is prevented; the information transmission and storage processes are monitored in real time through the information monitoring module, abnormal behaviors and safety events are detected, corresponding measures are taken for processing and alarming, and the information safety communication risk of workshops is reduced.

Drawings

Fig. 1 is a block diagram showing the overall structure of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The invention provides an information security communication management system for a digital workshop, which is shown in fig. 1, and comprises an information acquisition module, an information processing module, an information transmission module, an information authentication module, an information storage module and an information monitoring module;

the information acquisition module is used for acquiring production data of the digital workshop in real time; the production data comprises, but is not limited to, processing, testing, maintenance, personnel and implementation data of each link of the material; the implementation data includes, but is not limited to, equipment operating state, operating process parameters, energy consumption, and environmental parameters; the information acquisition module adopts a wireless communication technology, so that the terminal structure is simplified, and complex and inflexible field wiring is replaced;

the implementation needs to specifically explain that the specific acquisition mode of the information acquisition module is as follows: the data of each link is collected in real time through a sensor; the collected data are integrated and converted, then are uniformly processed by an information collection module, and then are accurately and real-timely transmitted, analyzed and stored and uploaded to an upper system; the design not only realizes the networking of production equipment, but also builds an exchange platform of the comprehensive data of the workshop production site, and provides important data support for the intelligent manufacturing management link;

the information processing module is used for processing and analyzing the acquired production data in real time by adopting a data analysis algorithm and an artificial intelligence technology, calculating parameter importance degree coefficients, and dividing the production data into high importance level data and low importance level data according to the parameter importance degree coefficients;

the implementation needs to specifically explain that the specific processing procedure of the information processing module is as follows:

a1, cleaning, denoising and correcting the acquired production data, and ensuring the accuracy and consistency of the data; the method for cleaning, denoising and correcting the collected production data belongs to the prior art means, so the embodiment does not make a specific description;

a2, extracting features from the cleaned data; the characteristics comprise a temperature change rate, a pressure change rate, a speed change rate, equipment operation time, equipment fault occurrence times, a temperature average value, a pressure average value, a flow average value, error code frequency distribution and abnormal event frequency distribution;

a3, normalizing the temperature change rate, the pressure change rate, the speed change rate, the equipment operation time, the equipment failure occurrence times, the temperature average value, the pressure average value and the flow average value; converting the error code frequency distribution and the abnormal event frequency distribution into a digitized format using one-hot encoding; wherein normalization is to provide a range of values that are similar between features;

a4, taking the characteristics as independent variables, taking production data as target variables, constructing a decision tree model by using a decision tree algorithm, and constructing the model by using an existing machine learning library, wherein the model belongs to the prior art means, so that the embodiment does not make specific description;

a5, inputting the characteristics and the target variables into a decision tree model by using a training data set, and training the model; extracting parameter importance degree coefficients corresponding to each feature from the trained decision tree model; the parameter importance degree coefficient is used for measuring the importance degree of each feature on the production data; the calculation formula of the parameter importance degree coefficient is as follows:

η= ≡ (Tzj ×gjdx) +≡ (IRj ×hjdx); wherein Tzj and IRj respectively represent weight factors of each item, hj represents an information gain ratio of a j-th node,

x represents an argument and τ represents a regularizationParameters for controlling the accuracy of the calculation; gj represents the decrease in the base index of the j-th node,

n and m represent the number of rows and columns of the sample respectively, pli and pi represent the actual observed value and the overall mean value respectively, and pi-pli| represents the absolute value of the difference between the observed value and the overall mean value;

a6, dividing the production data into different importance levels according to the parameter importance degree coefficients so as to determine the security transmission level and the permission requirement of the data; the treatment process is as follows:

a61, setting a threshold according to the parameter importance degree coefficient; wherein the threshold may be determined based on a priori knowledge, business requirements, or by experimentation and verification;

a62, according to the magnitude of the parameter importance degree coefficient, carrying out descending order sequencing on the features to obtain a sequence, namely, the sequence represents the features from the most important features to the least important features;

a63, dividing the production data into high and low importance level data based on a threshold value according to the sequence;

a64, determining proper security transmission level and authority requirements according to the high and low importance level data, and storing the security transmission level and the authority requirements in a process node authority library; the process node authority library comprises authority lists and permission rules of all process nodes; for example, data of a high level of importance may require a higher level of encryption and access control, while data of a low level of importance may employ looser security requirements;

it should be noted that the features of the higher parameter importance coefficients may correspond to critical production parameters or critical process variables, while the features of the lower parameter importance coefficients may correspond to less critical information, so that the classification of the production data into different importance levels according to the parameter importance coefficients may ensure that data transmission and access rights of higher security levels are assigned to those most important production data;

the information transmission module is used for marking each department of the digital workshop as a flow node, constructing a relation context network according to each flow node, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high and low importance level data to target equipment according to the data transmission path; the relation context network, specifically refers to a network structure formed by the mutual connection of data flow between nodes; real-time states and data changes of all links in the production process can be comprehensively and accurately reflected through the relational context network;

the implementation needs to specifically explain that the specific processing procedure of the information transmission module is as follows:

b1, constructing a relation context network according to flow nodes of each department of the digital workshop, and determining a data flow relation among the flow nodes;

b2, determining a data transmission path and target equipment according to the relation context network, and configuring related network parameters including an IP address and a port number; the treatment process is as follows:

b21, determining target transmission data and target equipment according to the relation context network and the service requirement; the target devices include, but are not limited to, a data storage server, a production monitoring system, and an analysis platform;

b22, evaluating the network connection quality among the process nodes, and ensuring that the network connection can meet the requirement of data transmission; the calculation formula of the network connection quality Q is as follows:

where Wlv denotes the path length between all node pairs, R is the number of node pairs, specifically any two nodes, delta ² Representing the number, delta, of edges present between neighboring nodes of a node ^-2 Representing the number of edges that may exist between neighboring nodes of a node, wk representing the network bandwidth, λ representing an impact factor including, but not limited to, packet loss rate, delay time of data transmission from a source node to a target device, r1, r2, r3 respectively representing the scaling coefficients of the terms, the magnitude of the scaling coefficients being obtained by quantizing the various parametersThe specific numerical value of the (2) is convenient for subsequent comparison, and the size of the proportionality coefficient is only required to be not influenced by the proportionality relation between the parameter and the quantized numerical value;

b23, designing a data transmission path based on the relation context network, and selecting a transmission path with highest network connection quality for each source node as a transmission path from the source node to the target device, wherein the transmission path comprises an intermediate node and network equipment;

b24, configuring relevant network parameters including IP addresses and port numbers to ensure correct routing and reachability of data in the transmission process;

b3, transmitting the data to the target equipment according to the determined data transmission path according to the security transmission level and the permission requirements corresponding to the high and low importance level data, so as to ensure the security of the data in the transmission process;

the information authentication module is used for carrying out authority authentication on the requests initiated by the flow nodes, judging whether the requests of the flow nodes accord with the authority of the current production data or not, and ensuring the authenticity and the integrity of the information;

the implementation needs to specifically explain that the specific processing procedure of the information authentication module is as follows:

c1, establishing a user identity library, including user registration, identity verification and authority allocation; maintaining a permission list and permission rules of the process nodes in the process node permission library;

c2, comparing the request with the authority of the process node according to the authority requirements corresponding to the high and low importance level data, and judging whether the current production data authority requirements are met; if yes, the authentication is successful, otherwise, the authentication is failed;

c3, determining whether to allow data transmission and operation execution according to the authentication result; for a request for successful authentication, allowing data transmission and operation execution; for authentication failure requests, access is denied or other security measures are taken;

the information authentication module can effectively verify the identity and the authority of the user, and judge whether to allow data transmission and operation execution according to the authority requirement, so that the safety and the credibility of production data are ensured;

the information storage module comprises a user identity library, a flow node authority library and a database, and is used for safely storing information and preventing information leakage;

before information is stored, encryption processing is performed on the data, so that the safety of the data on a storage medium is ensured, and even if the data is leaked, the data is difficult to read; selecting safe and reliable storage equipment, and adopting necessary physical and logical security measures to prevent unauthorized personnel from acquiring information in the storage equipment; setting access authority and role control, wherein only authenticated users can access and modify stored information; the stored information is backed up regularly to prevent data loss or damage;

the information monitoring module is used for monitoring the information transmission and storage process in real time, detecting abnormal behaviors and safety events, and adopting corresponding measures to process and alarm;

the implementation needs to specifically explain that the specific processing procedure of the information monitoring module is as follows:

d1, continuously monitoring the transmission speed, the transmission interruption condition and the state of the storage equipment to ensure the normal operation of information transmission and storage;

d2, carrying out real-time analysis on the generated logs through a real-time log analysis technology, wherein the real-time analysis comprises access log analysis, behavior log analysis, data integrity analysis and security event association analysis so as to detect unauthorized access, data tampering abnormal behaviors and security events; the real-time log analysis technology refers to technology for performing instant analysis, filtering and processing on logs generated in real time; the access log analysis specifically monitors and analyzes the IP address, the time stamp and the access path information of the user login and access request, and identifies abnormal access behaviors of the request from the unknown IP address or abnormal access frequency; the behavior log analysis specifically refers to analysis of user operation records, system events and exception logs, and detection of a large number of sensitive operations executed by a specific user in a short time or exception errors occurring in a system; the data integrity analysis specifically refers to monitoring a log of database operations and detecting whether unauthorized data modification operations or data tampering signs exist; the security event association analysis specifically refers to performing association analysis on data of different log sources, and finding association relations among a plurality of log events to identify potential security events and attack behaviors;

d3, setting up a risk score model, and calculating a risk score P; the treatment process is as follows:

d31, marking all abnormal behaviors and security events according to real-time log analysis results;

d32, defining severity, frequency and influence range indexes according to event attributes; defining a severity score, particularly based on the potential impact and consequences of the event, with more severe events being given a higher score; the frequency is determined according to the occurrence frequency of the event, and the frequently-occurring event obtains a higher score; defining an influence score according to the influence range of the event on the system or the service, wherein the event with a larger influence range obtains a higher score;

d33, allocating proper weight to each index, and carrying out weighted summation calculation according to defined indexes and weights for each event to obtain a comprehensive risk score P, wherein p=alpha× Zau +beta× Zbu +gamma× Zcu, zau represents a severity score, zbu represents a frequency score, zcu represents an influence range score, and alpha, beta and gamma represent weights of various indexes;

d4, judging and comparing the risk score P with a predefined risk score threshold value P, if the risk score P is more than or equal to the threshold value P, indicating that the risk exceeds the standard, immediately sending an alarm, and sending a notification to related personnel; otherwise, the risk is within a controllable range; the predefined risk score threshold P threshold may be specifically set according to a specific situation, and the specific data is not specifically limited in this embodiment.

Finally: the foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.

The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (9)

1. An information security communication management system for a digital workshop, characterized in that: comprising the following steps:

and the information acquisition module is used for: the production data acquisition module is used for acquiring production data of the digital workshop in real time; the production data comprises, but is not limited to, processing, testing, maintenance, personnel and implementation data of each link of the material; the implementation data includes, but is not limited to, equipment operating state, operating process parameters, energy consumption, and environmental parameters;

an information processing module: the method is used for processing and analyzing the acquired production data in real time by adopting a data analysis algorithm and an artificial intelligence technology, calculating parameter importance degree coefficients, and dividing the production data into high importance level data and low importance level data according to the parameter importance degree coefficients;

and an information transmission module: the method comprises the steps of recording departments of a digital workshop as flow nodes, constructing a relation context network according to the flow nodes, calculating network connection quality, acquiring a data transmission path of a source node according to the network connection quality, and safely transmitting high and low importance level data to target equipment according to the data transmission path; the relation context network, specifically refers to a network structure formed by the mutual connection of data flow between nodes;

and an information authentication module: the method comprises the steps of performing authority authentication on requests initiated by flow nodes, and judging whether the requests of the flow nodes accord with the authority of current production data;

an information storage module: the system comprises a user identity library, a process node authority library and a database, wherein the user identity library, the process node authority library and the database are used for safely storing information;

and the information monitoring module: the system is used for monitoring the information transmission and storage process in real time, detecting abnormal behaviors and safety events, and adopting corresponding measures to process and alarm.

2. An information security communication management system for a digitizing shop as claimed in claim 1, wherein: the specific processing procedure of the information processing module is as follows:

a1, cleaning, denoising and correcting the acquired production data, and ensuring the accuracy and consistency of the data;

a2, extracting features from the cleaned data; the characteristics comprise a temperature change rate, a pressure change rate, a speed change rate, equipment operation time, equipment fault occurrence times, a temperature average value, a pressure average value, a flow average value, error code frequency distribution and abnormal event frequency distribution;

a3, normalizing the temperature change rate, the pressure change rate, the speed change rate, the equipment operation time, the equipment failure occurrence times, the temperature average value, the pressure average value and the flow average value; converting the error code frequency distribution and the abnormal event frequency distribution into a digitized format using one-hot encoding;

a4, taking the characteristics as independent variables, taking production data as target variables, and constructing a decision tree model by using a decision tree algorithm;

a5, inputting the characteristics and the target variables into a decision tree model by using a training data set, and training the model; extracting parameter importance degree coefficients corresponding to each feature from the trained decision tree model; the parameter importance degree coefficient is used for measuring the importance degree of each feature on the production data;

and A6, dividing the production data into different importance levels according to the parameter importance degree coefficients so as to determine the security transmission level and the permission requirement of the data.

3. An information security communication management system for a digitizing shop as claimed in claim 2, wherein: the calculation formula of the parameter importance degree coefficient is as follows:

η= ≡ (Tzj ×gjdx) +≡ (IRj ×hjdx); wherein Tzj and IRj respectively represent weight factors of each item, hj represents an information gain ratio of a j-th node,

x represents an argument and τ represents a regularization parameter for controlling the accuracy of the calculation; gj represents the decrease in the base index of the j-th node,

n and m represent the number of rows and columns of the sample, pli and pi represent the actual observations and the overall mean, respectively, and pi-pli pi represents the absolute value of the difference between the observations and the overall mean.

4. An information security communication management system for a digitizing shop as claimed in claim 2, wherein: the production data are divided into different importance levels according to the parameter importance degree coefficients, and the processing process is as follows:

a61, setting a threshold according to the parameter importance degree coefficient; wherein the threshold may be determined based on a priori knowledge, business requirements, or by experimentation and verification;

a62, according to the magnitude of the parameter importance degree coefficient, carrying out descending order sequencing on the features to obtain a sequence, namely, the sequence represents the features from the most important features to the least important features;

a63, dividing the production data into high and low importance level data based on a threshold value according to the sequence;

a64, determining proper security transmission level and authority requirements according to the high and low importance level data, and storing the security transmission level and the authority requirements in a process node authority library; the process node authority library comprises authority lists and permission rules of all process nodes.

5. An information security communication management system for a digitizing shop as claimed in claim 1, wherein: the specific processing procedure of the information transmission module is as follows:

b1, constructing a relation context network according to flow nodes of each department of the digital workshop, and determining a data flow relation among the flow nodes;

b2, determining a data transmission path and target equipment according to the relation context network, and configuring related network parameters including an IP address and a port number;

and B3, transmitting the data to the target equipment according to the determined data transmission path according to the security transmission level and the permission requirements corresponding to the high and low importance level data.

6. An information security communication management system for a digitizing shop as claimed in claim 5, wherein: the data transmission path and the target equipment are determined according to the relation context network, and the processing procedure is as follows:

b21, determining target transmission data and target equipment according to the relation context network and the service requirement; the target devices include, but are not limited to, a data storage server, a production monitoring system, and an analysis platform;

b22, evaluating the network connection quality among the process nodes, and ensuring that the network connection can meet the requirement of data transmission; the calculation formula of the network connection quality Q is as follows:

where Wlv denotes the path length between all node pairs, R is the number of node pairs, specifically any two nodes, delta ² Representing the number, delta, of edges present between neighboring nodes of a node ^-2 Representing the number of edges that may exist between neighboring nodes of a node, wk representing network bandwidth, λ representing an impact factor including, but not limited to, packet loss rate, transmission delay time of data from a source node to a target device, r1, r2, r3 representing scaling coefficients of the respective items, respectively;

b23, designing a data transmission path based on the relation context network, and selecting a transmission path with highest network connection quality for each source node as a transmission path from the source node to the target device, wherein the transmission path comprises an intermediate node and network equipment;

b24, configuring relevant network parameters including IP address and port number to ensure correct routing and accessibility of data in the transmission process.

7. An information security communication management system for a digitizing shop as claimed in claim 1, wherein: the specific processing procedure of the information authentication module is as follows:

c1, establishing a user identity library, including user registration, identity verification and authority allocation; maintaining a permission list and permission rules of the process nodes in the process node permission library;

c2, comparing the request with the authority of the process node according to the authority requirements corresponding to the high and low importance level data, and judging whether the current production data authority requirements are met; if yes, the authentication is successful, otherwise, the authentication is failed;

c3, determining whether to allow data transmission and operation execution according to the authentication result; for a request for successful authentication, allowing data transmission and operation execution; access is denied or other security measures are taken for requests for authentication failures.

8. An information security communication management system for a digitizing shop as claimed in claim 1, wherein: the specific processing procedure of the information monitoring module is as follows:

d1, continuously monitoring the transmission speed, the transmission interruption condition and the state of the storage equipment to ensure the normal operation of information transmission and storage;

d2, carrying out real-time analysis on the generated logs by a real-time log analysis technology;

d3, setting up a risk score model, and calculating a risk score P;

d4, judging and comparing the risk score P with a predefined risk score threshold value P, if the risk score P is more than or equal to the threshold value P, indicating that the risk exceeds the standard, immediately sending an alarm, and sending a notification to related personnel; and conversely, the risk is within a controllable range.

9. An information security communication management system for a digitizing shop as claimed in claim 8, wherein: setting up a risk score model, and calculating a risk score P; the treatment process is as follows:

d31, marking all abnormal behaviors and security events according to real-time log analysis results;

d32, defining severity, frequency and influence range indexes according to event attributes;

d33, assigning an appropriate weight to each index, and for each event, performing weighted summation calculation according to the defined index and the weight to obtain a comprehensive risk score P, wherein p=α× Zau +β× Zbu +γ× Zcu, zau represents a severity score, zbu represents a frequency score, zcu represents an influence range score, and α, β, γ represent weights of each index.