WO2023051455A1

WO2023051455A1 - Method and apparatus for training trust model

Info

Publication number: WO2023051455A1
Application number: PCT/CN2022/121297
Authority: WO
Inventors: 康鑫; 王海光; 朱成康; 李铁岩
Original assignee: 华为技术有限公司
Priority date: 2021-09-28
Filing date: 2022-09-26
Publication date: 2023-04-06
Also published as: CN115878991A

Abstract

Provided are a method and apparatus for training a trust model, which belong to the technical field of communications and the technical field of artificial intelligence. The method comprises: according to feature data of a plurality of network devices and a threshold condition, determining label data of each first network device among the plurality of network devices, the plurality of network devices comprising at least one first network device and a plurality of second network devices; dividing the plurality of second network devices into a preset number of clustering groups, and obtaining label data corresponding to each clustering group as label data of each second network device in each clustering group; and updating parameters of a trust model according to the feature data of the plurality of network devices and the label data. The method combines threshold and clustering methods to determine the label data of the plurality of network devices, which may reduce labor costs of labeling network devices.

Description

一种信任模型的训练方法及装置A training method and device for a trust model

本申请要求于2021年09月28日提交中国国家知识产权局、申请号为2021111141934.3、申请名称为“一种信任模型的训练方法及装置”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the State Intellectual Property Office of China on September 28, 2021, with the application number 2021111141934.3, and the application name is "a training method and device for a trust model", the entire content of which is incorporated by reference in this application.

技术领域technical field

本申请涉及通信技术领域和人工智能技术领域，尤其涉及一种信任模型的训练方法及装置。The present application relates to the field of communication technology and the field of artificial intelligence technology, and in particular to a method and device for training a trust model.

背景技术Background technique

随着通信技术的快速发展，为了满足用户多样性的需求，通信网络中配置的网络设备越来越多。当网络设备与其他网络设备进行通信时，网络设备可能会受到其他网络设备的恶意攻击，导致网络设备无法使用。或者，网络设备自身的隐私数据可能会被其他网络设备通过非法的手段获得，导致网络设备的隐私数据被泄露。With the rapid development of communication technologies, more and more network devices are configured in communication networks in order to meet the diverse needs of users. When a network device communicates with other network devices, the network device may be maliciously attacked by other network devices, making the network device unusable. Or, the private data of the network device itself may be obtained by other network devices through illegal means, causing the private data of the network device to be leaked.

为此，现有技术通常采用基于机器学习的信任模型对各个网络设备的安全性进行评估，从而获得各个网络设备的信任级别。网络设备可以根据其他网络设备的信任级别确定是否与其进行通信。但是，基于机器学习的信任模型需要通过大量的标签数据进行训练获得，而且标签数据一般需要人工进行标注获得。因此，获取标签数据时，需要耗费很高的人工成本。To this end, the prior art usually uses a trust model based on machine learning to evaluate the security of each network device, so as to obtain the trust level of each network device. Network devices can determine whether to communicate with other network devices based on their trust levels. However, the trust model based on machine learning needs to be trained through a large amount of labeled data, and the labeled data generally needs to be manually labeled. Therefore, a high labor cost is required to obtain label data.

发明内容Contents of the invention

本申请提供了一种信任模型的训练方法及装置，采用阈值判决和算法聚类相结合的方法对网络设备进行打标签，从而减少获取训练信任模型的标签数据的人工成本。The present application provides a trust model training method and device, which uses a combination of threshold judgment and algorithm clustering to label network devices, thereby reducing labor costs for obtaining label data for training trust models.

第一方面，本申请提供了一种信任模型的训练方法。该方法包括：获取多个网络设备的通信数据；特征模型根据多个网络设备的通信数据，确定多个网络设备的特征数据；根据阈值条件和多个网络设备的特征数据，确定多个网络设备中每个第一网络设备的标签数据；多个网络设备包括至少一个第一网络设备和多个第二网络设备；标签数据指示网络设备的信任级别；将多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据作为每个聚类组中每个第二网络设备的标签数据；预设数目与信任级别的数量对应；根据多个网络设备的特征数据和标签数据更新信任模型的参数。In a first aspect, the present application provides a method for training a trust model. The method includes: acquiring communication data of a plurality of network devices; a characteristic model determining characteristic data of a plurality of network devices according to the communication data of a plurality of network devices; determining a plurality of network devices according to a threshold condition and characteristic data of a plurality of network devices label data of each first network device in the network; multiple network devices include at least one first network device and multiple second network devices; the label data indicates the trust level of the network device; multiple second network devices are divided into preset number of clustering groups, and obtain the label data corresponding to each clustering group as the label data of each second network device in each clustering group; the preset number corresponds to the number of trust levels; according to the number of multiple network devices Feature data and label data update the parameters of the trust model.

信任模型的训练样本包括多个网络设备的标签数据。网络设备的标签数据一般是通过人工对网络设备进行打标签获得。在网络设备较多，数量量较大的情况中，获取标签数据的成本增加，耗费的时间也比较长，导致训练模型的效率较低。The training samples of the trust model include label data of multiple network devices. Label data of network devices is generally obtained by manually labeling network devices. In the case of a large number of network devices and a large number of devices, the cost of obtaining label data increases and the time spent is relatively long, resulting in low efficiency of training models.

本申请信任模型的训练方法，首选使用阈值条件确定多个网络设备中的第一网络设备的标签数据。然后，在将多个网络设备中的第二网络设备进行聚类获得聚类组，将人工对每一个聚类组打的标签作为聚类组中各第二网络设备的标签数据。由此，可以减少人工打标签的操作量，节省人工成本提高训练模型的效率。In the training method of the trust model of the present application, the threshold condition is firstly used to determine the tag data of the first network device among the plurality of network devices. Then, after clustering the second network devices among the plurality of network devices to obtain a cluster group, the label manually attached to each cluster group is used as label data of each second network device in the cluster group. As a result, the workload of manual labeling can be reduced, labor costs can be saved, and the efficiency of training models can be improved.

在一种可能的实施方式中，根据阈值条件和多个网络设备的特征数据，确定多个网络设备中每个第一网络设备的标签数据包括：当多个网络设备中网络设备的特征数据满足阈值条件时，确定网络设备为第一网络设备；获取阈值条件对应的标签数据作为第一网络设备的标签数据。In a possible implementation manner, according to the threshold condition and the characteristic data of the plurality of network devices, determining the label data of each first network device in the plurality of network devices includes: when the characteristic data of the network device in the plurality of network devices satisfies When the threshold condition is met, it is determined that the network device is the first network device; and the label data corresponding to the threshold condition is acquired as the label data of the first network device.

使用阈值条件确定第一网络设备的标签，可以减少后续聚类过程中的数据处理量。Using the threshold condition to determine the label of the first network device can reduce the amount of data processing in the subsequent clustering process.

在一种可能的实施方式中，阈值条件包括：特征数据小于第一阈值，和/或特征数据大于第二阈值。In a possible implementation manner, the threshold condition includes: the feature data is smaller than a first threshold, and/or the feature data is larger than a second threshold.

对网络设备进行聚类时，希望尽可能将信任级别相似的网路设备成为一个聚类组，同时希望避免一个聚类组中的设备数量较少。上述示出的阈值条件则可以避免一个网络设备的特征数据由于太大或者太小，而在聚类的过程中独立成为一个聚类组的情况出现，影响聚类结果。When clustering network devices, it is hoped that network devices with similar trust levels can be formed into a cluster group as much as possible, and at the same time, it is hoped to avoid a small number of devices in a cluster group. The threshold condition shown above can prevent the characteristic data of a network device from becoming a clustering group independently during the clustering process due to being too large or too small, thereby affecting the clustering result.

在一种可能的实施方式中，通信数据包括：数据传输成功次数和数据传输失败次数，所述特征数据包括：数据传输成功率。In a possible implementation manner, the communication data includes: data transmission success times and data transmission failure times, and the feature data includes: data transmission success rate.

第二方面，本申请提供了一种信任评估方法。该方法包括：获取网络设备的的通信数据；特征模型根据网络设备的通信数据确定网络设备的特征数据；信任模型根据网络设备的特征数据，确定网络设备的信任级别。其中，信任模型通过本申请第一方面所提供的信任模型训练方法训练得到。In the second aspect, the present application provides a trust evaluation method. The method includes: acquiring communication data of the network equipment; a characteristic model determining the characteristic data of the network equipment according to the communication data of the network equipment; and a trust model determining the trust level of the network equipment according to the characteristic data of the network equipment. Wherein, the trust model is trained by the trust model training method provided in the first aspect of the present application.

在一种可能的实施方式中，信任评估方法还包括：将网络设备的信任级别存储在区块链中。In a possible implementation manner, the trust evaluation method further includes: storing the trust level of the network device in a block chain.

在一种可能的实施方式中，信任评估方法还包括：将网络设备的信任级别对应的哈希值存储在区块链中，以及将网络设备的信任级别存储在存储***中。In a possible implementation manner, the trust evaluation method further includes: storing a hash value corresponding to the trust level of the network device in a blockchain, and storing the trust level of the network device in a storage system.

在一种可能的实施方式中，信任评估方法还包括：广播网络设备的信任级别。In a possible implementation manner, the trust evaluation method further includes: broadcasting the trust level of the network device.

第三方面，本申请还提供一种信任模型的训练装置。该装置包括：获取模块、特征提取模块、第一确定模块、第二确定模块和训练模块。In a third aspect, the present application also provides a training device for a trust model. The device includes: an acquisition module, a feature extraction module, a first determination module, a second determination module and a training module.

其中，获取模块用于获取多个网络设备的通信数据。Wherein, the obtaining module is used for obtaining communication data of multiple network devices.

其中，特征提取模块用于利用特征模型根据所述多个网络设备的通信数据，确定所述多个网络设备的特征数据。Wherein, the feature extraction module is used to determine the feature data of the multiple network devices according to the communication data of the multiple network devices by using a feature model.

其中，第一确定模块用于根据阈值条件和多个网络设备的特征数据，确定多个网络设备中每个第一网络设备的标签数据；多个网络设备包括至少一个第一网络设备和多个第二网络设备；标签数据指示网络设备的信任级别。Wherein, the first determination module is used to determine the label data of each first network device in the plurality of network devices according to the threshold condition and the characteristic data of the plurality of network devices; the plurality of network devices include at least one first network device and a plurality of A second network device; the tag data indicates a trust level of the network device.

其中，第二确定模块用于将多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据，作为每个聚类组中的第二网络设备的标签数据；预设数目与信任级别的数量对应。Wherein, the second determination module is used to divide the plurality of second network devices into a preset number of cluster groups, and obtain the label data corresponding to each cluster group as the second network device in each cluster group. Tag data; the preset number corresponds to the number of trust levels.

其中，训练模块用于根据多个网络设备的特征数据和标签数据，更新信任模型的参数。Wherein, the training module is used to update the parameters of the trust model according to the feature data and label data of multiple network devices.

在一种可能的实施方式中，第一确定模块具体用于：当多个网络设备中网络设备的特征数据满足阈值条件时，确定网络设备为第一网络设备；并获取阈值条件对应的标签数据作为第一网络设备的标签数据。In a possible implementation manner, the first determination module is specifically configured to: determine that the network device is the first network device when the characteristic data of the network device among the plurality of network devices meets the threshold condition; and obtain label data corresponding to the threshold condition As the label data of the first network device.

在一种可能的实施方式中，通信数据包括：数据传输成功次数和数据传输失败次数，特征数据包括：数据传输成功率。In a possible implementation manner, the communication data includes: data transmission success times and data transmission failure times, and the feature data includes: data transmission success rate.

第四方面，本申请还提供一种信任评估装置。该装置包括：获取模块、特征提取模块和评估模块。In a fourth aspect, the present application further provides a trust evaluation device. The device includes: an acquisition module, a feature extraction module and an evaluation module.

其中，获取模块用于获取网络设备的通信数据。Wherein, the obtaining module is used for obtaining communication data of the network device.

其中，特征提取模块用于利用特征模型根据所述网络设备的通信数据，确定所述网络设备的特征数据。Wherein, the feature extraction module is used to determine the feature data of the network device according to the communication data of the network device by using a feature model.

其中，评估模块用于利用信任模型根据所述网络设备的特征数据，确定所述网络设备的信任级别。Wherein, the evaluation module is used to determine the trust level of the network device according to the characteristic data of the network device by using a trust model.

在一种可能的实施方式中，评估模块还用于：将所述网络设备的信任级别存储在区块链中；或者，将所述网络设备的信任级别对应的哈希值存储在所述区块链中，以及将所述网络设备的信任级别存储在存储***中；或者，广播所述网络设备的信任级别。In a possible implementation manner, the evaluation module is further configured to: store the trust level of the network device in the block chain; or store the hash value corresponding to the trust level of the network device in the block chain block chain, and store the trust level of the network device in the storage system; or broadcast the trust level of the network device.

第五方面，本申请还提供一种计算设备。该计算设备包括：处理器和存储器。处理器用于执行存储于存储器内的计算机程序，以执行本申请第一方面及其可能的实施方式中的任一方法，或者执行本申请第二方面及其可能的实施方式中的任一方法。In a fifth aspect, the present application further provides a computing device. The computing device includes: a processor and a memory. The processor is used to execute the computer program stored in the memory to execute any method in the first aspect of the present application and its possible implementations, or to execute any method in the second aspect of the application and its possible implementations.

第六方面，本申请还提供一种计算机可读存储介质。计算机可读存储介质包括指令，当指令在计算机上运行时，使得计算机执行本申请第一方面及其可能的实施方式中的任一方法，或者本申请第二方面及其可能的实施方式中的任一方法。In a sixth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium includes instructions. When the instructions are run on the computer, the computer is made to execute any method in the first aspect of the application and its possible implementations, or any method in the second aspect of the application and its possible implementations. either method.

第六方面，本申请还提供一种计算机程序产品。计算机程序产品包括程序代码，当计算机运行计算机程序产品时，使得计算机执行本申请第一方面及其可能的实施方式中的任一方法，或者本申请第二方面及其可能的实施方式中的任一方法。In a sixth aspect, the present application further provides a computer program product. The computer program product includes program code. When the computer runs the computer program product, it causes the computer to execute any method in the first aspect of the application and its possible implementations, or any method in the second aspect of the application and its possible implementations. One method.

上述提供的任一种装置、计算设备或计算机可读存储介质或计算机程序产品，均用于执行上文所提供的方法，因此，其所能达到的有益效果可参考上文提供的对应方法中的对应方案的有益效果，此处不再赘述。Any device, computing device, computer-readable storage medium or computer program product provided above is used to execute the method provided above, therefore, the beneficial effects that it can achieve can refer to the corresponding method provided above The beneficial effects of the corresponding solution will not be repeated here.

附图说明Description of drawings

图1是本申请实施例提供的一种异构网络的结构示意图；FIG. 1 is a schematic structural diagram of a heterogeneous network provided by an embodiment of the present application;

图2是本申请实施例提供的一种信任模型的训练方法流程图；Fig. 2 is a flow chart of a training method for a trust model provided by an embodiment of the present application;

图3是本申请实施例提供的一种对网络设备进行信任评估的方法流程图；FIG. 3 is a flow chart of a method for trust assessment of network devices provided by an embodiment of the present application;

图4是本申请实施例提供的一种网络设备的通信方法流程图；FIG. 4 is a flowchart of a communication method for a network device provided in an embodiment of the present application;

图5是本申请实施例提供的另一种网络设备的通信方法流程图；FIG. 5 is a flow chart of another communication method of a network device provided in an embodiment of the present application;

图6是本申请实施例提供的另一种网络设备的通信方法流程图；FIG. 6 is a flowchart of another communication method of a network device provided in an embodiment of the present application;

图7是本申请实施例提供的一种信任模型的训练装置的结构示意图；FIG. 7 is a schematic structural diagram of a training device for a trust model provided by an embodiment of the present application;

图8是本申请实施例提供的一种信任评估装置的结构示意图；Fig. 8 is a schematic structural diagram of a trust evaluation device provided by an embodiment of the present application;

图9是本申请实施例提供的一种计算设备的结构示意图。FIG. 9 is a schematic structural diagram of a computing device provided by an embodiment of the present application.

具体实施方式Detailed ways

为了使本申请实施例的目的、技术方案和优点更加清楚，下面将结合附图，对本申请实施例中的技术方案进行描述。In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described below in conjunction with the accompanying drawings.

在本申请实施例的描述中，“示例性的”、“例如”或者“举例来说”等词用于表示作例子、例证或说明。本申请实施例中被描述为“示例性的”、“例如”或者“举例来说”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言，使用“示例性的”、“例如”或者“举例来说”等词旨在以具体方式呈现相关概念。In the description of the embodiments of the present application, words such as "exemplary", "for example" or "for example" are used to represent examples, illustrations or illustrations. Any embodiment or design described as "exemplary", "for example" or "for example" in the embodiments of the present application shall not be construed as being more preferred or more advantageous than other embodiments or designs. Rather, the use of words such as "exemplary", "for example" or "for example" is intended to present related concepts in a specific manner.

在本申请实施例的描述中，术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，单独存在B，同时存在A和B这三种情况。另外，除非另有说明，术语“多个”的含义是指两个或两个以上。例如，多个***是指两个或两个以上的***，多个屏幕终端是指两个或两个以上的屏幕终端。In the description of the embodiments of the present application, the term "and/or" is only an association relationship describing associated objects, indicating that there may be three relationships, for example, A and/or B may indicate: A exists alone, A exists alone There is B, and there are three cases of A and B at the same time. In addition, unless otherwise specified, the term "plurality" means two or more. For example, multiple systems refer to two or more systems, and multiple screen terminals refer to two or more screen terminals.

此外，术语“第一”、“第二”仅用于描述目的，而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征。由此，限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”，除非是以其他方式另外特别强调。。In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be understood as indicating or implying relative importance or implicitly specifying indicated technical features. Thus, a feature defined as "first" and "second" may explicitly or implicitly include one or more of these features. The terms "including", "comprising", "having" and variations thereof mean "including but not limited to", unless specifically stated otherwise. .

为了更好的理解本申请的实施例，下面先对通信网络做简要介绍。In order to better understand the embodiments of the present application, a brief introduction to the communication network is given below.

通信网络是指将各个孤立的设备进行物理连接，实现人与人，人与计算机，计算机与计算机之间进行信息交换的链路，从而达到资源共享和通信的目的。通信网络中包含位于用户侧的网络设备、位于云端的服务器、以及连接网络设备和服务器的交换机、路由器和基站等。Communication network refers to the physical connection of various isolated devices to realize the link of information exchange between people, people and computers, and computers, so as to achieve the purpose of resource sharing and communication. The communication network includes network devices on the user side, servers on the cloud, and switches, routers, and base stations connecting network devices and servers.

通信网络可以是采用相同接入技术的网络，例如蜂窝网络、互联网协议网络(Internet Protocol，IP，简称IP网络)和卫星网络等。网络设备可以是智能手表、智能手机、笔记本脑等。通信网络还可以是采用不同接入技术的两个或两个以上的单一网络高度融合的异构网络，还可以是采用相同的接入技术但属于不同的运营方的两个或两个以上的单一网络组成的异构网络。The communication network may be a network using the same access technology, such as a cellular network, an Internet Protocol network (Internet Protocol, IP, IP network for short), and a satellite network. Network devices can be smart watches, smartphones, laptops, etc. The communication network can also be a highly integrated heterogeneous network of two or more single networks using different access technologies, or it can be two or more networks using the same access technology but belonging to different operators. A heterogeneous network composed of a single network.

异构网络凭借其自身特有的优势，在通信领域中越来越重要。异构网络与独立封闭的蜂窝网络、IP网络和卫星网络等通信网络相比，异构网络可以扩大网络的覆盖范围，使得网络具有更强的可扩展性。异构网络还可以充分利用现有的网络资源，降低运营成本，增强竞争力。异构网络还可以向不同用户提供各种不同的服务，可以更好地满足网络用户的多样性需求。异构网络还可以提高网络的可靠性、抗攻击能力。With its own unique advantages, heterogeneous networks are becoming more and more important in the communication field. Compared with independent and closed communication networks such as cellular networks, IP networks, and satellite networks, heterogeneous networks can expand the coverage of the network and make the network more scalable. Heterogeneous networks can also make full use of existing network resources, reduce operating costs, and enhance competitiveness. Heterogeneous networks can also provide various services to different users, which can better meet the diverse needs of network users. Heterogeneous networks can also improve network reliability and anti-attack capabilities.

图1是本申请实施例提供的一种异构网络的结构示意图。如图1所示，该异构网络包括：网络1和网络2。其中，网络1可以是蜂窝网络，网络2可以是IP网络。可以理解，图1所示的结构仅仅是本申请实施例对异构网络的一种示例。FIG. 1 is a schematic structural diagram of a heterogeneous network provided by an embodiment of the present application. As shown in FIG. 1 , the heterogeneous network includes: a network 1 and a network 2 . Wherein, network 1 may be a cellular network, and network 2 may be an IP network. It can be understood that the structure shown in FIG. 1 is only an example of a heterogeneous network in this embodiment of the present application.

网路1和网络2中包括多个网络设备，例如，网络1中的设备1～3，网络2中的设备4～6。网络1中的设备1～3可以通过其中的基站进行通信。网络2中的设备4～6可以通过其中的路由器建立通信。网络1中的设备还可以与网络2中的设备进行通信。Network 1 and network 2 include multiple network devices, for example, devices 1-3 in network 1 and devices 4-6 in network 2. Devices 1-3 in network 1 can communicate through the base station therein. The devices 4-6 in the network 2 can establish communication through the routers therein. Devices on network 1 can also communicate with devices on network 2.

可选地，设备1～6可以是智能手机、平板电脑和笔记本电脑等设备等中的一种。Optionally, devices 1-6 may be one of devices such as smart phones, tablet computers, and notebook computers.

以网络3与设备6进行通信为例，如果设备6被人为操控去攻击设备3，会导致设备3中的隐私数据则会存在泄露的风险，或者导致设备3无法使用。Taking the communication between network 3 and device 6 as an example, if device 6 is artificially manipulated to attack device 3, there will be a risk of leaking private data in device 3, or making device 3 unusable.

为了提高异构网络中网络设备的安全性，当一个网络设备需要与其他网络设备进行通信时，该网络设备可以在确认其他网络设备是可信的状态下，再与其他网络设备进行通信。In order to improve the security of network devices in heterogeneous networks, when a network device needs to communicate with other network devices, the network device can communicate with other network devices after confirming that other network devices are trusted.

在一个示例中，网络设备可以根据其他网络设备的信任级别，确定其他网络设备是否可信。具体地，网络设备的信任级别可以使用信任模型对网络设备进行评估获得。其中，信任模型可以基于数学理论建立和基于机器学习建立。In an example, the network device may determine whether other network devices are trustworthy according to the trust level of other network devices. Specifically, the trust level of the network device may be obtained by evaluating the network device using a trust model. Among them, the trust model can be established based on mathematical theory and machine learning.

基于数学理论建立信任模型的方法，是采用数学理论建立表征网络设备之间信任关系的信任模型。此种建模方法存在两方面的问题。一方面，网络设备之间的信任关系是在一个特定场景下存在的，因此，信任模型对应用场景的依赖性较强，可迁移性较差。另一方面，数学理论对信任关系建模时往往涉及很多权重因子等参数，而这些参数一般是通过经验来确定，信任模型的信任评估准确度存在不确定性，导致信任模型鲁棒性较低。The method of establishing a trust model based on mathematical theory is to use mathematical theory to establish a trust model that characterizes the trust relationship between network devices. There are two problems with this modeling approach. On the one hand, the trust relationship between network devices exists in a specific scenario. Therefore, the trust model has a strong dependence on the application scenario and poor transferability. On the other hand, mathematical theory often involves many parameters such as weight factors when modeling trust relationships, and these parameters are generally determined through experience. There is uncertainty in the accuracy of trust evaluation of trust models, resulting in low robustness of trust models. .

基于机器学习建立信任模型的方法，是使用大量的训练样本训练机器学习模型获得。该方法不需要依靠经验来确定模型中的参数，而且可以针对不同的应用场景，使用不同的训练样本训练模型。因此，该方法不仅可以适应不同的应用场景，而且获得的信任模型的鲁棒性高也较高。该方法虽然可以解决采用数学理论建立信任模型的问题，但是也面临着新的问题。在实际应用中，训练样本中的标签数据往往需要人工对特征数据进行标注获得的。在数据量较大时，对数据进行标注的人工成本增加，导致获取标签数据的成本增加。应理解，网络设备的标签数据指示该网络设备的信任级别。The method of building a trust model based on machine learning is to use a large number of training samples to train the machine learning model. This method does not need to rely on experience to determine the parameters in the model, and can use different training samples to train the model for different application scenarios. Therefore, this method can not only adapt to different application scenarios, but also the robustness of the obtained trust model is high. Although this method can solve the problem of using mathematical theory to establish a trust model, it also faces new problems. In practical applications, the label data in the training samples often needs to be obtained by manually labeling the feature data. When the amount of data is large, the labor cost of labeling the data increases, resulting in an increase in the cost of obtaining labeled data. It should be understood that the tag data of the network device indicates the trust level of the network device.

鉴于利用机器学习建立信任模型时标签数据获取成本高的问题，本申请实施例提供一种信任模型的训练方法，该训练方法应用于模型训练设备。该方法综合阈值判决和算法聚类两种方法确定网络设备的标签数据，然后，根据网络设备的标签数据训练机器学习模型，获得对网络设备进行信任评估的信任模型。In view of the high cost of acquiring tag data when using machine learning to build a trust model, an embodiment of the present application provides a trust model training method, which is applied to a model training device. This method combines threshold judgment and algorithm clustering to determine the label data of network equipment, and then trains a machine learning model based on the label data of network equipment to obtain a trust model for trust evaluation of network equipment.

在一种可能的情况中，模型训练设备可以是位于不同环境中的设备。例如，模型训练设备可以是位于云端的服务器，还可以是位于本地的网络设备。当模型训练设备本地的网络设备时，具体可以是如图1所示网络设备中的任意一个网络设备。下面结合图2详细介绍本申请实施例提供的信任模型训练方法。In one possible situation, the model training device may be a device located in a different environment. For example, the model training device may be a server located in the cloud, or a local network device. When the model is trained on a local network device of the device, specifically, it may be any one of the network devices shown in FIG. 1 . The following describes in detail the trust model training method provided by the embodiment of the present application with reference to FIG. 2 .

图2是本申请实施例提供的一种信任模型的训练方法的流程图。FIG. 2 is a flow chart of a trust model training method provided by an embodiment of the present application.

如图2所示，该训练方法包括如下的步骤S201-步骤S205。As shown in FIG. 2, the training method includes the following steps S201-S205.

步骤S201、获取多个网络设备的通信数据。Step S201, acquiring communication data of multiple network devices.

模型训练设备可以从多个网络设备中获取通信数据。多个网络设备还可以在每次记录通信数据后，将通信数据发送给模型训练设备。可选地，网络设备可以是图1所示异构网络中的网络设备，也可以是其他通信网络中的网络设备。The model training device can obtain communication data from multiple network devices. Multiple network devices can also send the communication data to the model training device after recording the communication data each time. Optionally, the network device may be a network device in the heterogeneous network shown in FIG. 1 , or may be a network device in another communication network.

可选地，通信数据可以包括：传输数据成功次数与传输数据失败次数、直接传输数据的成功次数与直接传输数据的失败次数、以及间接传输数据成功次数与间接传输数据失败次数中一种或多种。其中，传输数据成功次数可以是直接传输数据的成功次数和间接传输数据成功次数之和。以图1所示的设备3和设备6进行通信为例，直接传输指的是，设备3向设备6发送由设备3直接生成的数据；间接传输指的是，设备3向设备6发送由其他设备发送给设备3的数据。Optionally, the communication data may include: one or more of the number of successes and failures of data transmission, the number of successes and failures of direct data transmission, and the number of successes and failures of indirect data transmission kind. Wherein, the number of successful data transmissions may be the sum of the number of successful direct data transmissions and the number of successful indirect data transmissions. Taking the communication between device 3 and device 6 shown in Figure 1 as an example, direct transmission means that device 3 sends data directly generated by device 3 to device 6; indirect transmission means that device 3 sends data generated by other devices to device 6. Data sent by device to device 3.

步骤S202、特征模型根据多个网络设备的通信数据，确定多个网络设备的特征数据。Step S202, the characteristic model determines the characteristic data of the plurality of network devices according to the communication data of the plurality of network devices.

模型训练设备可以将多个网络设备的通信数据输入特征模型中，获得多个网络设备的特征数据。The model training device can input the communication data of multiple network devices into the characteristic model to obtain the characteristic data of the multiple network devices.

其中，特征模型可以包括数学模型。具体地，特征模型根据通信数据确定。Wherein, the feature model may include a mathematical model. Specifically, the characteristic model is determined according to the communication data.

当通信数据包括传输数据成功次数与传输数据失败次数时，特征模型可以包括计算传输数据的成功率的数学模型和/或计算传输数据的失败率的数学模型。应理解，特征数据可以包括传输数据的成功率和传输数据的失败率。When the communication data includes data transmission success times and data transmission failure times, the feature model may include a mathematical model for calculating a success rate of data transmission and/or a mathematical model for calculating a failure rate of data transmission. It should be understood that the feature data may include a success rate of data transmission and a failure rate of data transmission.

当通信数据为直接传输数据的成功次数与直接传输数据的失败次数时，特征模型还可以包括计算直接传输数据的成功率的数学模型和/或计算直接传输数据的失败率的数学模型。应理解，特征数据还可以包括直接传输数据的成功率和直接传输数据的失败率。When the communication data is the number of times of successful direct data transmission and the number of times of failure of direct data transmission, the feature model may further include a mathematical model for calculating the success rate of direct data transmission and/or a mathematical model for calculating the failure rate of direct data transmission. It should be understood that the feature data may also include a success rate of direct data transmission and a failure rate of direct data transmission.

当通信数据为间接传输数据的成功次数与间接传输数据的失败次数时，特征模型还可以包括计算间接传输数据的成功率的数学模型和/或计算间接传输数据的失败率的数学模型。应理解，特征数据还可以包括间接传输数据的成功率和间接传输数据的失败率。When the communication data is the success times and the failure times of the indirect data transmission, the feature model may further include a mathematical model for calculating the success rate of the indirect data transmission and/or a mathematical model for calculating the failure rate of the indirect data transmission. It should be understood that the feature data may also include a success rate of indirect data transmission and a failure rate of indirect data transmission.

步骤S203、根据阈值条件和多个网络设备的特征数据，确定多个网络设备中至少一个第一网络设备的标签数据。Step S203. Determine label data of at least one first network device among the plurality of network devices according to the threshold condition and the feature data of the plurality of network devices.

模型训练设备中可以预先设置阈值条件以及阈值条件对应的信任级别。具体地，阈值条件可以根据特征数据进行设置。以信任级别包括可信和不可信为例，当特征数据包括传输数据的成功率时，阈值条件可以设置为传输数据的成功率大于0.8和传输数据的成功率小于0.3两个条件，并且传输数据的成功率大于0.8对应的信任级别可以设置为可信，传输数据的成功率小于0.3对应的的信任级别可以设置为不可信。The threshold condition and the trust level corresponding to the threshold condition can be preset in the model training device. Specifically, the threshold condition can be set according to feature data. Taking the trust level including credible and untrustworthy as an example, when the feature data includes the success rate of transmitted data, the threshold condition can be set as two conditions: the success rate of transmitted data is greater than 0.8 and the success rate of transmitted data is less than 0.3, and the transmitted data The trust level corresponding to the success rate greater than 0.8 may be set as credible, and the trust level corresponding to the success rate of data transmission less than 0.3 may be set as untrustworthy.

模型训练设备可以将多个网络设备中每个网络设备的特征数据与阈值条件进行匹配，判断每个网络设备的特征数据是否满足阈值条件。当一个网络设备的特征数据满足阈值条件时，该网络设备为第一网络设备，将该阈值条件对应的信任级别作为第一网络设备的标签数据。例如，当网络设备的特征数据小于最小值时，该网络设备的标签数据为小于最小值这个阈值条件对应的信任级别，即不可信；如果网络设备的特征数据大于最大值，该网络设备的标签数据为大于最大值这个阈值条件对应的信任级别，即可信。The model training device can match the characteristic data of each network device among the plurality of network devices with the threshold condition, and judge whether the characteristic data of each network device satisfies the threshold condition. When the feature data of a network device satisfies the threshold condition, the network device is the first network device, and the trust level corresponding to the threshold condition is used as the label data of the first network device. For example, when the feature data of a network device is less than the minimum value, the label data of the network device is the trust level corresponding to the threshold condition of less than the minimum value, that is, untrustworthy; if the feature data of the network device is greater than the maximum value, the label data of the network device The trust level corresponding to the threshold condition that the data is greater than the maximum value, that is, credible.

可以理解，在步骤S203处理之后，模型训练设备将多个网络设备划分为两大类，包括：通过阈值条件获得标签数据的第一网络设备和第二网络设备。第二网络设备无法通过阈值条件确定标签数据。为此，第二网络设备的标签数据通过步骤S204的聚类方法确定。It can be understood that after the processing in step S203, the model training device divides the plurality of network devices into two categories, including: first network devices and second network devices that obtain label data through threshold conditions. The second network device is unable to determine the tag data through the threshold condition. To this end, the label data of the second network device is determined through the clustering method in step S204.

本步骤使用阈值条件确定出第一网络设备的标签数据，可以避免由于第一网络设备的特征数据与第二网络设备的特征数据的区别较大，使得第一网络设备独立成为一个聚类组，从而影响最终的聚类结果。In this step, the label data of the first network device is determined by using the threshold condition, which can avoid that the first network device independently becomes a clustering group due to the large difference between the characteristic data of the first network device and the characteristic data of the second network device. Thus affecting the final clustering result.

步骤S204、将多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据作为每个聚类组中的第二网络设备的标签数据。Step S204, divide the multiple second network devices into a preset number of cluster groups, and obtain label data corresponding to each cluster group as label data of the second network devices in each cluster group.

模型训练设备可以使用聚类算法将多个第二网络设备划分预设数目的聚类组。每个聚类组中包含至少一个第二网络设备。预设数目可以根据预先确定的信任级别的数量确定。例如，当信任级别被确定为可信和不可信两个级别时，聚类算法可以被配置为将多个网络设备的历史信任判定值分为两个聚类组。The model training device may use a clustering algorithm to divide the plurality of second network devices into a preset number of cluster groups. Each clustering group includes at least one second network device. The preset number may be determined according to the number of predetermined trust levels. For example, when the trust level is determined to be credible and untrustworthy, the clustering algorithm may be configured to divide the historical trust determination values of multiple network devices into two clustering groups.

模型训练设备在获得聚类组之后，可以将每个聚类组发送给用户进行人工打标签，并获得用户返回的每个聚类组对应的标签数据。具体地，用户可以对聚类组中每个网络设备对应的特征数据进行判断，确定该聚类组的标签数据。模型训练设备还可以使用算法对每个聚类组进行自动打标签，确定每个聚类组对应的标签数据。具体地，本申请对每个聚类组进行自动打标签的方法不做具体限定。在确定聚类组对应的标签数据之后，模型训练设备可以将聚类组对应的标签数据，作为该聚类组中每个第二网络设备的标签数据。After the model training device obtains the cluster groups, it can send each cluster group to the user for manual labeling, and obtain the label data corresponding to each cluster group returned by the user. Specifically, the user can judge the feature data corresponding to each network device in the cluster group, and determine the label data of the cluster group. The model training device can also use an algorithm to automatically label each cluster group, and determine the label data corresponding to each cluster group. Specifically, the present application does not specifically limit the method for automatically labeling each cluster group. After determining the label data corresponding to the cluster group, the model training device may use the label data corresponding to the cluster group as the label data of each second network device in the cluster group.

可选地，聚类算法可以是K-means聚类算法、均值漂移聚类算法和最大期望聚类算法中的任意一种。Optionally, the clustering algorithm may be any one of K-means clustering algorithm, mean shift clustering algorithm and maximum expectation clustering algorithm.

步骤S205、根据多个网络设备的特征数据和标签数据，更新信任模型的参数。Step S205, updating the parameters of the trust model according to the feature data and label data of multiple network devices.

经过步骤S203和步骤S204，模型训练设备可以获得上述多个网络设备中每个网络设备的标签数据。由此，模型训练设备可以使用多个网络设备的特征数据和标签数据训练信任模型，以更新信任模型的参数。After step S203 and step S204, the model training device can obtain the label data of each network device among the above-mentioned multiple network devices. Thus, the model training device can use the feature data and label data of multiple network devices to train the trust model, so as to update the parameters of the trust model.

在一个示例中，模型训练设备可以将多个网络设备的特征数据作为信任模型的输入数据，获得信任模型的输出数据。模型训练设备可以使用误差函数计算信任模型的输出数据和多个网络设备的标签数据之间的误差值，并根据该误差值，采用梯度下降法更新信任模型的参数。当模型训练设备判断误差值或训练次数满足预设需求时，结束信任模型的训练，将训练结束时的信任模型作为最终的信任模型。In an example, the model training device may use feature data of multiple network devices as input data of the trust model to obtain output data of the trust model. The model training device can use the error function to calculate the error value between the output data of the trust model and the label data of multiple network devices, and use the gradient descent method to update the parameters of the trust model according to the error value. When the model training device judges that the error value or the number of training times meets the preset requirements, the training of the trust model ends, and the trust model at the end of the training is used as the final trust model.

可选地，信任模型可以是卷积神经网络、BP神经网络、深度神经网络等中机器学习模型中的一种，还可以是用于机器学习的其他网络中的一种。Optionally, the trust model may be one of machine learning models such as convolutional neural network, BP neural network, and deep neural network, or one of other networks used for machine learning.

当信任模型为深度神经网络时，训练深度神经网络中的每一层的工作可以用数学表达式

来描述。其中，

为一个层的输入数据，

为该层的输出数据，输入数据和输出数据可以用向量形式表示。可以理解，深度神经网络中的第一层的输入为网络设备的特征数据，最后一层的输出为深度神经网络对网络设备的信任级别的预测数据。 When the trust model is a deep neural network, the work of training each layer in the deep neural network can be expressed mathematically

to describe. in,

For the input data of a layer,

For the output data of this layer, the input data and output data can be expressed in vector form. It can be understood that the input of the first layer in the deep neural network is the feature data of the network device, and the output of the last layer is the prediction data of the trust level of the network device by the deep neural network.

具体地，从物理层面来看，深度神经网络中的每一层的工作可以理解为通过五种对输入空间(输入数据的集合)的操作，完成输入空间到输出空间的变换(即矩阵的行空间到列空间)，这五种操作包括：1、升维/降维；2、放大/缩小；3、旋转；4、平移；5、“弯曲”。其中1、2、3的操作由

完成，4的操作由+b完成，5的操作则由a()来实现。这里之所以用“空间”二字来表述是因为被分类的对象并不是单个事物，而是一类事物，空间是指这类事物所有个体的集合。其中，W是权重向量，该向量中的每一个值表示该层神经网络中的一个神经元的权重值。该向量W决定着上文所述的输入空间到输出空间的空间变换，即每一层的权重W控制着如何变换空间。训练深度神经网络的目的，也就是最终得到训练好的神经网络的所有层的权重矩阵(由很多层的向量W形成的权重矩阵)。因此，神经网络的训练过程本质上就是学习控制空间变换的方式，更具体的就是学习权重矩阵。 Specifically, from a physical point of view, the work of each layer in the deep neural network can be understood as completing the transformation from the input space to the output space (that is, the rows of the matrix) through five operations on the input space (a collection of input data). Space to column space), these five operations include: 1. Dimension increase/reduction; 2. Enlargement/Reduction; 3. Rotation; 4. Translation; 5. "Bending". Among them, the operations of 1, 2, and 3 are performed by

Complete, the operation of 4 is completed by +b, and the operation of 5 is realized by a(). The reason why the word "space" is used here is because the classified object is not a single thing, but a kind of thing, and space refers to the collection of all individuals of this kind of thing. Wherein, W is a weight vector, and each value in the vector represents the weight value of a neuron in this layer of neural network. The vector W determines the space transformation from the input space to the output space described above, that is, the weight W of each layer controls how to transform the space. The purpose of training the deep neural network is to finally obtain the weight matrix of all layers of the trained neural network (the weight matrix formed by the vector W of many layers). Therefore, the training process of the neural network is essentially to learn the way to control the spatial transformation, and more specifically, to learn the weight matrix.

因为希望深度神经网络的输出尽可能的接近真正想要预测的值，所以可以通过比较当前网络的预测数据和真正想要的标签数据，再根据两者之间的差异情况来更新每一层神经网络的权重向量(当然，在第一次更新之前通常会有初始化的过程，即为深度神经网络中的各层预先配置参数)，比如，如果网络的预测数据高了，就调整权重向量让它预测低一些，不断的调整，直到神经网络能够预测出真正想要的标签数据。因此，就需要预先定义“如何比较预测数据和标签数据之间的差异”，这便是损失函数(1oss function)或目标函数(objective function)，它们是用于衡量预测数据和标签数据的差异的重要方程。其中，以损失函数举例，损失函数的输出值(1oss)越高表示差异越大，那么深度神经网络的训练就变成了尽可能缩小这个loss的过程。Because it is hoped that the output of the deep neural network is as close as possible to the value you really want to predict, you can compare the predicted data of the current network with the label data you really want, and then update each layer of neural network according to the difference between the two. The weight vector of the network (of course, there is usually an initialization process before the first update, which is to pre-configure parameters for each layer in the deep neural network). For example, if the network's prediction data is high, adjust the weight vector to make it The prediction is lower, and it is constantly adjusted until the neural network can predict the label data it really wants. Therefore, it is necessary to pre-define "how to compare the difference between the predicted data and the label data", which is the loss function (1oss function) or the objective function (objective function), which is used to measure the difference between the predicted data and the label data important equation. Among them, taking the loss function as an example, the higher the output value of the loss function (1oss), the greater the difference. Then the training of the deep neural network becomes a process of reducing the loss as much as possible.

在一个示例中，模型训练设备在将多个网络设备的特征数据输入信任模型之前，还可以使用特征模型将特征数据转换为信任模型可以识别的数据，再将特征模型输出的数据输入信任模型。其中，特征模型的介绍可以参见前述图2所示方法实施例中的描述，此处不再赘述。In an example, before the model training device inputs the feature data of multiple network devices into the trust model, it may also use the feature model to convert the feature data into data that the trust model can recognize, and then input the data output by the feature model into the trust model. For the introduction of the feature model, reference may be made to the description in the foregoing method embodiment shown in FIG. 2 , which will not be repeated here.

在一个示例中，当一个网络设备处于冷启动模式下时，该网络设备没有产生特征数据，信任评估设备可以根据该网络设备的制造商、使用范围、重要程度和部署位置等客观因素进行综合评估，确定该网络设备的信任级别。In an example, when a network device is in the cold start mode, the network device does not generate characteristic data, and the trust evaluation device can conduct a comprehensive evaluation based on objective factors such as the manufacturer, scope of use, importance, and deployment location of the network device , to determine the trust level of the network device.

基于上述图2所示的信任模型的训练方法实施例，本申请实施例还提供一种网络设备的信任评估方法。该方法应用于信任评估设备。信任评估设备可以将网络设备的特征数据输入信任模型，从而根据信任模型的输出确定该网络设备的信任级别。Based on the embodiment of the trust model training method shown in FIG. 2 above, this embodiment of the present application also provides a trust evaluation method for network devices. The method is applied to a trust evaluation device. The trust evaluation device can input the characteristic data of the network device into the trust model, so as to determine the trust level of the network device according to the output of the trust model.

在一种可能的情况中，信任评估设备可以使用图2所示的信任模型的训练方法获得信任模型。在一种可能的情况中，信任评估设备中的的信任模型可以通过模型训练设备获得，即模型训练设备在获得信任模型之后，将模型训练设备发送给信任评估设备。In a possible situation, the trust evaluation device may use the trust model training method shown in FIG. 2 to obtain the trust model. In a possible situation, the trust model in the trust evaluation device may be obtained by the model training device, that is, the model training device sends the model training device to the trust evaluation device after obtaining the trust model.

在一种可能的情况中，信任评估设备可以是位于不同环境中的设备。例如，信任评估设备可以是位于云端的服务器，还可以是位于本地的网络设备。当信任评估设备时本地的网络设备时，具体可以是如图1所示网络设备中的任意一个网络设备。In one possible situation, the trust evaluation device may be a device located in a different environment. For example, the trust evaluation device may be a server located in the cloud, or a local network device. When the trust evaluation device is a local network device, it may specifically be any one of the network devices shown in FIG. 1 .

下面结合附图3，详细介绍信任评估设备是如何使用信任模型对异构网络中的网络设备进行信任评估的。The following describes in detail how the trust assessment device uses the trust model to perform trust assessment on the network equipment in the heterogeneous network with reference to FIG. 3 .

图3是本申请实施例提供的一种网络设备的信任评估方法的流程图。Fig. 3 is a flow chart of a method for trust evaluation of a network device provided by an embodiment of the present application.

如图3所示，该网络设备的信任评估方法具体包括如下的步骤S301-步骤S303。As shown in FIG. 3 , the trust evaluation method for network equipment specifically includes the following steps S301-S303.

步骤S301、获取网络设备的通信数据。Step S301, acquiring communication data of a network device.

信任评估设备可以向网络设备发送第一指令。网络设备接收到该第一指令时，向信任评估设备发送自身的通信数据。网络设备还可以被配置为，在每次通信结束之后，记录当前的通信数据。可选地，网络设备可以是图1所示异构网络中的网络设备，也可以是其他通信网络中的网络设备。其中，通信数据的介绍可以参见前述图2所示方法实施例中步骤S201中的描述，此处不再赘述。The trust evaluation device may send the first instruction to the network device. When the network device receives the first instruction, it sends its own communication data to the trust evaluation device. The network device may also be configured to record current communication data after each communication ends. Optionally, the network device may be a network device in the heterogeneous network shown in FIG. 1 , or may be a network device in another communication network. For the introduction of the communication data, reference may be made to the description in step S201 in the method embodiment shown in FIG. 2 above, and details are not repeated here.

步骤S302、特征模型根据网络设备的通信数据，确定网络设备的特征数据。Step S302, the characteristic model determines the characteristic data of the network device according to the communication data of the network device.

信任评估设备可以将网络设备的通信数据输入预先建立的特征模型，获得特征模型输出的该网络设备的特征数据。The trust evaluation device can input the communication data of the network device into the pre-established feature model, and obtain the feature data of the network device output by the feature model.

其中，特征数据和特征模型的介绍可以参见前述图2所示方法实施例中步骤S202中描述，此处不再赘述。For the introduction of feature data and feature models, refer to the description in step S202 in the method embodiment shown in FIG. 2 above, and details are not repeated here.

步骤S303、信任模型根据网络设备的特征数据，确定网络设备的信任级别。Step S303, the trust model determines the trust level of the network device according to the feature data of the network device.

信任评估设备可以将网络设备的特征数据输入到预先建立的信任模型中，根据信任模型的输出确定该网络设备的信任级别。其中，信任模型的获取过程将在后文中进行详细描述，此处不再赘述。The trust evaluation device can input the feature data of the network device into a pre-established trust model, and determine the trust level of the network device according to the output of the trust model. Among them, the process of obtaining the trust model will be described in detail later, and will not be repeated here.

在一个示例中，信任评估设备在获得网络设备的信任级别之后，可以将网络设备的标识和信任级别关联的存储在区块链中。信任评估设备利用区块存储信任级别，可以使信任级别充分公开，以及保证信任级别不被篡改。In an example, after the trust evaluation device obtains the trust level of the network device, it can store the identifier of the network device and the trust level in a block chain in association. The trust evaluation device uses the block to store the trust level, which can fully disclose the trust level and ensure that the trust level cannot be tampered with.

在一个示例中，信任评估设备在获得网络设备的信任级别之后，还可以先确定该信任级别对应的哈希值。然后，信任评估设备将网络设备的标识和信任级别对应的哈希值关联的存储在区块链中，将网络设备的信任级别和信任级别对应的哈希值关联的存储在存储***中。存储***可以是星际文件***。信任评估设备将信任级别对应的哈希值存储在区块链上，可以减轻区块链上的数据存储压力。In an example, after the trust evaluation device obtains the trust level of the network device, it may first determine the hash value corresponding to the trust level. Then, the trust evaluation device associates the identifier of the network device with the hash value corresponding to the trust level and stores it in the block chain, and stores the trust level of the network device and the hash value corresponding to the trust level in the storage system. The storage system may be an interplanetary file system. The trust evaluation device stores the hash value corresponding to the trust level on the blockchain, which can reduce the data storage pressure on the blockchain.

在一个示例中，信任评估设备在获得网络设备的信任级别之后，还可以向外广播该网络设备的信任级别。信任评估设备以广播的形式发送信任级别，可以节省网络设备获得其他网络设备的信任级别的成本和时间，从而提高通信的效率。In an example, after obtaining the trust level of the network device, the trust evaluation device may also broadcast the trust level of the network device to the outside. The trust evaluation device sends the trust level in the form of broadcast, which can save the cost and time for the network device to obtain the trust level of other network devices, thereby improving communication efficiency.

上述图3所示的信任评估方法，信任模型基于各个网络设备相同的通信数据，对各个网络设备进行信任评估，可以实现异构网络中网络设备的信任评估。其中，主体网络设备在需要与客体网络设备进行通信时，对客体网络设备的信任级别进行判断。主体网络设备在确认客体网络设备可以信任时，与其进行通信，可以提高主体网络设备的安全性。In the trust evaluation method shown in FIG. 3 above, the trust model is based on the same communication data of each network device, and the trust evaluation is performed on each network device, which can realize the trust evaluation of network devices in a heterogeneous network. Wherein, when the subject network device needs to communicate with the object network device, it judges the trust level of the object network device. When the subject network device confirms that the object network device can be trusted, it communicates with it, which can improve the security of the subject network device.

基于上述图3所示的信任评估方法实施例，本申请实施例还提供一种网络设备的通信方法。该通信方法应用于第一网络设备。例如，第一网络设备需要与第二网络设备进行通信时，可以获取第二网络设备的信任级别，并根据该网络设备的信任级别确定是否与其进行通信。Based on the above embodiment of the trust evaluation method shown in FIG. 3 , this embodiment of the present application further provides a communication method for a network device. The communication method is applied to the first network device. For example, when the first network device needs to communicate with the second network device, it may obtain the trust level of the second network device, and determine whether to communicate with the second network device according to the trust level of the network device.

图4是本申请实施例提供的一种网络设备的通信方法。FIG. 4 is a communication method of a network device provided by an embodiment of the present application.

如图4所示，该方法包括如下的步骤S401-步骤S402。As shown in FIG. 4, the method includes the following steps S401-S402.

步骤S401、从区块链上获取上获取第二网络设备的信任级别。Step S401, acquire the trust level of the second network device from the block chain.

第一网络设备在确定需要与第二网络设备进行通信时，可以根据第二网络设备的标识从区块链上获得第二网络设备的信任级别。其中，第一网络设备和第二网络设备可以是图1所示异构网络的任意一个子网络中的任意一个设备，还可以是其他通信网络中的网络设备。When the first network device determines that it needs to communicate with the second network device, it can obtain the trust level of the second network device from the block chain according to the identification of the second network device. Wherein, the first network device and the second network device may be any device in any sub-network of the heterogeneous network shown in FIG. 1 , or may be network devices in other communication networks.

信任评估设备在获得各个网络设备的信任级别之后，可以将网络设备的标识和信任级别关联的存储在区块链上，如图4中步骤S400所示。After the trust evaluation device obtains the trust level of each network device, it can store the identification of the network device and the trust level in association on the block chain, as shown in step S400 in FIG. 4 .

可选地，网络设备的标识可以是网络设备的名称、IP地址或身份编号(identity，ID)中一种。Optionally, the identifier of the network device may be one of a name, an IP address, or an identity number (identity, ID) of the network device.

步骤S402、根据第二网络设备的信任级别，确定与第二网络设备进行通信。Step S402, determine to communicate with the second network device according to the trust level of the second network device.

第一网络设备可以根据第二网络设备的信任级别和预先设定的通信条件，确定是否与第二网络设备进行通信。第一网络设备可以在确定第二网络设备的信任级别满足通信条件时，与第二网络设备建立通信连接。The first network device may determine whether to communicate with the second network device according to the trust level of the second network device and preset communication conditions. The first network device may establish a communication connection with the second network device when determining that the trust level of the second network device satisfies the communication condition.

具体地，通信条件可以根据信任级别的类别进行设置。例如，当信任级别被分为可信和不可信时，通信条件可以是待建立通信连接的网络设备的信任级别为可信。再例如，当信任级别被分为极度不可信、不可信、可信和非常可信时，通信条件可以是待建立通信连接的网络设备的信任级别为可信或非常可信。再例如，当信任级别被分为一级、二级、三级和四级时，通信条件可以是待建立通信连接的网络设备的信任级别不低于三级。Specifically, the communication condition can be set according to the category of the trust level. For example, when the trust level is divided into trusted and untrusted, the communication condition may be that the trust level of the network device to establish the communication connection is trusted. For another example, when the trust level is divided into extremely untrustworthy, untrustworthy, trustworthy, and very trustworthy, the communication condition may be that the trust level of the network device to establish the communication connection is trustworthy or very trustworthy. For another example, when the trust level is divided into level one, level two, level three and level four, the communication condition may be that the trust level of the network device to establish the communication connection is not lower than level three.

图5是本申请实施例提供的另一种网络设备的通信方法。FIG. 5 is another communication method of a network device provided by an embodiment of the present application.

如图5所示，该方法包括如下的步骤S502-步骤S504。As shown in Fig. 5, the method includes the following steps S502-S504.

步骤S502、从区块链上获取上获取第二网络设备的信任级别对应的哈希值。Step S502, acquiring a hash value corresponding to the trust level of the second network device from the blockchain.

第一网络设备在确定需要与第二网络设备进行通信时，可以从区块链上获取上获取第二网络设备的信任级别对应的哈希值。具体地，第一网络设备可以根据第二网络设备的标识从区块链上获得第二网络设备的信任级别对应的哈希值。When the first network device determines that it needs to communicate with the second network device, it can obtain a hash value corresponding to the trust level of the second network device from the block chain. Specifically, the first network device can obtain the hash value corresponding to the trust level of the second network device from the blockchain according to the identifier of the second network device.

信任评估设备在获得各个网络设备的信任级别之后，可以根据网络设备的信任级别确定网络设备的信任级别对应的哈希值，然后将网络设备的标识和网络设备的信任级别对应的哈希值关联的存储在区块链上，如图5中步骤S500所示。然后，信任评估设备将网络设备的信任级别对应的哈希值和网络设备的信任级别关联的存储在存储***中，如图5中步骤S501所示。After the trust evaluation device obtains the trust level of each network device, it can determine the hash value corresponding to the trust level of the network device according to the trust level of the network device, and then associate the identifier of the network device with the hash value corresponding to the trust level of the network device is stored on the blockchain, as shown in step S500 in FIG. 5 . Then, the trust evaluation device associates the hash value corresponding to the trust level of the network device with the trust level of the network device and stores it in the storage system, as shown in step S501 in FIG. 5 .

可选地，存储***可以是星际文件***(inter planetary file system，IPFS)。IPFS是一种基于区块链技术的媒体协议，用分布式储存和内容寻址技术，把点对点的单点传输改变成多点对多点的P2P传输。将网络设备的信任级别对应的哈希值存储在IPFS中，可以减轻区块链上存储数据的压力。Optionally, the storage system may be an interplanetary file system (inter planetary file system, IPFS). IPFS is a media protocol based on blockchain technology. It uses distributed storage and content addressing technology to change point-to-point single-point transmission into multi-point-to-multipoint P2P transmission. Storing the hash value corresponding to the trust level of the network device in IPFS can reduce the pressure of storing data on the blockchain.

步骤S503、根据第二网络设备的信任级别对应的哈希值，确定第二网络设备的信任级别。Step S503: Determine the trust level of the second network device according to the hash value corresponding to the trust level of the second network device.

第一设备可以根据第二网络设备的信任级别对应的哈希值，从存储***中获得第二网络设备的信任级别。The first device may obtain the trust level of the second network device from the storage system according to the hash value corresponding to the trust level of the second network device.

步骤S504、根据第二网络设备的信任级别，确定与第二网络设备进行通信。Step S504, determine to communicate with the second network device according to the trust level of the second network device.

本步骤的具体过程与前述图4所述方法实施例中的步骤S402的描述相同，此处不再赘述。The specific process of this step is the same as the description of step S402 in the aforementioned method embodiment shown in FIG. 4 , and will not be repeated here.

图6是本申请实施例提供的另一种网络设备的通信方法。FIG. 6 is another communication method of a network device provided by an embodiment of the present application.

如图6所示，该方法包括如下的步骤S601-步骤S603。As shown in FIG. 6, the method includes the following steps S601-S603.

步骤S601、接收广播信号。Step S601, receiving a broadcast signal.

第一网络设备可以被配置为实时接收广播信号。其中，第一网络设备在没有通信需求的情况下，可以将接收到的广播信号丢弃。The first network device may be configured to receive broadcast signals in real time. Wherein, the first network device may discard the received broadcast signal when there is no need for communication.

信任评估设备在获得各个网络设备的信任级别之后，通过广播信号向外发送各个网络设备的信任级别，如图6中步骤S600所示。After obtaining the trust level of each network device, the trust evaluation device sends out the trust level of each network device through a broadcast signal, as shown in step S600 in FIG. 6 .

在一个示例中，信任评估设备还可以在获得各个网络设备的信任级别之后，将各个网络设备的信任级别发送给广播设备。广播设备接收到各个网络设备的信任级别时，发送广播信号。In an example, the trust evaluation device may also send the trust level of each network device to the broadcast device after obtaining the trust level of each network device. When the broadcast device receives the trust level of each network device, it sends a broadcast signal.

步骤S602、根据广播信号确定第二网络设备的信任级别。Step S602. Determine the trust level of the second network device according to the broadcast signal.

第一网络设备接收到广播信号时，对广播信号进行解析，获得广播信号包含的网络设备的标识和信任级别。然后，第一网络设备根据第二网络设备的标识，从解析出的网络设备的信任级别中获得第二网络设备的信任级别。When the first network device receives the broadcast signal, it analyzes the broadcast signal to obtain the identifier and trust level of the network device included in the broadcast signal. Then, the first network device obtains the trust level of the second network device from the parsed trust level of the network device according to the identifier of the second network device.

步骤S603、根据第二网络设备的信任级别，确定与第二网络设备进行通信。Step S603, determine to communicate with the second network device according to the trust level of the second network device.

基于图2所示的信任模型训练方法实施例，本申请实施例还提供一种信任模型的训练装置。Based on the embodiment of the trust model training method shown in FIG. 2 , an embodiment of the present application further provides a trust model training device.

图7是本申请实施例提供的一种信任模型的训练装置700的结构示意图。该训练装置700用于实现图2中的步骤S201-步骤S205。如图7所示，该训练装置700包括：获取模块701、特征提取模块702、第一确定模块703、第二确定模块704和训练模块705。FIG. 7 is a schematic structural diagram of a trust model training device 700 provided by an embodiment of the present application. The training device 700 is used to realize step S201-step S205 in FIG. 2 . As shown in FIG. 7 , the training device 700 includes: an acquisition module 701 , a feature extraction module 702 , a first determination module 703 , a second determination module 704 and a training module 705 .

其中，获取模块701用于获取多个网络设备的通信数据。Wherein, the acquiring module 701 is configured to acquire communication data of multiple network devices.

其中，特征提取模块702用于利用特征模型根据多个网络设备的通信数据，确定多个网络设备的特征数据。Wherein, the feature extraction module 702 is used to determine the feature data of multiple network devices according to the communication data of multiple network devices by using a feature model.

其中，第一确定模块703用于根据阈值条件和多个网络设备的特征数据，确定多个网络设备中至少一个第一网络设备的标签数据；多个网络设备包括至少一个第一网络设备和多个第二网络设备；标签数据指示网络设备的信任级别。Wherein, the first determination module 703 is used to determine the label data of at least one first network device in the plurality of network devices according to the threshold condition and the characteristic data of the plurality of network devices; the plurality of network devices include at least one first network device and multiple a second network device; the tag data indicates the trust level of the network device.

其中，第二确定模块704用于将多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据，作为每个聚类组中的第二网络设备的标签数据；预设数目与信任级别的数量对应。Wherein, the second determination module 704 is used to divide multiple second network devices into a preset number of cluster groups, and obtain label data corresponding to each cluster group as the second network device in each cluster group tag data; the preset number corresponds to the number of trust levels.

其中，训练模块705用于根据多个网络设备的特征数据和标签数据，更新信任模型的参数。Wherein, the training module 705 is used to update the parameters of the trust model according to the feature data and label data of multiple network devices.

需要说明的是，图7所示实施例提供的训练装置700在执行信任模型的训练方法时，仅以上述各功能模块的划分举例说明。在实际应用中，可以根据需要而将上述训练装置700中各个模块执行的功能分配由其他不同的功能模块完成，即将训练装置700的内部结构划分成不同的功能模块，以完成以上描述的全部或者部分功能。另外，上述实施例提供的训练装置700与图2所示的信任模型训练方法实施例属于同一构思，其具体实现过程详见方法实施例，这里不再赘述。It should be noted that when the training device 700 provided in the embodiment shown in FIG. 7 executes the trust model training method, it only uses the division of the above-mentioned functional modules as an example for illustration. In practical applications, the functions performed by the various modules in the above-mentioned training device 700 can be assigned to other different functional modules according to needs, that is, the internal structure of the training device 700 can be divided into different functional modules to complete all or all of the above-described functions. Some functions. In addition, the training device 700 provided in the above embodiment is based on the same idea as the embodiment of the trust model training method shown in FIG. 2 , and its specific implementation process is detailed in the method embodiment, and will not be repeated here.

基于图3所示的信任评估方法实施例，本申请实施例还提供一种信任评估装置。Based on the embodiment of the trust assessment method shown in FIG. 3 , an embodiment of the present application further provides a trust assessment device.

图8是本申请实施例提供的一种信任评估装置800的结构示意图。该信任评估装置800用于实现图3中的步骤S301-步骤S303。如图8所示，该信任评估装置800包括：获取模块801、特征提取模块802和评估模块803。FIG. 8 is a schematic structural diagram of a trust evaluation device 800 provided by an embodiment of the present application. The trust evaluation apparatus 800 is used to realize step S301-step S303 in FIG. 3 . As shown in FIG. 8 , the trust evaluation apparatus 800 includes: an acquisition module 801 , a feature extraction module 802 and an evaluation module 803 .

其中，获取模块801用于获取网络设备的通信数据。Wherein, the obtaining module 801 is used for obtaining communication data of network devices.

其中，特征提取模块802用于利用特征模型根据网络设备的通信数据，确定网络设备的特征数据。Wherein, the feature extraction module 802 is used to determine the feature data of the network device according to the communication data of the network device by using the feature model.

其中，评估模块803用于利用信任模型根据网络设备的特征数据，确定网络设备的信任级别。Wherein, the evaluation module 803 is used to determine the trust level of the network device according to the characteristic data of the network device by using the trust model.

需要说明的是，图8所示实施例提供的信任评估装置800在执行信任评估方法时，仅以上述各功能模块的划分举例说明。在实际应用中，可以根据需要而将上述信任评估装置800中各个模块执行的功能分配由其他不同的功能模块完成，即将信任评估装置800的内部结构划分成不同的功能模块，以完成以上描述的全部或者部分功能。另外，上述实施例提供的信任评估装置800与图3所示的信任评估方法实施例属于同一构思，其具体实现过程详见方法实施例，这里不再赘述。It should be noted that, when the trust assessment apparatus 800 provided in the embodiment shown in FIG. 8 executes the trust assessment method, only the division of the above functional modules is used as an example for illustration. In practical applications, the functions performed by the various modules in the above-mentioned trust evaluation device 800 can be assigned to other different functional modules according to needs, that is, the internal structure of the trust evaluation device 800 is divided into different functional modules to complete the above-described full or partial functionality. In addition, the trust evaluation device 800 provided in the above embodiment is based on the same idea as the trust evaluation method embodiment shown in FIG. 3 , and its specific implementation process is detailed in the method embodiment, and will not be repeated here.

图9是本申请实施例提供一种计算设备900的硬件结构示意图。FIG. 9 is a schematic diagram of a hardware structure of a computing device 900 provided by an embodiment of the present application.

该计算设备900可以为上述通信网络中的网络设备、上述信任评估设备或者模型训练设备。参见图9，该计算设备900包括处理器910、存储器920、通信接口930和总线940，处理器910、存储器920和通信接口930通过总线940彼此连接。处理器910、存储器920和通信接口930也可以采用除了总线940之外的其他连接方式连接。The computing device 900 may be a network device in the aforementioned communication network, the aforementioned trust evaluation device, or a model training device. Referring to FIG. 9 , the computing device 900 includes a processor 910 , a memory 920 , a communication interface 930 and a bus 940 , and the processor 910 , the memory 920 and the communication interface 930 are connected to each other through the bus 940 . The processor 910 , the memory 920 and the communication interface 930 may also be connected by other connection methods than the bus 940 .

其中，存储器920可以是各种类型的存储介质，例如随机存取存储器(random access memory，RAM)、只读存储器(read-only memory，ROM)、非易失性RAM(non-volatile RAM，NVRAM)、可编程ROM(programmable ROM，PROM)、可擦除PROM(erasable PROM，EPROM)、电可擦除PROM(electrically erasable PROM，EEPROM)、闪存、光存储器、硬盘等。Wherein, the memory 920 can be various types of storage media, such as random access memory (random access memory, RAM), read-only memory (read-only memory, ROM), non-volatile RAM (non-volatile RAM, NVRAM ), programmable ROM (programmable ROM, PROM), erasable PROM (erasable PROM, EPROM), electrically erasable PROM (electrically erasable PROM, EEPROM), flash memory, optical memory, hard disk, etc.

其中，处理器910可以是通用处理器，通用处理器可以是通过读取并执行存储器(例如存储器920)中存储的内容来执行特定步骤和/或操作的处理器。例如，通用处理器可以是中央处理器(central processing unit，CPU)。处理器910可以包括至少一个电路，以执行图2-6所示实施例提供的方法的全部或部分步骤。Wherein, the processor 910 may be a general-purpose processor, and the general-purpose processor may be a processor that performs specific steps and/or operations by reading and executing contents stored in a memory (such as the memory 920 ). For example, the general processor may be a central processing unit (CPU). The processor 910 may include at least one circuit to execute all or part of the steps of the method provided by the embodiments shown in FIGS. 2-6 .

其中，通信接口930包括输入/输出(input/output，I/O)接口、物理接口和逻辑接口等用于实现网络设备900内部的器件互连的接口，以及用于实现网络设备900与其他设备(例如其他网络设备或用户设备)互连的接口。物理接口可以是以太网接口，光纤接口，ATM接口等。Among them, the communication interface 930 includes an input/output (input/output, I/O) interface, a physical interface and a logical interface, etc., which are used to realize the interconnection of devices inside the network device 900, and are used to realize the connection between the network device 900 and other devices. (such as other network equipment or user equipment) interconnection interface. The physical interface can be Ethernet interface, optical fiber interface, ATM interface, etc.

其中，总线940可以是任何类型的，用于实现处理器910、存储器920和通信接口930互连的通信总线，例如***总线。Wherein, the bus 940 may be any type of communication bus for interconnecting the processor 910, the memory 920 and the communication interface 930, such as a system bus.

上述器件可以分别设置在彼此独立的芯片上，也可以至少部分的或者全部的设置在同一块芯片上。将各个器件独立设置在不同的芯片上，还是整合设置在一个或者多个芯片上，往往取决于产品设计的需要。本申请实施例对上述器件的具体实现形式不做限定。The above-mentioned devices may be respectively arranged on independent chips, or at least partly or all of them may be arranged on the same chip. Whether each device is independently arranged on different chips or integrated and arranged on one or more chips often depends on the needs of product design. The embodiments of the present application do not limit the specific implementation forms of the foregoing devices.

图9所示的计算设备900仅仅是示例性的，在实现过程中，计算设备900还可以包括其他组件，本文不再一一列举。The computing device 900 shown in FIG. 9 is only exemplary. During implementation, the computing device 900 may also include other components, which will not be listed here.

在上述实施例中，可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时，可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时，全部或部分地产生按照本发明实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中，或者从一个计算机可读存储介质向另一个计算机可读存储介质传输，例如，所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如，软盘、硬盘、磁带)、光介质(例如，DVD)、或者半导体介质(例如，固态硬盘(solid state disk，SSD))等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present invention will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a solid state disk (solid state disk, SSD)), etc.

可以理解的是，在本申请的实施例中涉及的各种数字编号仅为描述方便进行的区分，并不用来限制本申请的实施例的范围。应理解，在本申请实施例中，上述各过程的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，不应对本申请实施例的实施过程构成任何限定。It can be understood that the various numbers involved in the embodiments of the present application are only for convenience of description, and are not used to limit the scope of the embodiments of the present application. It should be understood that in the embodiment of the present application, the size of the sequence numbers of the above-mentioned processes does not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not constitute the implementation process of the embodiment of the present application. Any restrictions.

以上所述的具体实施方式，对本申请的目的、技术方案和有益效果进行了进一步详细说明，所应理解的是，以上所述仅为本发明的具体实施方式而已，并不用于限定本申请的保护范围，凡在本申请的技术方案的基础之上，所做的任何修改、等同替换、改进等，均应包括在本申请的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present application in detail. It should be understood that the above descriptions are only specific embodiments of the present invention, and are not intended to limit the scope of the present application. Scope of protection: All modifications, equivalent replacements, improvements, etc. made on the basis of the technical solutions of this application shall be included within the scope of protection of this application.

Claims

一种信任模型的训练方法，其特征在于，所述方法包括：A training method for a trust model, characterized in that the method comprises:

获取多个网络设备的通信数据；Obtain communication data of multiple network devices;

特征模型根据所述多个网络设备的通信数据，确定所述多个网络设备的特征数据；The characteristic model determines the characteristic data of the plurality of network devices according to the communication data of the plurality of network devices;

根据阈值条件和所述多个网络设备的特征数据，确定所述多个网络设备中每个第一网络设备的标签数据；所述多个网络设备包括至少一个所述第一网络设备和多个第二网络设备；所述标签数据指示网络设备的信任级别；According to the threshold condition and the characteristic data of the plurality of network devices, determine the label data of each first network device in the plurality of network devices; the plurality of network devices include at least one of the first network devices and a plurality of A second network device; the tag data indicates a trust level of the network device;

将所述多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据，作为所述每个聚类组中每个第二网络设备的标签数据；所述预设数目与信任级别的数量对应；dividing the plurality of second network devices into a preset number of clustering groups, and obtaining label data corresponding to each clustering group as label data of each second network device in each clustering group; The preset number corresponds to the number of trust levels;

根据所述多个网络设备的特征数据和标签数据，更新信任模型的参数。The parameters of the trust model are updated according to the feature data and label data of the plurality of network devices.
根据权利要求1所述的方法，其特征在于，所述根据阈值条件和所述多个网络设备的特征数据，确定所述多个网络设备中每个第一网络设备的标签数据包括：The method according to claim 1, wherein, according to the threshold condition and the feature data of the plurality of network devices, determining the label data of each first network device in the plurality of network devices comprises:

当所述多个网络设备中网络设备的特征数据满足所述阈值条件时，确定所述网络设备为第一网络设备；When the characteristic data of the network device among the plurality of network devices meets the threshold condition, determine that the network device is the first network device;

获取所述阈值条件对应的标签数据，作为所述第一网络设备的标签数据。Obtain label data corresponding to the threshold condition as label data of the first network device.
根据权利要求1或2所述的方法，其特征在于，所述阈值条件包括：特征数据小于第一阈值，和/或特征数据大于第二阈值。The method according to claim 1 or 2, wherein the threshold condition includes: the feature data is smaller than a first threshold, and/or the feature data is larger than a second threshold.
根据权利要求1-3任一项所述的方法，其特征在于，所述通信数据包括：数据传输成功次数和数据传输失败次数，所述特征数据包括：数据传输成功率。The method according to any one of claims 1-3, wherein the communication data includes: the number of successful data transmissions and the number of failed data transmissions, and the feature data includes: a success rate of data transmissions.
一种信任评估方法，其特征在于，所述方法包括：A trust assessment method, characterized in that the method comprises:

获取网络设备的的通信数据；Obtain communication data of network devices;

特征模型根据所述网络设备的通信数据，确定所述网络设备的特征数据；The characteristic model determines the characteristic data of the network device according to the communication data of the network device;

信任模型根据所述网络设备的特征数据，确定所述网络设备的信任级别，所述信任模型通过权利要求1-4任一项所述的方法训练得到。The trust model determines the trust level of the network device according to the characteristic data of the network device, and the trust model is obtained through training according to the method described in any one of claims 1-4.
根据权利要求5所述的方法，其特征在于，所述方法还包括：The method according to claim 5, wherein the method further comprises:

将所述网络设备的信任级别存储在区块链中；或者storing the trust level of said network device in a blockchain; or

将所述网络设备的信任级别对应的哈希值存储在所述区块链中，以及将所述网络设备的信任级别存储在存储***中；或者storing the hash value corresponding to the trust level of the network device in the blockchain, and storing the trust level of the network device in a storage system; or

广播所述网络设备的信任级别。The trust level of the network device is broadcasted.
一种信任模型的训练装置，其特征在于，所述装置包括：A training device for a trust model, characterized in that the device comprises:

获取模块，用于获取多个网络设备的通信数据；An acquisition module, configured to acquire communication data of multiple network devices;

特征提取模块，用于利用特征模型根据所述多个网络设备的通信数据，确定所述多个网络设备的特征数据；A feature extraction module, configured to use a feature model to determine feature data of the multiple network devices according to the communication data of the multiple network devices;

第一确定模块，用于根据阈值条件和所述多个网络设备的特征数据，确定所述多个网络设备中至少一个第一网络设备的标签数据；所述多个网络设备包括所述至少一个第一网络设备和多个第二网络设备；所述标签数据指示网络设备的信任级别；The first determining module is configured to determine label data of at least one first network device among the plurality of network devices according to a threshold condition and characteristic data of the plurality of network devices; the plurality of network devices include the at least one A first network device and a plurality of second network devices; the label data indicates a trust level of the network device;

第二确定模块，用于将所述多个第二网络设备划分为预设数目的聚类组，并获取每个聚类组对应的标签数据，作为所述每个聚类组中的第二网络设备的标签数据；所述预设数目与信任级别的数量对应；The second determining module is configured to divide the plurality of second network devices into a preset number of clustering groups, and acquire label data corresponding to each clustering group as the second Label data of the network device; the preset number corresponds to the number of trust levels;

训练模块，用于根据所述多个网络设备的特征数据和标签数据，更新信任模型的参数。The training module is used to update the parameters of the trust model according to the feature data and label data of the plurality of network devices.
根据权利要求7所述的装置，其特征在于，所述第一确定模块具体用于：The device according to claim 7, wherein the first determining module is specifically configured to:

当所述多个网络设备中网络设备的特征数据满足所述阈值条件时，确定所述网络设备为第一网络设备；When the characteristic data of the network device among the plurality of network devices meets the threshold condition, determine that the network device is the first network device;

获取所述阈值条件对应的标签数据，作为所述第一网络设备的标签数据。Obtain label data corresponding to the threshold condition as label data of the first network device.
根据权利要求6或7所述的装置，其特征在于，所述阈值条件包括：特征数据小于第一阈值，和/或特征数据大于第二阈值。The device according to claim 6 or 7, wherein the threshold condition comprises: the feature data is smaller than a first threshold, and/or the feature data is larger than a second threshold.
根据权利要求7-9任一项所述的装置，其特征在于，所述通信数据包括：数据传输成功次数和数据传输失败次数，所述特征数据包括：数据传输成功率。The device according to any one of claims 7-9, wherein the communication data includes: the number of successful data transmissions and the number of failed data transmissions, and the feature data includes: a success rate of data transmissions.
一种信任评估装置，其特征在于，所述装置包括：A trust evaluation device, characterized in that the device comprises:

获取模块，用于获取网络设备的通信数据；An acquisition module, configured to acquire communication data of the network device;

特征提取模块，用于利用特征模型根据所述网络设备的通信数据，确定所述网络设备的特征数据；A feature extraction module, configured to use a feature model to determine feature data of the network device according to the communication data of the network device;

评估模块，用于利用信任模型根据所述网络设备的特征数据，确定所述网络设备的信任级别。An evaluation module, configured to use a trust model to determine the trust level of the network device according to the feature data of the network device.
根据权利要求11所述的装置，其特征在于，所述评估模块还用于：The device according to claim 11, wherein the evaluation module is also used for:

将所述网络设备的信任级别存储在区块链中；或者storing the trust level of said network device in a blockchain; or

将所述网络设备的信任级别对应的哈希值存储在所述区块链中，以及将所述网络设备的信任级别存储在存储***中；或者storing the hash value corresponding to the trust level of the network device in the blockchain, and storing the trust level of the network device in a storage system; or

广播所述网络设备的信任级别。The trust level of the network device is broadcasted.
一种计算设备，其特征在于，所述计算设备包括：处理器和存储器，所述处理器用于执行存储于所述存储器内的计算机程序，以执行权利要求1至4任一项所述的方法，或者执行权利要求5或6所述的方法。A computing device, characterized in that the computing device comprises: a processor and a memory, the processor is used to execute a computer program stored in the memory to perform the method according to any one of claims 1 to 4 , or carry out the method described in claim 5 or 6.
一种计算机可读存储介质，其特征在于，包括指令，当所述指令在计算机上运行时，使得所述计算机执行权利要求1至4任一项所述的方法，或者执行权利要求5或6所述的方法。A computer-readable storage medium, characterized in that it includes instructions, and when the instructions are run on a computer, the computer is made to execute the method according to any one of claims 1 to 4, or to execute the method according to claim 5 or 6. the method described.
一种计算机程序产品，其特征在于，包括程序代码，当计算机运行所述计算机程序产品时，使得所述计算机执行权利要求1至4任一项所述的方法，或者执行权利要求5或6所述的方法。A computer program product, characterized in that it includes program codes, when the computer runs the computer program product, the computer is made to perform the method described in any one of claims 1 to 4, or to perform the method described in claim 5 or 6. described method.