CN-120850257-B - Hierarchical software protection strategy generation method and system based on machine learning

Abstract

The application discloses a hierarchical software protection strategy generation method and system based on machine learning, and relates to the field of software protection; the method comprises the steps of completing the priority division of equipment software to obtain a software grading result, predicting the total resource consumption of target equipment, generating a dynamic resource threshold, monitoring the target equipment in real time by using a software monitoring device, and generating a software protection strategy by combining the real-time monitoring result and the software grading result. The application can effectively realize the real-time protection of the hierarchical software.

Inventors

• WANG WENJIN
• CHEN MINGLIANG
• WU MEINA
• FANG CHUNXUE
• WANG ZHOUXING

Assignees

• 武汉大全能源技术股份有限公司

Dates

Publication Date

20260512

Application Date

20250708

Claims (7)

1. 1. A hierarchical software protection policy generation method based on machine learning, the method comprising the steps of: Acquiring equipment software information and a history operation record of target equipment, wherein the history operation record comprises a history operation index and a history operation period; analyzing the interaction relation among all the device software in the target device according to the device software information; the equipment software is taken as a software node, and the interaction relationship is taken as node edges among all the software nodes to construct a software topology network; for any piece of equipment software, calculating the node centrality of the software nodes corresponding to the equipment software according to the software topology network; calculating neighbor centrality of all neighbor nodes of the software node; Determining node heterogeneity of the software node in combination with the node centrality and all of the neighbor centralities; Traversing the neighbor nodes, and calculating the neighbor isomerism of all the neighbor nodes; Combining the node isomerism and all the neighbor isomerism, and calculating the topological importance of the equipment software through a cross entropy formula; The fuzzy hierarchy method is utilized to complete the importance fuzzy judgment of all the equipment software, and the fuzzy importance of the equipment software is obtained; Fusing the topological importance and the fuzzy importance to obtain the comprehensive importance of the equipment software; Completing the priority division of all the equipment software according to all the comprehensive importance degrees to obtain a software grading result; Preprocessing the historical operation index when the target equipment starts to operate; the historical operation index after the pretreatment is completed through the time sequence analysis, so that a time sequence operation index is obtained; extracting time sequence characteristics of the time sequence operation index by utilizing a sliding window, and dividing the operation process of the target equipment into a plurality of operation stages by combining the time sequence characteristics and the historical operation period; constructing an initial resource prediction model based on machine learning, and training the initial resource prediction model by utilizing the history operation indexes after preprocessing to obtain a resource prediction model; inputting the equipment software information and the pre-acquired equipment operation information into a pre-constructed resource prediction model, respectively outputting the total resource consumption of the target equipment in each operation stage through the resource prediction model, and generating a resource dynamic threshold according to the total resource consumption; And monitoring the target equipment in real time by using the software monitoring device by taking the dynamic threshold value of the resource as a reference, and generating a software protection strategy by combining a real-time monitoring result and the software grading result, wherein the software monitoring device is preset in the target equipment.
2. 2. The method of claim 1, wherein the device software information includes hierarchical software types, software interaction logs, and device manuals.
3. 3. The method according to claim 1, wherein the step of performing the fuzzy evaluation of the importance of all the device software by using the fuzzy hierarchy method to obtain the fuzzy importance of the device software comprises the steps of: constructing a hierarchical structure model of the equipment software based on a pre-acquired software industry standard, wherein the hierarchical structure model comprises a target layer, a criterion layer and a sub-criterion layer; dividing a plurality of evaluation factor sets of the equipment software according to the hierarchical structure model; For any evaluation factor set, completing importance fuzzy evaluation among all evaluation factors in the evaluation factor set by using the fuzzy evaluation number, and constructing a fuzzy judgment matrix according to an importance fuzzy evaluation result; Converting the fuzzy judgment matrix into a fuzzy consistent matrix; Based on the fuzzy consistency matrix, completing evaluation sequencing of all the evaluation factors, determining relative weights of all the evaluation factors according to evaluation sequencing results, and integrating all the relative weights into a relative weight set; finishing single-factor evaluation of the evaluation factor set based on a fuzzy theory to obtain a factor evaluation matrix; And (3) accurately processing the matrix products of all the relative weight sets and the factor evaluation matrix by using an anti-blurring algorithm to obtain the blurring importance degree of the equipment software.
4. 4. The method according to claim 1, wherein the step of monitoring the target device in real time by using a software monitoring device based on the dynamic threshold of the resource, and generating a software protection policy by combining the real-time monitoring result and the software classification result includes the steps of: Collecting comprehensive operation indexes of all the equipment software in real time through a software monitoring device; for any piece of equipment software, if the comprehensive operation index is smaller than or equal to the dynamic threshold value of the resource, judging that the equipment software has no index abnormality; If the duration time of the comprehensive operation index which is larger than the dynamic threshold value of the resource exceeds a preset time threshold value, judging that the index abnormality occurs in the equipment software; And when the index abnormality occurs to the equipment software, generating a software protection strategy according to the software grading result.
5. 5. The method of claim 4, wherein generating a software protection policy based on the software classification result when the device software has an index anomaly comprises the steps of: Dividing all the device software into core software and non-core software according to the software classification result; outputting alarm information when the index of the core software is abnormal; When the index of the non-core software is abnormal, determining whether parallel logic exists between the non-core software and the core software according to the equipment software information; If parallel logic exists between the non-core software and any one of the core software, static isolation is implemented between the non-core software and the corresponding core software; And if no parallel logic exists between the non-core software and any core software, limiting the operation authority of the non-core software.
6. 6. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the machine-learning based hierarchical software protection policy generation method according to any one of claims 1 to 5.
7. 7. A hierarchical software protection policy generation system based on machine learning, comprising: A memory configured to store instructions, and A processor configured to invoke the instructions from the memory and when executing the instructions is capable of implementing the machine learning based hierarchical software protection policy generation method according to any of claims 1 to 5.

Description

Hierarchical software protection strategy generation method and system based on machine learning Technical Field The embodiment of the application relates to the field of software protection, in particular to a hierarchical software protection strategy generation method and system based on machine learning. Background In modern industry, different types of control devices play a vital role in various fields, and are widely used in various fields, for example, control cabinets are widely used in fields of industry, construction and the like due to automation, energy saving, protection and communication functions. The electrical equipment can normally operate to realize various functions, and software inside the electrical equipment cannot be separated, such as PLC software, HMI software and the like. Therefore, when the software inside the control device is abnormal, the control device may not normally operate, which has serious consequences. The existing software protection strategy mainly comprises the steps of distributing operation authorities of different levels, authorizing access through a hardware token or multi-factor authentication (MFA), starting an encryption protocol and other schemes, and can achieve the aim of protecting the software in the control equipment to a certain extent, but cannot play a role in protecting software abnormality caused by internal reasons such as insufficient PLC memory, overload operation of a CPU and the like. Disclosure of Invention The embodiment of the application provides a hierarchical software protection strategy generation method and system based on machine learning, which are used for solving the problem that the prior art is difficult to protect control equipment software in real time. In order to achieve the above purpose, the embodiment of the present application adopts the following technical scheme: In a first aspect, a method for generating hierarchical software protection policies based on machine learning is provided, the method comprising: acquiring device software information and a history operation record of target devices; According to the device software information, completing the priority division of all device software in the target device to obtain a software classification result; When the target equipment starts to operate, combining equipment software information and a historical operation record, dynamically predicting the total resource consumption of the target equipment through machine learning, and generating a resource dynamic threshold according to the total resource consumption; And monitoring the target equipment in real time by using the software monitoring device by taking the dynamic threshold value of the resource as a reference, and generating a software protection strategy by combining a real-time monitoring result and the software grading result, wherein the software monitoring device is preset in the target equipment. Optionally, the device software information includes a hierarchical software type, a software interaction log and a device manual, and the historical operation record includes a historical operation index and a historical operation period. Optionally, the step of completing the prioritization of all the device software in the target device according to the device software information to obtain a software grading result includes the following steps: analyzing the interaction relation among all the device software in the target device according to the device software information; the equipment software is taken as a software node, and the interaction relationship is taken as node edges among all the software nodes to construct a software topology network; For any piece of equipment software, determining the topological importance of the equipment software according to the network attribute of the software topological network; The fuzzy hierarchy method is utilized to complete the importance fuzzy judgment of all the equipment software, and the fuzzy importance of the equipment software is obtained; Fusing the topological importance and the fuzzy importance to obtain the comprehensive importance of the equipment software; And completing the priority division of all the equipment software according to all the comprehensive importance degrees to obtain a software grading result. Optionally, the determining the topology importance of all the device software according to the network attribute of the software topology network includes the following steps: Calculating the node centrality of the software nodes corresponding to the equipment software according to the software topology network; calculating neighbor centrality of all neighbor nodes of the software node; Determining node heterogeneity of the software node in combination with the node centrality and all of the neighbor centralities; Traversing the neighbor nodes, and calculating the neighbor isomerism of all the neighbor nodes; And combining the node isomeri