Search

CN-121644233-B - Endogenous security OS construction method and device based on intelligent agent and management and control calculation

CN121644233BCN 121644233 BCN121644233 BCN 121644233BCN-121644233-B

Abstract

The invention belongs to the technical field of information security, and relates to an endogenous security OS construction method and device based on intelligent agent and management and control calculation, wherein the method comprises the steps of constructing a bottom security base based on a hardware trusted root and a microkernel; defining and deploying a hierarchical and function-specific multi-intelligent agent based on the bottom security base, establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent, developing an intelligent collaborative scheduling algorithm oriented to multi-objective optimization based on the multi-agent communication and interaction protocol stack, fusing an active defense and passive response endogenous security mechanism, and evaluating the security situation of the whole life cycle of an endogenous security operating system. Dynamic intrusion detection can be performed, an Intrusion Detection System (IDS) based on machine learning can be deployed, the normal behavior mode of an intelligent agent can be learned, and abnormal tampering behaviors, doS attacks, abnormal communication and the like can be identified.

Inventors

  • QI JIANHUAI
  • XU GUOQIAN
  • HU JINHUA
  • ZHENG WEIFAN
  • HAN DANDAN
  • CHENG YANG

Assignees

  • 深圳市永达电子信息股份有限公司

Dates

Publication Date
20260512
Application Date
20260203

Claims (8)

  1. 1. An endogenous security OS construction method based on intelligent agent and management and control calculation is characterized by comprising the following steps: constructing a bottom security base based on a hardware trusted root and a microkernel; defining and deploying hierarchical and function-specific multi-intelligent agents based on the bottom security base; establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent; based on the multi-agent communication and interaction protocol stack, developing an intelligent collaborative scheduling algorithm oriented to multi-objective optimization; An endogenous safety mechanism integrating active defense and passive response; carrying out security situation assessment of a full life cycle on an endogenous security operating system; the steps of defining and deploying the hierarchical and functional multi-intelligent agent based on the bottom security base specifically comprise: designing a three-layer collaborative intelligent agent organization architecture of an activity monitoring agent, a host monitoring agent and a network monitoring agent; performing light weight, containerization packaging and deployment of an activity monitoring agent, a host monitoring agent and a network monitoring agent; Injecting a local autonomous detection capability based on a behavior baseline for the activity monitoring agent, the host monitoring agent and the network monitoring agent; the step of establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent specifically comprises the following steps: Formulating a safety communication protocol based on a national cryptographic algorithm and mutual authentication; implementing an asynchronous message mechanism based on a publish/subscribe model and a data bus; Reliable transmission and control mechanisms are designed to resist replay and blocking.
  2. 2. The method for constructing an endogenous security OS based on intelligent agent and management and control computation according to claim 1, wherein the step of constructing an underlying security base based on a hardware trusted root and microkernel specifically comprises: Implementing a full link metric starting mechanism based on a trusted platform module; concentrating the core functions of the operating system into a secure kernel; with hardware virtualization extensions, a hardware-assisted security domain isolation environment is created at the operating system level for different security components.
  3. 3. The method for constructing an endogenous security OS based on intelligent agent and management and control computation according to claim 1, wherein the step of developing an intelligent collaborative scheduling algorithm for multi-objective optimization based on a multi-agent communication and interaction protocol stack specifically comprises: designing a task allocation algorithm based on multi-dimensional benefit evaluation; constructing a conflict resolution mechanism based on game theory and priority; and implementing a dynamic load balancing algorithm for global perception and prediction.
  4. 4. The method for constructing an endogenous security OS based on intelligent agent and management and control computation according to claim 1, wherein the step of fusing an active defense and passive response endogenous security mechanism specifically comprises: Performing continuous computing environment integrity measurement and verification; deploying intelligent threat hunting and reasoning based on a security large model; and constructing a closed-loop automatic response and strategy self-optimization system.
  5. 5. The method for constructing an endogenous security OS based on intelligent agent and management and control computation according to any one of claims 1 to 4, wherein the step of performing security posture assessment of a full life cycle on an endogenous security operating system specifically comprises: Establishing a multidimensional and quantized security situation assessment index system; Carrying out normalized attack and defense drilling and chaotic engineering practice; predictive maintenance and architecture elastic telescoping based on digital twinning are performed.
  6. 6. An endogenous security OS construction device based on intelligent agent and management and control calculation, which is characterized by comprising: The construction module is used for constructing a bottom layer security base based on the hardware trusted root and the microkernel; the deployment module is used for defining and deploying hierarchical and function-specific multi-intelligent agents based on the bottom security base; The communication module is used for establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent; The scheduling module is used for developing an intelligent collaborative scheduling algorithm oriented to multi-objective optimization based on the multi-agent communication and interaction protocol stack; The fusion module is used for fusing an active defense and passive response endophytic security mechanism; the evaluation module is used for evaluating the security situation of the whole life cycle of the endogenous security operation system; The deployment module is further to: designing a three-layer collaborative intelligent agent organization architecture of an activity monitoring agent, a host monitoring agent and a network monitoring agent; performing light weight, containerization packaging and deployment of an activity monitoring agent, a host monitoring agent and a network monitoring agent; Injecting a local autonomous detection capability based on a behavior baseline for the activity monitoring agent, the host monitoring agent and the network monitoring agent; the communication module is further configured to: Formulating a safety communication protocol based on a national cryptographic algorithm and mutual authentication; implementing an asynchronous message mechanism based on a publish/subscribe model and a data bus; Reliable transmission and control mechanisms are designed to resist replay and blocking.
  7. 7. A computer device comprising a memory and a processor, the memory having stored therein computer readable instructions which when executed by the processor implement the steps of the intelligent agent and management calculation based endogenous security OS building method of any of claims 1 to 5.
  8. 8. A computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of the intelligent agent and management computation based endogenous security OS building method of any of claims 1 to 5.

Description

Endogenous security OS construction method and device based on intelligent agent and management and control calculation Technical Field The invention relates to the technical field of information security, in particular to an endogenous security OS construction method and device based on intelligent agent and management and control calculation. Background With the fusion evolution of new technologies such as 5G, IPv, internet of things, MEC (multiple access edge computing) and the like, mass terminal equipment is accessed into a network to form a large-scale machine type communication (mMTC) scene. Under the 'IPv 6+5G' fusion background, hundreds of billions of devices are directly exposed to the public network, and if an effective security management mechanism is lacking, the devices are very easy to be utilized by attackers to form a large-scale botnet, high-capacity DDoS attack is initiated, and the core network and application security are seriously threatened. The existing safety protection system mostly adopts a centralized protection mode, and has the problems of high response delay, delayed strategy updating, difficulty in coping with zero-day attack and the like. While the traditional security components such as firewall, WAF, log audit and the like can be deployed at the edge or cloud, the cooperative linkage mechanism is lacking, and the fine granularity protection and dynamic self-adaptive defense of the intelligent agent level cannot be realized. Therefore, a "self-immune" security architecture with autonomous sensing, self-repairing and self-defense capabilities is needed to realize core functions such as integrity verification, tamper resistance, rejection service, and secure communication of an agent in a distributed environment, and improve the toughness and security of the overall system. Disclosure of Invention In order to solve the technical problems, on the one hand, the invention provides an endogenous security OS construction method based on intelligent agent and management and control calculation, which adopts the following technical scheme that the method comprises the following steps: constructing a bottom security base based on a hardware trusted root and a microkernel; defining and deploying hierarchical and function-specific multi-intelligent agents based on the bottom security base; establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent; based on the multi-agent communication and interaction protocol stack, developing an intelligent collaborative scheduling algorithm oriented to multi-objective optimization; An endogenous safety mechanism integrating active defense and passive response; And carrying out security situation assessment of the whole life cycle on the endogenous security operating system. Preferably, the step of constructing an underlying security base based on the hardware trusted root and the microkernel specifically includes: Implementing a full link metric starting mechanism based on a trusted platform module; concentrating the core functions of the operating system into a secure kernel; with hardware virtualization extensions, a hardware-assisted security domain isolation environment is created at the operating system level for different security components. Preferably, the step of defining and deploying the hierarchical, function-specific multi-intelligent agent based on the underlying security base specifically includes: designing a three-layer collaborative intelligent agent organization architecture of an activity monitoring agent, a host monitoring agent and a network monitoring agent; performing light weight, containerization packaging and deployment of an activity monitoring agent, a host monitoring agent and a network monitoring agent; Local autonomous detection capability based on behavior base lines is injected into the activity monitoring agent, the host monitoring agent and the network monitoring agent. Preferably, the step of establishing a multi-agent communication and interaction protocol stack for the multi-intelligent agent specifically includes: Formulating a safety communication protocol based on a national cryptographic algorithm and mutual authentication; implementing an asynchronous message mechanism based on a publish/subscribe model and a data bus; Reliable transmission and control mechanisms are designed to resist replay and blocking. Preferably, the steps of developing the intelligent collaborative scheduling algorithm for multi-objective optimization based on the multi-agent communication and interaction protocol stack specifically include: designing a task allocation algorithm based on multi-dimensional benefit evaluation; constructing a conflict resolution mechanism based on game theory and priority; and implementing a dynamic load balancing algorithm for global perception and prediction. Preferably, the step of fusing the active defense and the passive response endogenous security me