CN-121984750-A - Asset data management method and system based on trusted computing

Abstract

The invention relates to the technical field of network security asset data management, and discloses an asset data management method and system based on trusted computing, wherein the method comprises the steps of collecting asset data through a multi-source channel, and integrating the asset data through a standardized protocol to obtain an initial data set containing a time stamp and a metadata tag; extracting source characteristics and environment variables to construct a multidimensional description vector, calculating a credibility score and filtering low-confidence data, constructing a multidimensional characteristic matrix based on a filtered data set, fusing operation configuration variables to generate a comprehensive credibility vector through a random forest algorithm, constructing a concerned distribution matrix by combining network node loads, optimizing the concerned distribution matrix through a support vector machine to obtain a concerned distribution map, identifying a risk mode, generating a management and control strategy, and forming an iterative loop through feedback updating a threshold value. The method can realize efficient integration and credibility assessment of multi-source heterogeneous data, improves risk identification accuracy and management strategy dynamic adaptability, and ensures asset data security and credibility in an industrial data processing scene.

Inventors

• Request for anonymity

Assignees

• 广州云峰信息科技有限公司

Dates

Publication Date

20260505

Application Date

20260202

Claims (9)

1. 1. A trusted computing-based asset data management method, comprising: Asset data are collected through a multi-source channel, input streams of different suppliers are integrated through a standardized protocol, and an initial data set containing time stamps and metadata tags is obtained; extracting data source characteristics and time acquisition quantity according to the metadata tags in the initial data set, carrying out normalization, combining to form a multi-dimensional description vector, and calculating with a preset trusted reference vector to obtain a trusted score; if the credibility score is lower than a preset credibility threshold, marking the corresponding data as potential tampered data and removing the potential tampered data to form a filtered data set; Extracting timestamp continuity features and source node stability features according to the filtering data set, constructing a multidimensional feature matrix, collecting operation configuration variables, inputting the multidimensional feature matrix and the operation configuration variables into a preset random forest algorithm model, and generating a comprehensive credibility vector; Collecting real-time load states of network nodes, constructing an attention distribution matrix by combining the comprehensive credibility vector, extracting abnormal flow characteristics, forming a data characteristic set, classifying by a support vector machine to obtain a priority sequence, correcting the attention distribution matrix, and generating an attention distribution map; Traversing the attention distribution map, extracting a node behavior sequence, obtaining a risk identification mode by identifying an abnormal flow structure, calculating a deviation correction factor according to the risk identification mode, carrying out fusion analysis, defining a risk confidence interval, and generating a dynamic management and control instruction by combining a preset defense rule library; Analyzing the dynamic management and control instruction, extracting acquisition feedback parameters, mapping the acquisition feedback parameters to corresponding source acquisition nodes, acquiring real-time asset data streams of the source acquisition nodes, quantifying label confidence coefficient, and updating threshold setting if the label confidence coefficient is lower than a preset confidence base criterion to form an iterative optimized asset data management strategy.
2. 2. The trusted computing-based asset data management method of claim 1, wherein said collecting asset data via multi-source channels, integrating input streams of different suppliers using standardized protocols, results in an initial dataset comprising time stamps and metadata tags, comprises: the method comprises the steps of accessing input streams of different suppliers in parallel through a multi-source channel, carrying out message deconstructing and protocol parsing on the input streams based on a preset standardized protocol library, and extracting heterogeneous asset data fragments carrying source identifiers; establishing a mapping relation between unstructured fields and standard fields through semantic alignment aiming at unstructured fields in the heterogeneous asset data fragments to generate standardized asset data in a unified format; Classifying and grouping according to metadata tags in the standardized asset data according to time stamps, and removing redundant data to obtain a time sequence data set; and performing feature scanning on the time sequence data set, generating labeling information, and embedding the labeling information into a data structure of the time sequence data set to obtain the initial data set containing the time stamp and the metadata tag.
3. 3. The asset data management method based on trusted computing as claimed in claim 1, wherein said extracting data source characteristics and time collection according to said metadata tags in said initial dataset, normalizing and combining to form a multi-dimensional description vector, and calculating with a preset trusted reference vector to obtain a trusted score, comprises: Analyzing the metadata tag of the initial data set, extracting a supplier identity code as a data source characteristic, and calculating a transmission delay value as a time acquisition quantity through a difference value between a data transmission time stamp and a system receiving time stamp; Performing single-heat coding on the data source characteristics, normalizing the time acquisition quantity, and combining the processed data source characteristics with the time acquisition quantity to form a multi-dimensional description vector; And calculating the Euclidean distance between the multidimensional description vector and a preset trusted reference vector, converting the Euclidean distance into the fitting degree by using an inverse proportion function, and taking the fitting degree as the trusted fraction of the corresponding data point.
4. 4. The trusted computing-based asset data management method of claim 1, wherein if the trusted score is below a preset trusted threshold, marking the corresponding data as potentially tampered data and removing, forming a filtered data set, comprises: comparing the credibility score with the preset credibility threshold value, and marking the data with the credibility score lower than the preset credibility threshold value as potential tampering data; according to the unique identifier of the potential tampering data, a history record is called, and the fluctuation deviation value of the potential tampering data and the history record is calculated; If the fluctuation deviation value exceeds a preset deviation range, extracting the verification fingerprint information of the potential tampered data through a hash algorithm; And if the verification fingerprint information is inconsistent with the original hash value of the data, performing a removal operation on the potentially tampered data, aggregating the rest data stream and sorting the rest data stream according to the time stamp to form a filtered data set.
5. 5. The asset data management method based on trusted computing of claim 1, wherein the extracting timestamp continuity features and source node stability features from the filtered dataset, constructing a multidimensional feature matrix and collecting operation configuration variables, inputting the multidimensional feature matrix and the operation configuration variables into a preset random forest algorithm model, and generating a comprehensive credibility vector comprises: extracting the timestamp continuity feature and the source node stability feature from the filtered data set, and combining the timestamp continuity feature and the source node stability feature to form the multi-dimensional feature matrix, wherein the timestamp continuity feature is obtained through judging the continuity degree of adjacent data timestamps, and the source node stability feature is obtained through judging the node offline times and the data transmission error rate; collecting asset identity attributes, real-time running states and network security features as running configuration variables, and carrying out standardization and normalization processing on the running configuration variables; And inputting the multidimensional feature matrix and the normalized operation configuration variable into the random forest algorithm model to generate a comprehensive credibility vector.
6. 6. The asset data management method based on trusted computing of claim 1, wherein the collecting network node real-time load status, constructing a attention distribution matrix in combination with the comprehensive trusted degree vector, extracting abnormal traffic characteristics, forming a data characteristic set, classifying by a support vector machine to obtain a priority sequence, and correcting the attention distribution matrix to generate an attention distribution map, comprises: collecting a real-time load state of a network node, wherein the real-time load state comprises a node CPU utilization rate, a data transmission bandwidth occupancy rate and a cache occupancy rate; weighting mapping is carried out on the real-time load state and the comprehensive credibility vector, and a concerned distribution matrix is constructed; Analyzing the attention allocation matrix, extracting the data packet sending frequency mutation, the data volume abnormal increase and the transmission protocol abnormal switch as abnormal flow characteristics, and forming a data characteristic set; classifying the data feature set through a support vector machine, outputting a data feature priority sequence, and adjusting the weight of each feature in the attention allocation matrix according to the priority sequence to generate a feature importance grid of gradient layering; and mapping the feature importance grids to a network topological structure, distributing weight coefficients according to the levels of the core nodes, the sink nodes and the access nodes, and generating a concerned distribution map.
7. 7. The asset data management method based on trusted computing according to claim 1, wherein the traversing the attention distribution map and extracting a node behavior sequence, obtaining a risk recognition mode by recognizing an abnormal flow structure, calculating a deviation correction factor according to the risk recognition mode and performing fusion analysis, defining a risk confidence interval, and generating a dynamic management and control instruction by combining a preset defense rule base matching, comprises: Traversing the high-weight region of the concerned distribution map, and collecting the data stream sending frequency, response time, data packet size and transmission protocol type of the nodes, and arranging the data stream sending frequency, response time, data packet size and transmission protocol type according to the time stamp sequence to form a node behavior sequence; analyzing the node behavior sequence, identifying abnormal flow structures of abnormal fluctuation, and outputting a corresponding risk identification mode; calculating the characteristic centroid distance between the risk identification mode and the normal flow mode, and generating a deviation correction factor based on the characteristic centroid distance; fusing the deviation correction factors to the risk recognition mode to obtain a correction weight matrix, and analyzing the correction weight matrix to define a risk confidence interval; and generating a dynamic management and control instruction according to the risk confidence interval matched with a preset defense rule base.
8. 8. The asset data management method based on trusted computing according to claim 1, wherein said parsing the dynamic management and control instruction, extracting an acquisition feedback parameter and mapping the acquisition feedback parameter to a corresponding source acquisition node, acquiring a real-time asset data stream of the source acquisition node and quantifying a tag confidence, if the tag confidence is lower than a preset confidence base criterion update threshold setting, forming an iteratively optimized asset data management policy, comprising: Analyzing the dynamic control instruction, and extracting the data transmission success rate, the equipment response rate, the occurrence rate of abnormal events and the execution efficiency of control measures as acquisition feedback parameters; mapping the acquisition feedback parameters to corresponding source acquisition nodes through equipment unique codes, and acquiring real-time asset data streams of the source acquisition nodes; Calculating a feature matching distance between the real-time asset data stream and a preset asset feature constraint condition, and quantifying the label confidence of the metadata label according to the feature matching distance; If the label confidence coefficient is lower than a preset confidence standard, calculating a threshold parameter offset of the metadata label according to a difference value between the label confidence coefficient and the preset confidence standard and a preset adjustment coefficient, and generating an updated threshold set value; And feeding back the updated threshold set value to the acquisition link of the initial data set, and adjusting an acquisition rule, a characteristic scanning standard and an abnormality judgment threshold value to form an iterative optimized asset data management strategy.
9. 9. An asset data management system based on trusted computing, comprising: The data acquisition module is used for acquiring asset data through a multi-source channel, integrating input streams of different suppliers by using a standardized protocol, and obtaining an initial data set containing time stamps and metadata tags; the credible score calculation module is used for extracting data source characteristics and time acquisition quantity according to the metadata tags in the initial data set, carrying out normalization, combining to form a multidimensional description vector, and calculating with a preset credible reference vector to obtain a credible score; The data filtering module is used for marking the corresponding data as potential tampered data and removing the data if the credibility score is lower than a preset credibility threshold value to form a filtered data set; The credible vector generation module is used for extracting the timestamp continuity characteristic and the source node stability characteristic according to the filtering data set, constructing a multidimensional characteristic matrix, collecting operation configuration variables, inputting the multidimensional characteristic matrix and the operation configuration variables into a preset random forest algorithm model, and generating a comprehensive credible degree vector; The attention spectrum generation module is used for collecting real-time load states of network nodes, constructing an attention distribution matrix by combining the comprehensive credibility vector, extracting abnormal flow characteristics to form a data characteristic set, classifying by a support vector machine to obtain a priority sequence, and correcting the attention distribution matrix to generate an attention distribution spectrum; the instruction generation module is used for traversing the attention distribution map, extracting a node behavior sequence, obtaining a risk identification mode by identifying an abnormal flow structure, calculating a deviation correction factor according to the risk identification mode, carrying out fusion analysis, defining a risk confidence interval, and generating a dynamic management and control instruction by combining a preset defense rule base; And the iteration optimization module is used for analyzing the dynamic management and control instruction, extracting and mapping the acquisition feedback parameters to the corresponding source end acquisition nodes, acquiring the real-time asset data flow of the source end acquisition nodes and quantifying the label confidence, and if the label confidence is lower than a preset confidence base criterion, updating the threshold setting to form an iteration optimized asset data management strategy.

Description

Asset data management method and system based on trusted computing Technical Field The invention relates to the technical field of network security asset data management, in particular to an asset data management method and system based on trusted computing. Background At the current speed of digital transformation, trusted management of network security asset data has become a central need for industries, where asset data management in industrial data processing scenarios is particularly critical. Existing asset data management schemes rely on single evaluation metrics or traditional integration approaches, some of which attempt to interface with multi-source data via a base protocol, but lack standardized integration mechanisms and dynamic adaptation capabilities. In an industrial data processing scene, the schemes are difficult to cope with heterogeneous data from different suppliers and different equipment, and cannot effectively solve the integration problems caused by data format differences and complex sources. Meanwhile, the prior art has the advantages of multiple isolated consideration of single data characteristics, neglecting the comprehensive influence of dynamic factors such as acquisition environment fluctuation, equipment state change and the like in industrial data processing, and leading to one-sided evaluation of data reliability and larger deviation. In summary, in the prior art, it is difficult to effectively integrate multi-source heterogeneous data in an industrial data processing scenario, and the comprehensive evaluation capability of data credibility is lacking, so that the management policy lacks pertinence and dynamic adaptability, and the core requirements of industrial data processing on asset data safety and credibility cannot be met. Disclosure of Invention The invention provides an asset data management method and system based on trusted computing, which are used for solving the problems that in the prior art, multi-source heterogeneous data are difficult to integrate effectively in an industrial data processing scene, comprehensive evaluation on data credibility is lacking, and management strategies lack pertinency and dynamic adaptability. In order to solve the above technical problems, the present invention provides an asset data management method based on trusted computing, including: Asset data are collected through a multi-source channel, input streams of different suppliers are integrated through a standardized protocol, and an initial data set containing time stamps and metadata tags is obtained; extracting data source characteristics and time acquisition quantity according to the metadata tags in the initial data set, carrying out normalization, combining to form a multi-dimensional description vector, and calculating with a preset trusted reference vector to obtain a trusted score; if the credibility score is lower than a preset credibility threshold, marking the corresponding data as potential tampered data and removing the potential tampered data to form a filtered data set; Extracting timestamp continuity features and source node stability features according to the filtering data set, constructing a multidimensional feature matrix, collecting operation configuration variables, inputting the multidimensional feature matrix and the operation configuration variables into a preset random forest algorithm model, and generating a comprehensive credibility vector; Collecting real-time load states of network nodes, constructing an attention distribution matrix by combining the comprehensive credibility vector, extracting abnormal flow characteristics, forming a data characteristic set, classifying by a support vector machine to obtain a priority sequence, correcting the attention distribution matrix, and generating an attention distribution map; Traversing the attention distribution map, extracting a node behavior sequence, obtaining a risk identification mode by identifying an abnormal flow structure, calculating a deviation correction factor according to the risk identification mode, carrying out fusion analysis, defining a risk confidence interval, and generating a dynamic management and control instruction by combining a preset defense rule library; Analyzing the dynamic management and control instruction, extracting acquisition feedback parameters, mapping the acquisition feedback parameters to corresponding source acquisition nodes, acquiring real-time asset data streams of the source acquisition nodes, quantifying label confidence coefficient, and updating threshold setting if the label confidence coefficient is lower than a preset confidence base criterion to form an iterative optimized asset data management strategy. In a second aspect, the present invention provides an asset data management system based on trusted computing, comprising: The data acquisition module is used for acquiring asset data through a multi-source channel, integrating input streams of dif