Search

CN-121984754-A - Internet of things terminal network safety early warning platform based on artificial intelligence

CN121984754ACN 121984754 ACN121984754 ACN 121984754ACN-121984754-A

Abstract

The application discloses an artificial intelligence-based internet of things terminal network safety pre-warning platform, which is characterized in that a cross-domain characteristic alignment is carried out on information domain and physical domain data analyzed at the bottom layer, and the information domain and the physical domain data are innovatively converted into a time sequence texture gray scale map, so that the characteristics of a convolutional neural network on a space receptive field are utilized, and potential semantic association and time sequence evolution rules among heterogeneous data streams are deeply extracted. Finally, through the real-time estimation of the full-connection classification and threat probability, the full-link early warning closed loop from multi-dimensional feature fusion, deep feature mining to automatic generation of defense instructions is realized, and the safety defense efficiency and response speed of the industrial Internet of things network in the face of advanced persistent threat are greatly improved.

Inventors

  • LIU HAN
  • ZHU YING
  • LI SHUAI
  • Song teng
  • DANG FANGFANG
  • Yan lijing
  • SONG YIFAN
  • MENG HUIPING
  • LI YU
  • CUI XIAORUI

Assignees

  • 国网河南省电力公司信息通信分公司

Dates

Publication Date
20260505
Application Date
20260203

Claims (8)

  1. 1. An artificial intelligence-based internet of things terminal network security early warning platform, which is characterized by comprising: The information domain-physical domain characteristic alignment module is used for analyzing and splicing the information domain data and the physical domain data in the original sensor data stream acquired from the bottom layer of the physical connection terminal to obtain an information domain-physical domain alignment characteristic matrix; The pixel mapping module is used for carrying out numerical normalization and pixel gray mapping on the information domain-physical domain alignment feature matrix to obtain a pixelated vector sequence; The time sequence slicing and row-by-row stacking module is used for performing time sequence slicing and row-by-row stacking on the pixelated vector sequence to obtain a time sequence texture gray scale image; The cross-domain feature convolution extraction module is used for performing CNN-based cross-domain feature convolution extraction on the time sequence texture gray level diagram to obtain a time sequence texture high-dimensional abstract feature tensor; The classification and threat probability estimation module is used for carrying out full-connection classification and threat probability estimation on the high-dimensional abstract feature tensor of the sequence texture so as to obtain a prediction result structure body containing class labels and probability values; the control instruction generation module is used for comparing the attack probability value in the prediction result structure body with a preset safety threshold value and automatically triggering the defending strategy control instruction when the attack probability value is larger than the safety threshold value.
  2. 2. The network security pre-warning platform of the internet of things terminal based on artificial intelligence according to claim 1, wherein the information domain-physical domain feature alignment module is configured to: heterogeneous data distribution based on the channel identifier is carried out on the original sensor data stream so as to obtain a classified cache data frame set; performing multidimensional feature analysis and vectorization extraction on the classified cache data frame set to generate a discrete feature sequence with a time stamp; and carrying out anchor point searching, vector splicing and linear interpolation on the discrete feature sequence with the time stamp based on a preset time synchronization tolerance window so as to obtain an information domain-physical domain alignment feature matrix.
  3. 3. The artificial intelligence based internet of things terminal network security pre-warning platform of claim 1, wherein the pixel mapping module comprises: The column-level abnormal noise cleaning unit is used for cleaning column-level abnormal noise based on a statistical threshold value for the information domain-physical domain alignment feature matrix to obtain a cleaned feature matrix; The normalization unit is used for carrying out maximum and minimum normalization and linear scaling on the feature matrix after cleaning to obtain a normalized feature matrix; And the gray space mapping and integer quantization unit is used for carrying out gray space mapping and integer quantization on the normalized feature matrix so as to obtain a pixelated vector sequence.
  4. 4. The artificial intelligence-based internet of things terminal network security early warning platform according to claim 3, wherein the gray space mapping and integer quantization unit is configured to perform gray space mapping and integer quantization on the normalized feature matrix according to the following formula: Wherein, the For normalizing the first of the feature matrices The elements of the location are selected to be, Is a depth constant for the gray level, Representing a downward rounding function.
  5. 5. The artificial intelligence based internet of things terminal network security pre-warning platform of claim 1, wherein the sequential slicing and row-wise stacking module comprises: the time sequence buffer unit is used for carrying out sliding window initialization and FIFO buffer filling on the pixelated vector sequence to obtain a full-load time sequence buffer area; the space-time dimension replacement and matrix stacking mapping unit is used for carrying out space-time dimension replacement and matrix stacking mapping on vectors in the full-load time sequence buffer area so as to obtain an original texture matrix; the header information adding and memory packaging unit is used for adding header information and packaging the memory of the original texture matrix to obtain a time sequence texture gray scale map.
  6. 6. The artificial intelligence-based internet of things terminal network security early warning platform according to claim 1, wherein the cross-domain feature convolution extraction module is configured to: Based on a first-stage small-size convolution kernel, performing sliding convolution operation and nonlinear mapping on the time-series texture gray level map to extract and obtain a primary feature map set; carrying out maximum pooling and feature dimension reduction compression on the primary feature atlas to obtain a dimension reduction feature atlas; And carrying out depth convolution and cross-domain semantic association coupling on the dimension reduction feature atlas based on the deep convolution kernel containing the depth direction to obtain a time sequence texture high-dimensional abstract feature tensor.
  7. 7. The artificial intelligence-based internet of things terminal network security early warning platform according to claim 1, wherein the classification and threat probability estimation module is configured to: performing dimension reduction and straightening treatment on the high-dimensional abstract feature tensor of the sequence texture to obtain a one-dimensional global feature vector; performing full-connection layer linear mapping and logic value calculation on the one-dimensional global feature vector to obtain a classified logic value vector; the classification logic value vector is subjected to Softmax probability normalization to obtain a prediction result structure body.
  8. 8. The artificial intelligence based internet of things terminal network security pre-warning platform of claim 5, wherein the space-time dimension permutation and matrix stacking mapping unit is further configured to: Mapping the data of the full-load time sequence buffer area into a time sequence feature matrix, and obtaining a feature coupling matrix according to the cooperative variation degree between any two feature columns in the time sequence feature matrix; Performing maximum spanning tree feature sequence optimization on the feature coupling matrix to obtain a feature rearrangement index sequence; And performing topology-aware texture mapping on the row vectors in the full-load time sequence buffer by using the characteristic rearrangement index sequence to obtain a topology optimized texture matrix serving as an original texture matrix.

Description

Internet of things terminal network safety early warning platform based on artificial intelligence Technical Field The application relates to the field of intelligent early warning, in particular to an artificial intelligence-based internet of things terminal network safety early warning platform. Background With the deep integration of industrial Internet and information physical systems, internet of things terminals are widely applied to key fields of power systems, smart cities, industrial manufacturing and the like, and become a core support for national infrastructure operation. Because of wide distribution and complex environment of the internet of things terminal equipment, the network threat faced by the internet of things terminal equipment is increasingly severe, and attack means gradually evolve to a direction with high concealment and across fields. Therefore, a set of high-efficiency and intelligent internet of things terminal network safety early warning scheme is constructed, and the method has a crucial strategic significance for guaranteeing the operation safety of the system and identifying and intercepting potential threats in real time. However, the existing internet of things terminal safety early warning scheme is mostly dependent on single-dimension analysis of network traffic or classification judgment by building a blacklist mechanism through supervised learning. Such schemes expose significant limitations in dealing with new Advanced Persistent Threat (APT) or mimicry attacks. Firstly, the problem of single feature space dimension in the prior art generally exists, and only information domain data is often concerned, so that deep fusion of physical domain sensor features is ignored, and an attacker presents a transparent state in front of a network layer in case of abnormal operation (such as voltage surge or abnormal energy consumption) of a physical layer, so that system report missing is easily caused. Secondly, in the process of data imaging and model training, the traditional technology generally adopts a direct index mapping strategy, and the inherent semantic topological structure and causal association among heterogeneous data are not considered, so that the physical space and the cleavage of semantic logic cause serious feature island phenomenon. In addition, because the industrial site is difficult to obtain a complete attack sample, and the time sequence logic is cracked in the processing process, the existing early warning platform is difficult to accurately identify the 'mimicry' malicious behavior imitating the normal business logic, so that the identification accuracy is obviously reduced when facing high-concealment attack, and the actual requirement of industrial-level high-precision early warning cannot be met. Therefore, an optimized artificial intelligence-based internet of things terminal network security early warning platform is expected. Disclosure of Invention In order to solve the technical problems, the application provides an artificial intelligence-based internet of things terminal network security early warning platform. According to one aspect of the application, there is provided an artificial intelligence based internet of things terminal network security early warning platform, comprising: The information domain-physical domain characteristic alignment module is used for analyzing and splicing the information domain data and the physical domain data in the original sensor data stream acquired from the bottom layer of the physical connection terminal to obtain an information domain-physical domain alignment characteristic matrix; The pixel mapping module is used for carrying out numerical normalization and pixel gray mapping on the information domain-physical domain alignment feature matrix to obtain a pixelated vector sequence; The time sequence slicing and row-by-row stacking module is used for performing time sequence slicing and row-by-row stacking on the pixelated vector sequence to obtain a time sequence texture gray scale image; The cross-domain feature convolution extraction module is used for performing CNN-based cross-domain feature convolution extraction on the time sequence texture gray level diagram to obtain a time sequence texture high-dimensional abstract feature tensor; The classification and threat probability estimation module is used for carrying out full-connection classification and threat probability estimation on the high-dimensional abstract feature tensor of the sequence texture so as to obtain a prediction result structure body containing class labels and probability values; the control instruction generation module is used for comparing the attack probability value in the prediction result structure body with a preset safety threshold value and automatically triggering the defending strategy control instruction when the attack probability value is larger than the safety threshold value. Compared with the prior art, the In