Search

CN-122001683-A - Communication data security analysis processing method, system and storage medium

CN122001683ACN 122001683 ACN122001683 ACN 122001683ACN-122001683-A

Abstract

The invention relates to the technical field of communication, in particular to a communication data security analysis processing method, a system and a storage medium, which comprise the steps of recording communication data of all scenes based on an Internet of things scene monitored by an edge node; the method comprises the steps of carrying out gradient summary on edge node data, screening a target communication subset operated cooperatively by the edge nodes, taking logic coordination and time continuity of the target communication subset as references, combining an indirect access path formed by the edge nodes and the area nodes, extracting abnormal communication data under time lag cooperation, converting scene labels, node positions and time periods of the abnormal communication data into constraint conditions according to abnormal time and abnormal response intensity related to the abnormal communication data, solving risk cooperation factors when the data are abnormal, monitoring scenes in which the risk cooperation factors appear, and blocking and optimizing the indirect access path when new risk cooperation factors are monitored. The accuracy and the efficiency of communication data risk analysis are improved.

Inventors

  • LI FENG
  • CHENG ZHIZHONG
  • WANG GONGWEI
  • REN GUI
  • ZHANG GUOYIN
  • WU LIPING

Assignees

  • 山东云天安全技术有限公司
  • 山东新中天信息技术股份有限公司

Dates

Publication Date
20260508
Application Date
20260408

Claims (10)

  1. 1. The communication data security analysis processing method is characterized by comprising the following steps: S1, based on the scenes of the Internet of things monitored by edge nodes, generating communication data comprising equipment numbers, associated equipment, scene labels and node positions according to the access frequency of each scene; S2, obtaining area nodes corresponding to the edge nodes, and distributing differential privacy noise to the edge nodes by the area nodes according to scene labels; S3, taking the logic coordination and time continuity of the target communication subset as references, and extracting abnormal communication data under time lag coordination by combining an indirect access path formed by the edge nodes and the regional nodes; S4, converting scene labels, node positions and time periods of the abnormal communication data into constraint conditions according to the abnormal time and abnormal response intensity related to the abnormal communication data, and solving risk collaborative factors when the data are abnormal; s5, monitoring scenes in which the risk collaborative factors appear, and executing blocking optimization on the indirect access path when the new risk collaborative factors are monitored, so as to lock the target scenes of the data analysis.
  2. 2. The method for securely analyzing and processing communication data according to claim 1, wherein the implementation manner of extracting the communication data of each edge node in step S1 includes: S11, aiming at an Internet of things scene arranged by the edge nodes, acquiring the access frequency of the edge nodes, and establishing an access frequency accumulation chart corresponding to all data in the edge nodes; and S12, sorting the data of each edge node based on the access frequency stacking diagram and the associated equipment corresponding to the current data, and determining the communication data processed by each edge node.
  3. 3. The method according to claim 1, wherein the implementation of screening the target communication subset of the cooperative operation of the edge nodes in step S2 includes: s21, based on node positions corresponding to the edge nodes, carrying out continuous time splitting in a cooperative operation state among a plurality of edge nodes, and determining gradient data uploaded by each edge node at a corresponding time period; S22, marking all devices in a collaborative operation state in gradient data as a device collaborative group according to the gradient data after noise addition of all edge nodes; S23, aligning gradient time sequences of a plurality of edge nodes in the same equipment cooperative group, and dividing scenes according to the time sequence similarity; And S24, summarizing the data after scene division according to the scene label, the time window and the hierarchy of the equipment collaboration group to obtain a gradient aggregation data set of the polygonal edge nodes, and screening the gradient aggregation data set to obtain a target communication subset.
  4. 4. A method of securely analyzing and processing communication data according to claim 3, wherein determining gradient data uploaded by each edge node at a corresponding time period comprises: forming a gradient data set based on the lag time and the cooperative communication times under the same cooperative task; Setting a gradient vector by taking the lag time, the access frequency and the cooperative communication frequency in the gradient data set as statistical dimensions; and performing gradient clipping on each gradient vector, and taking the gradient vector as output gradient data.
  5. 5. The method according to claim 1, wherein when the logic coordination and time continuity of the target communication subset are used as references in step S3, the implementation manner includes: s31, extracting time lag cooperative deviation of corresponding equipment and associated equipment aiming at equipment and associated equipment related to a target communication subset, and sequentially executing business logic inspection; s32, based on the indirect access paths of the target communication subsets in the continuous time period, sequentially executing time continuity analysis on each path node of the indirect access paths, and determining failure nodes of the indirect access paths; s33, marking an abnormal access starting point and an abnormal access end point by utilizing a failure node of the indirect access path, and constructing a directional connection path; S34, regarding the intersection of the directed connection paths as a target node, and determining the output abnormal communication data based on the number of the incoming and outgoing edges of the target node.
  6. 6. The method for securely analyzing and processing communication data according to claim 5, wherein when determining a failed node of the indirect access path, the method comprises: For each path node in the indirect access path, selecting the same path node of the adjacent time window based on the time sequence of the data received by the path node, and acquiring the communication time of the path node in the adjacent time window; And checking whether communication exists in each time window from adjacent time windows by using the communication time of the path nodes, setting a communication identifier for the communication time, and screening out failure nodes according to the related content of the communication identifier.
  7. 7. The method for securely analyzing and processing communication data according to claim 1, wherein the implementation manner of the risk collaborative factor when solving the data anomaly in step S4 includes: s41, enabling the node position corresponding to the abnormal communication data to serve as a processed abnormal communication node, taking the access frequency of the abnormal communication node in unit time as abnormal response intensity, and quantifying the node abnormal probability according to the ratio of the abnormal access frequency to the total access frequency; s42, based on the position of the abnormal communication node in the indirect connection path, combing the connection direction of the abnormal communication node and other nodes in the indirect connection path, and constructing joint probability in the risk propagation evolution; S43, taking the data after risk propagation evolution as an input item of cross verification, selecting a root cause node of abnormal communication, and taking a corresponding node as an output risk synergistic factor.
  8. 8. The method for securely analyzing and processing communication data according to claim 1, wherein when the target scene of the data analysis is locked in step S5, the implementation manner includes: s51, determining related edge nodes according to the acquired risk collaboration factors, and searching a monitoring rule base under risk collaboration through scene labels corresponding to the edge nodes; S52, receiving real-time communication data of the corresponding edge nodes based on the monitoring rule base, and matching the corresponding data with the monitoring rule base if risk cooperative factors exist in the real-time communication data; And S53, based on the matched data content, performing hierarchical blocking optimization on the indirect access path, and taking the optimized scene as an output target scene.
  9. 9. A communication data security analysis processing system, comprising: the communication sampling module is used for generating communication data comprising equipment numbers, associated equipment, scene labels and node positions according to the access frequency of each scene based on the scenes of the Internet of things monitored by the edge nodes; The data summarizing module is used for acquiring regional nodes corresponding to the edge nodes, and distributing differential privacy noise to the edge nodes according to scene labels by the regional nodes; The cooperative judgment module is used for extracting abnormal communication data under time lag cooperation by taking the logic coordination and time continuity of the target communication subset as references and combining an indirect access path formed by the edge nodes and the regional nodes; The risk solving module is used for converting scene labels, node positions and time periods of the abnormal communication data into constraint conditions according to the abnormal time and abnormal response intensity related to the abnormal communication data and solving risk cooperative factors when the data are abnormal; The scene locking module is used for monitoring scenes in which the risk collaborative factors appear, and when a new risk collaborative factor is monitored, the blocking optimization is executed on the indirect access path, and the target scene of the data analysis is locked.
  10. 10. A storage medium storing computer instructions for causing a computer to execute a communication data security analysis processing method according to any one of claims 1 to 8.

Description

Communication data security analysis processing method, system and storage medium Technical Field The invention relates to the technical field of communication, in particular to a communication data security analysis processing method, a system and a storage medium. Background Along with the large-scale landing of the Internet of things technology, the number of terminal equipment in the scenes of industrial Internet of things, intelligent parks, urban rail transit and the like is increased in an explosive manner, massive sensitive data are required to be gathered in traditional centralized processing, the data leakage risk is high, the data are easy to disperse due to the traditional fixed slicing strategy, the time for querying across slices is long, and the efficiency of processing massive data is affected. For example, chinese patent publication No. CN119583216a discloses a data security analysis system and method applied to wireless communication equipment, which belongs to the technical field of artificial intelligence. The method comprises the steps of recording information of wireless communication equipment in an enterprise, acquiring an enterprise wireless network architecture, monitoring data flow, sending a wireless communication equipment data set by combining the wireless communication equipment information with a network topological graph, establishing a normal communication behavior mode through an ARIMA model, establishing association with a moving track in an enterprise park for mobile equipment in the wireless communication equipment, establishing association with business application for fixed equipment, training the neural network model by adopting a neural network algorithm, learning the normal communication behavior mode, identifying an abnormal mode in the wireless communication equipment data set, automatically recording detailed information of an abnormal event when the abnormal mode is detected, taking corresponding measures for the abnormal equipment according to a preset safety strategy, and sending an alarm notification to a safety management team of the enterprise. The communication dynamic analysis method comprises the steps of obtaining a communication time sequence, carrying out multi-scale decomposition on the communication time sequence to obtain a reference communication time sequence, calculating a slope and a propagation rate, determining abnormal communication data based on the slope and the propagation rate, determining continuous abnormal communication data according to the periodic characteristics of the abnormal communication data and the propagation sequence of the abnormal communication data in network nodes, determining a starting node and a propagation path of the continuous abnormal communication data by adopting reverse time sequence recursion analysis, inputting the abnormal data characteristics of the starting node and the propagation path of the continuous abnormal communication data into an LSTM neural network model, and predicting the subsequent abnormal nodes. In the prior art, the recognition processing of communication behaviors is completed by combining the autocorrelation and the partial correlation processing of a time sequence and the base station layout of communication anomalies, or the continuous anomaly starting point is determined in a node backtracking mode by the propagation velocity after multi-scale decomposition, but the recognition processing of the anomaly communication behaviors is biased in the prior art, so that the problems of high risk of data leakage and long data fragment inquiry time exist, potential safety hazards are easily accumulated, the use efficiency of the whole system is further influenced, and the communication efficiency in multiple scenes is reduced. Disclosure of Invention In order to solve the technical problems, the technical scheme adopted by the invention is that the communication data security analysis processing method comprises the following steps of S1, based on the scenes of the Internet of things monitored by the edge nodes, generating communication data comprising equipment numbers, associated equipment, scene labels and node positions according to the access frequency of each scene. S2, obtaining area nodes corresponding to the edge nodes, distributing differential privacy noise to the edge nodes by the area nodes according to scene labels, adding noise when the edge nodes upload data, and screening target communication subsets operated cooperatively by the edge nodes after the area nodes are summarized in gradient. S3, taking the logic coordination and time continuity of the target communication subset as references, and extracting abnormal communication data under time lag coordination by combining an indirect access path formed by the edge nodes and the regional nodes. S4, converting scene labels, node positions and time periods of the abnormal communication data into constraint conditions according