CN-122027182-A - Emergency command system and method based on endophytic safety

Abstract

The invention discloses an emergency command system and an emergency command method based on endophytic safety, which belong to the technical field of network space defense, and particularly comprise an emergency command platform and a safety protection platform, wherein the emergency command platform is used for completing processing and feedback of emergency events, the safety protection platform is used for comprehensively protecting the emergency command platform, and the emergency command system further comprises a risk early warning module which is connected with a monitoring control module and a data processing module and is used for identifying potential risks in advance through real-time analysis of the cleaned information data stream and the state of the digital twin platform based on the information data stream analyzed by the monitoring control module and the data processed by the data processing module.

Inventors

• WANG KUANGYU
• LI QIANQIAN
• LIU RUXIAO
• WANG DONGLIANG
• WANG JIANDONG

Assignees

• 郑州华骏技术有限公司

Dates

Publication Date

20260512

Application Date

20250723

Claims (10)

1. 1. An emergency command system based on endophytic safety is characterized by comprising an emergency command platform and a safety protection platform; The emergency command platform is used for completing the processing and feedback of emergency events; The safety protection platform is used for comprehensively protecting the emergency command platform and comprises a data acquisition module, a data processing module, a monitoring control module, an agent simulation module, a dynamic reconstruction module and a decision tracing module; The risk early warning module is connected with the monitoring control module and the data processing module and is used for carrying out real-time assessment on potential safety risks and emergency risks by using a risk assessment algorithm based on the information data flow analyzed by the monitoring control module and the data processed by the data processing module.
2. 2. The emergency command system based on endophytic safety of claim 1, wherein the emergency command platform comprises an information management module, a multimedia collaboration module, a weather decision module, a map application module, an emergency plan module, a communication scheduling module, a daemon module, a field switching module, an application data temporary storage area and a coding identification area, wherein the coding identification area is used for storing the node numbers.
3. 3. The emergency command system based on endogenous safety of claim 2, wherein the information management module is a module for managing and maintaining emergency information and comprises functions of data acquisition, integration, storage, inquiry, analysis and the like of emergency events; the main function of the multimedia collaboration module is to support real-time transmission and communication of multimedia information such as video, audio and images so as to meet the communication and collaboration requirements of emergency command departments; The weather decision module is a module for fusing weather information into an emergency command information system, and decides and commands according to weather data prediction and analysis; The map application module is one of important modules in the emergency system, and can display information such as real-time data, events, resources and the like through a map. The system can also help the user to monitor, analyze, schedule and other functions; The emergency plan module is used for preparing an effective emergency plan for coping with various emergency conditions according to standard specifications and technical requirements and supporting operations such as emergency material preparation and calling; The communication scheduling module is the basis for maintaining contact and coordination in emergency command. The module ensures the continuity of communication through modes of channel selection, frequency setting, encoding and decoding and the like, and realizes smooth transmission of command; and the code identification area is used for storing the node numbers of the command platform.
4. 4. The emergency command system based on endogenous safety according to claim 1, wherein the data acquisition module is used for acquiring an information data stream of each built-in module of each emergency command platform, and the information data stream comprises application data and state information; The data processing module is used for cleaning and classifying the acquired information data streams and constructing a digital twin platform of each emergency command platform based on the information data streams; The data processing module comprises a data cleaning unit, a data classifying unit and a twin constructing unit; The data cleaning unit performs information duplication removal and missing value filling on the information data stream by utilizing a wavelet transformation algorithm and a data filling algorithm; The data classification unit classifies the cleaned information data stream according to the node number by using a clustering algorithm; and the data twinning unit utilizes a network analysis algorithm and a Monte simulation algorithm to construct a corresponding twinning emergency command platform according to the classified information data stream.
5. 5. The emergency command system based on endophytic safety of claim 1, wherein the monitoring control module is used for monitoring and analyzing the information data stream of each emergency command platform and generating corresponding regulation and control instructions to regulate and control the information data stream of each emergency command platform; The monitoring control module comprises a detection analysis unit, a data distribution unit and an instruction generation unit, wherein the detection analysis unit compresses the dimension of the information data stream by using a depth analysis model: (1) And preprocessing and normalizing the original data, such as screening effective information and non-effective information in the data, and removing redundant or repeated data sections. Wherein, the Representing the potential dimension of the object, The weight value is represented by a weight value, The activation function is represented as a function of the activation, The deviation vector is represented by a vector of deviations, The representation CVAE encodes the network and, A sample of the information data stream is represented, Representing a real label; Inputting the information data stream subjected to dimension reduction processing into a feature extraction layer to extract feature information of the information data stream, wherein the feature extraction layer comprises 13 beta 3 convolution layers, 1 beta 1 point convolution layers, 23 beta 3 maximum pooling layers and 3 normalization layers; (2) Wherein, the Represent the first The layers are convolved with each other, The representation RELU activates the function, Indicating the number of convolutions of the layer, Representing an adjacency matrix; Then respectively inputting the information data stream after information compiling into two network branches of a learning training layer for iterative training to obtain depth characteristic values, wherein the first network branch comprises 3 beta 3 convolution layers, 13 beta 3 up sampling layers, 13 beta 3 down sampling layers, 1 beta 1 point convolution layers and 1 SoftPlus activation functions, and the second network branch comprises 2 beta 1 convolution layers, 4 beta 1 up sampling layers, 4 beta 1 down sampling layers, 2 SELU activation functions and 2 PRelu activation functions; then, the depth characteristic value which is subjected to splicing fusion is subjected to double reconstruction of structure and attribute by using a reconstruction decoder; (3) Wherein, the Representing the reconstructed decoded value(s), The representation PRelu activates the function, The representation SigMoid activates the function, Representing a transpose; And finally, the reconstructed information data stream sequentially passes through an average pooling layer, a full connection layer and LRelu activation functions, the information data stream is divided into benign data stream, malignant data stream and unknown suspicious data stream, the data distribution unit respectively transmits the information data stream which is recognized and analyzed to a corresponding remote signaling channel by utilizing a parallel transmission algorithm, and the instruction generation unit generates a corresponding regulation and control instruction according to the serial number of the remote signaling channel and the node number of the emergency command platform.
6. 6. The emergency command system based on endogenous safety of claim 1, wherein the proxy simulation module is used for receiving the regulation and control instruction and transmitting unknown suspicious data streams to a digital twin platform for judgment and evaluation; the agent simulation module comprises a regulation and control execution unit, an agent activation unit and a simulation judgment unit; The agent simulation module firstly decomposes a regulation instruction by using an instruction decoding algorithm through a regulation execution unit, then activates a digital twin platform which is built up through an agent activation unit, and finally carries out real-time research and judgment on the digital twin platform loaded with unknown suspicious data streams by using a time sequence evaluation algorithm through a simulation judgment unit.
7. 7. The emergency command system based on endophytic safety of claim 1, wherein the dynamic reconfiguration module is used for reconfiguring an operation frame of each built-in module of the emergency command platform according to a judging and evaluating result of the digital twin platform so as to generate a dynamic protection strategy; the dynamic reconstruction module comprises a research analysis unit, a dynamic defense unit and a conversion reconstruction unit; the research and judgment analysis unit utilizes a consensus feedback algorithm to determine the essential structure of unknown suspicious data flow according to the real-time research and judgment result; The dynamic defense unit adjusts an original framework of the digital twin platform according to an intrinsic framework of unknown suspicious data flows by using an mimicry defense model so as to realize safe isolation of the digital twin platform; The mimicry defense model comprises a complete heterogeneous layer and a limited heterogeneous layer; the complete heterogeneous layer is used for converting and changing the architecture of the digital twin platform when the unknown suspicious data flows are used for carrying out continuous game on the digital twin platform; the finite heterogeneous layer is used for converting and changing the architecture of the digital twin platform when the unknown suspicious data flow is used for intermittent game of the digital twin platform, and determining the expected benefits of the unknown suspicious data flow according to the probability of successful invasion of the unknown suspicious data flow when the finite heterogeneous layer is used for the complete heterogeneous layer: (4) Wherein, the The full benefit is represented by the fact that, The benefit expectation function is represented as such, The benefit is represented by the fact that, The cost is represented by a value that is, The time of attack is indicated as being the time of attack, Representing the rotation period and considering the influence of the cost during the attack and defense of unknown suspicious data flows in the period on the complete benefit. At this time, the defending period of the digital twin platform is prolonged, the benefits of unknown suspicious data flows are expected to be negative, and the unknown suspicious data flows lose intrusion capability: (5) Wherein, the The rationality factor is represented by a graph, The probability density function of the intrusion is presented, Representing time; In the finite heterogeneous layer, the unknown suspicious data flow takes the invasion times as accumulated experience, and when the unknown suspicious data flow invades again, the benefits of the unknown suspicious data flow are expected to be: (6) Wherein, the The limited benefit is represented by the fact that, Representing the number of intrusions; When two levels of the mimicry defense model are operated irregularly, the comprehensive profit expectations are: (7) Wherein, the Representing a hierarchical transition probability; And finally, formulating a dynamic defense strategy of the twin digital platform according to the comprehensive income expectation and adjusting the original framework of each built-in module of the digital twin platform so as to realize the safety isolation of the digital twin platform. The conversion and reconstruction unit reconstructs the operation frame of each built-in module of the emergency command platform by utilizing an countermeasure conversion algorithm according to the new frame of the digital twin platform, and improves the safety protection level of the emergency command platform at the same time so as to form a dynamic protection strategy.
8. 8. The emergency command system based on endophytic safety of claim 1, wherein the arbitration and tracing module is used for arbitrating and tracing unknown suspicious data flows according to a dynamic protection strategy and a judgment and evaluation result; The judging and tracing module comprises an abnormality origin determining unit, a path tracing unit and a judging and cracking unit; The abnormal origin determining unit performs source location on unknown suspicious data flows according to the essential architecture of the information data flows; the path backtracking unit performs backtracking reproduction on the network path of the unknown suspicious data flow by using a node time jump algorithm; The judging and cracking unit utilizes dynamic and static analysis algorithm to deeply crack the intrinsic framework of unknown suspicious data flow and generate corresponding vulnerability patches.
9. 9. The emergency command system based on endophytic safety of claim 1, wherein the risk early warning module further comprises a risk plan association unit, and the risk plan association unit automatically associates corresponding emergency plans in the emergency plan module according to risk types and grades after risk early warning triggering, pushes plan information to an emergency command platform and assists a commander in fast decision-making; Acquiring a multidimensional real-time data stream, wherein the data stream comprises running state data, external environment monitoring data, emergency resource scheduling data and historical risk event associated data of built-in modules of each emergency command platform; classifying and extracting the real-time data stream to obtain a potential safety risk characteristic parameter and an emergency risk characteristic parameter, wherein the potential safety risk characteristic parameter comprises hidden danger occurrence probability And degree of influence of hidden trouble The emergency event risk feature parameters include event diffusion probability Current range of influence Coefficient of diffusion rate Emergency disposal availability factor ; Calculating a potential security risk value: : = ; Wherein, the As a number of types of potential safety hazards, Is the first Weighting coefficient of class hidden trouble , Is the first Hidden danger of class at moment Based on the deviation quantization of the real-time monitoring data and the safety threshold; is the first Hidden danger of class at moment Dynamically adjusting the asset value and personnel density of the affected area in combination with the real-time influence degree of the affected area; calculating emergency event risk values : = ; Wherein, the For the number of types of emergency events, Is the first Class event at time Is used for the diffusion probability of (a), Is the first Class event at time Is used for the real-time influence range of (a), Is the first The diffusion rate coefficient of the event-like, Is the first Emergency handling availability factor for class event; According to a preset risk level threshold value, for And Performing grade judgment, and outputting real-time risk grade (low/medium/high) and early warning signals; Preset time per interval Repeating the above steps, dynamically adjusting based on updated real-time data stream 、 、 、 、 、 And parameters, and realizing real-time updating of risk assessment.
10. 10. A method based on an endophytic safety emergency command system, comprising the following steps: s1, each built-in module of the multi-emergency command platform processes and feeds back an emergency event; s2, acquiring information data streams of each built-in module of each emergency command platform through a data acquisition module, wherein the information data streams specifically comprise: The data acquisition module firstly verifies the node numbers of the emergency command platforms, then carries out detection and authentication on the communication states of the emergency command platforms, and finally obtains the information data stream of each built-in module of the emergency command platform which completes the communication authentication, wherein the information data stream comprises application data and state information; S3, cleaning and classifying the acquired information data flow through a data processing module, and building a digital twin platform of each emergency command platform according to the information data flow, wherein the digital twin platform specifically comprises the following steps: The data processing module carries out information duplication removal and missing value filling on the information data stream, classifies the cleaned information data stream according to the node number, and finally constructs a corresponding twin emergency command platform based on the classified information data stream; S4, carrying out real-time risk assessment and generating an early warning signal based on the processed information data stream and the digital twin platform through a risk early warning module, wherein the method specifically comprises the following steps: the risk early warning module acquires the cleaned and classified information data stream and the real-time state data of the digital twin platform from the data processing module, quantitatively evaluates the potential safety risk and the emergency event risk by using a risk evaluation algorithm, outputs a risk level (low/medium/high) and a corresponding early warning signal, and synchronizes the early warning signal to the monitoring control module; s5, monitoring and analyzing the information data stream of each emergency command platform through a monitoring control module, and generating corresponding regulation and control instructions by combining the early warning signals to regulate and control the information data stream of the emergency command platform, wherein the method specifically comprises the following steps: the monitoring control module performs identification analysis on the information data stream by using a deep analysis model, transmits the analyzed information data stream to a corresponding remote signaling channel, and generates a regulation and control instruction according to the early warning signal, the remote signaling channel serial number and the node serial number; S6, receiving and implementing the regulation and control instruction through the proxy simulation module, and transmitting unknown suspicious data streams to a plurality of functionally equivalent digital twin platforms for judgment and evaluation, wherein the method specifically comprises the following steps of: The agent simulation module decomposes the regulation and control instruction, activates the built digital twin platform, and then carries out real-time research and judgment on the digital twin platform loaded with unknown suspicious data streams; s7, reconstructing an operation frame of each built-in module of the emergency command platform through a dynamic reconstruction module according to a judging and evaluating result of the digital twin platform to generate a dynamic protection strategy, wherein the method specifically comprises the following steps: The dynamic reconfiguration module determines the essential framework of unknown suspicious data flow, adjusts the original framework of the digital twin platform to realize safety isolation, and then reconfigures the operation framework of each built-in module of the emergency command platform according to the new framework of the digital twin platform, thereby improving the safety protection level of the emergency command platform and forming a dynamic protection strategy; S8, judging and backtracking unknown suspicious data flows through a judging and backtracking module according to a dynamic protection strategy and a judgment and evaluation result, wherein the method specifically comprises the following steps of: And the judging and tracing module performs source location on the unknown suspicious data flow, traces and reproduces the network path of the unknown suspicious data flow, and then deeply breaks the essential framework of the unknown suspicious data flow and generates a corresponding vulnerability patch.

Description

Emergency command system and method based on endophytic safety Technical Field The invention belongs to the technical field of network space defense, and particularly relates to an emergency command system and method based on endophytic safety. Background CMD achieves a nonlinear security gain through a purely architectural endogenous mechanism, called mimicry defensive gain. MDG is 'endophytic', and has no dependency on mechanism with the existing security protection technologies such as intrusion detection, prevention, isolation and removal measures of encryption authentication, firewall filtering, virus checking and killing, trojan horse removal and the like, and the traditional incremental repair measures such as bug repair, back door plugging or malicious code removal and the like are only taken as supplementary measures for stabilizing the defense effect and have no real-time requirement. However, the fusion uses the traditional security technology to obviously enhance the isomerism of the mimicry system, so that the defensive capability of the target object is improved in a super-nonlinear manner. The prior art discloses a Chinese patent with the application number of CN2023114970318, which discloses an endogenous security architecture system and an abnormality detection method. The endophytic security architecture system comprises an arbitration module and at least one executable body, wherein the arbitration module comprises a main arbitration process, an arbitration program library and at least one executable body interface library, the executable body interface library corresponds to the executable bodies one by one, the main arbitration process is used for determining a target arbitration program from all arbitration programs contained in the arbitration program library according to the type of each executable body of the executable body, by-pass monitoring is carried out on each executable body through the target arbitration program, when the executable body is monitored to carry out service execution, a service execution result of the executable body is obtained by calling a service execution result obtaining interface provided in the executable body interface library corresponding to the executable body, the service execution result of the executable body is taken as a target service result corresponding to the executable body, and according to the target service result corresponding to each executable body, an abnormal executable body is determined from all the executable bodies, and the abnormal executable body is processed in a downlink mode. The emergency command system is easy to attack by external network attack, has low safety protection, and is low in response speed in time for extremely high-obfuscation malicious attack, so that the emergency command system and the method based on endophytic safety are provided to solve the technical problems. Disclosure of Invention To solve the problems set forth in the background art. The invention provides an emergency command system and method based on endogenous safety, which have the characteristics of effectively detecting abnormal information data flow with extremely deep camouflage, providing a corresponding protection strategy for an emergency command platform according to the protection response of a digital twin platform, and improving the safety protection level of the emergency command platform in real time. In order to achieve the aim, the invention provides the technical scheme that the emergency command system based on endophytic safety comprises an emergency command platform and a safety protection platform; The emergency command platform is used for completing the processing and feedback of emergency events; The safety protection platform is used for comprehensively protecting the emergency command platform and comprises a data acquisition module, a data processing module, a monitoring control module, an agent simulation module, a dynamic reconstruction module and a decision tracing module; The risk early warning module is connected with the monitoring control module and the data processing module and is used for carrying out real-time assessment on potential safety risks and emergency risks by using a risk assessment algorithm based on the information data flow analyzed by the monitoring control module and the data processed by the data processing module. Preferably, the emergency command platform comprises an information management module, a multimedia cooperation module, a weather decision module, a map application module, an emergency plan module, a communication scheduling module, a guard module, a field switching module, an application data temporary storage area and a coding identification area, wherein the coding identification area is used for storing the node numbers. Preferably, the information management module is a module for managing and maintaining the emergency information and comprises the functions of data acquis