Search

CN-122027337-A - Digital twin data bidirectional synchronization security test and optimization method based on cloud test platform

CN122027337ACN 122027337 ACN122027337 ACN 122027337ACN-122027337-A

Abstract

The invention discloses a digital twin data bidirectional synchronous security testing and optimizing method based on a cloud testing platform, and relates to the technical field of security risk assessment. The method comprises the steps of obtaining a physical entity model and computing equipment information to generate a twin database, generating a digital twin topological model, generating an attack database based on a preset automatic attack tool, simulating a network attack scene, predicting an attack range and a hazard degree by using the digital twin topological model, carrying out attack on the physical entity model by the attack database to obtain an actual attack range and a hazard degree, comparing the actual attack range and the hazard degree with predicted data to obtain an optimized digital twin model, inputting the attack to be predicted into the optimized digital twin model to obtain a model deduction result, judging a security attack risk, and generating and executing a targeted protection strategy according to the security attack risk. The invention can realize accurate assessment of the safety risk of the digital twin system and improve the safety and reliability of the digital twin system.

Inventors

  • Request for anonymity
  • Request for anonymity
  • Request for anonymity
  • Request for anonymity
  • Request for anonymity
  • Request for anonymity

Assignees

  • 北京欧泰思特科技发展有限公司

Dates

Publication Date
20260512
Application Date
20260323

Claims (9)

  1. 1. The digital twin data bidirectional synchronization safety testing method based on the cloud testing platform is characterized by comprising the following steps of: acquiring a physical entity model constructed by computing equipment of different nodes and computing equipment information, and preprocessing acquired data to generate a twin database; Modeling and mapping are carried out according to the twin database data to generate a digital twin topology model, and a plurality of attack modes are generated in batches based on a preset automatic attack tool to generate an attack database; And simulating a network attack scene in the digital twin topology model by utilizing the attack database, analyzing corresponding changes of the digital twin topology model in the attack process, predicting the attack range and the hazard degree, and obtaining a security test result.
  2. 2. The digital twin data bidirectional synchronization security testing method based on the cloud testing platform as recited in claim 1, wherein, Acquiring the computing device information includes acquiring target network basic configuration information and target network operating parameters corresponding to the computing device, The target network basic configuration information comprises a target network card, a target network cable, a target hub and a target switch; the target network operating parameters include a target IP address, a target subnet mask, a target default gateway, a target DNS server, a target network protocol, a target network interface, and a target subnet.
  3. 3. The digital twin data bidirectional synchronization security testing method based on the cloud testing platform as recited in claim 1, wherein, Generating the twin database comprises the steps of cleaning, normalizing and correlating the collected original data, extracting key features which can be used for modeling, obtaining processed data, and storing the processed data in the structured twin database.
  4. 4. The digital twin data bidirectional synchronization security testing method based on the cloud testing platform as recited in claim 2, wherein, Generating the digital twin topology model includes: Performing network scale evaluation on the target network according to the network configuration information to obtain a network scale index; generating modeling complexity according to the network scale index, and judging whether the modeling complexity is greater than preset modeling complexity or not; If the modeling complexity is greater than the preset modeling complexity, acquiring a dimension reduction instruction, and performing dimension reduction on the target network according to the dimension reduction instruction to acquire a dimension reduction network; and modeling and mapping the dimension reduction network to generate a digital twin topology model.
  5. 5. The digital twin data bidirectional synchronization security testing method based on the cloud testing platform as recited in claim 1, wherein, The attack on the physical entity model comprises: typical attack types are combed from an attack database, attack characteristics, load codes and triggering conditions are extracted, and an attack scene is designed in a targeted manner by combining the topological structure, node configuration and data flow rules of the digital twin model; And tracking the attack instruction in real time to acquire an instruction transmission track.
  6. 6. The method for testing the bidirectional synchronization security of the digital twin data based on the cloud testing platform as recited in claim 5, wherein, The predicted attack range and the predicted damage degree are mapping data sets formed by triples based on attack modes, vulnerability reasons and vulnerability influences.
  7. 7. The digital twin data bidirectional synchronization security optimization method based on the cloud test platform is applied to the digital twin data bidirectional synchronization security test method based on the cloud test platform as claimed in any one of claims 1 to 6, and is characterized by comprising the following steps: The physical entity model is attacked by utilizing the attack database, the actual attack range and the hazard degree are obtained, the parameters of the digital twin topology model are adjusted by comparing with the predicted data, and the optimized digital twin model is obtained; inputting the attack to be predicted into the optimized digital twin model to obtain a model deduction result, further judging the security attack risk, and generating and executing a targeted protection strategy according to the security attack risk.
  8. 8. The cloud testing platform-based digital twin data bidirectional synchronization security optimization method as recited in claim 7, wherein, Obtaining the optimized digital twin model comprises the following steps: comparing the actual attack range and the hazard degree with the predicted data, judging that the threshold value is exceeded, and carrying out parameter optimization on all parameters of the physical entity model by adopting a simulated annealing algorithm to obtain a first parameter; carrying out parameter optimization on all parameters of the physical entity model by adopting a genetic algorithm to obtain a second parameter; Carrying out semantic standardization processing on the first parameter and the second parameter corresponding to the physical entity model to obtain standard data corresponding to the physical entity model; and carrying out weighted accumulation operation on the standard data to obtain optimized parameter data, and optimizing the digital twin model based on the optimized parameter data.
  9. 9. The cloud testing platform-based digital twin data bidirectional synchronization security optimization method as recited in claim 7, wherein, Judging the security attack risk comprises judging a consensus determined risk value based on a preset security risk, wherein the expression is as follows: , Wherein F is an analog risk value, For the weight values of various attack simulation results, And (3) risk values corresponding to various attack simulation results, wherein n is the total number of attack simulation results.

Description

Digital twin data bidirectional synchronization security test and optimization method based on cloud test platform Technical Field The invention relates to the technical field of security risk assessment, in particular to a digital twin data bidirectional synchronization security testing and optimizing method based on a cloud testing platform. Background Under the wave tide of digital transformation, the digital twin technology is used as a key bridge for connecting a physical world and a virtual digital world, and is widely applied to a plurality of fields such as intelligent manufacturing, smart cities, network security and the like. The digital twin realizes the monitoring, simulation, analysis and optimization of the full life cycle of the physical entity by constructing a virtual model which is highly similar to the physical entity. The cloud testing platform provides an ideal supporting environment for digital twin large-scale data processing, complex model operation and safety test by virtue of the strong computing capability, the resource elastic expansion capability and the distributed deployment characteristic. The bidirectional synchronization of the digital twin data is a core for realizing real-time interaction of a physical entity and a virtual model, and the safety of the bidirectional synchronization is directly related to the stable operation and the data safety of the whole digital twin system. Once security holes appear in the bidirectional synchronization process of the data, the operation state of the physical entity can be tampered, sensitive data is revealed, and even faults or out of control of the physical entity are caused. Therefore, the digital twin data bidirectional synchronous security testing and optimizing method based on the cloud testing platform is provided to solve the difficulty existing in the prior art, and is a problem to be solved by the person skilled in the art. Disclosure of Invention In view of the above, the invention provides a bidirectional synchronous security testing and optimizing method for digital twin data based on a cloud testing platform, which realizes accurate assessment of security risk of a digital twin system and improves security and reliability of the digital twin system. In order to achieve the above purpose, the present invention adopts the following technical scheme: The digital twin data bidirectional synchronization safety testing method based on the cloud testing platform comprises the following steps: acquiring a physical entity model constructed by computing equipment of different nodes and computing equipment information, and preprocessing acquired data to generate a twin database; Modeling and mapping are carried out according to the twin database data to generate a digital twin topology model, and a plurality of attack modes are generated in batches based on a preset automatic attack tool to generate an attack database; And simulating a network attack scene in the digital twin topology model by utilizing the attack database, analyzing corresponding changes of the digital twin topology model in the attack process, predicting the attack range and the hazard degree, and obtaining a security test result. Optionally, obtaining the computing device information includes obtaining target network basic configuration information and target network operating parameters corresponding to the computing device, The target network basic configuration information comprises a target network card, a target network cable, a target hub and a target switch; the target network operating parameters include a target IP address, a target subnet mask, a target default gateway, a target DNS server, a target network protocol, a target network interface, and a target subnet. Optionally, generating the twin database comprises cleaning, normalizing and correlating the collected raw data, extracting key features available for modeling, obtaining processed data, and storing the processed data in the structured twin database. Optionally, generating the digital twin topology model includes: Performing network scale evaluation on the target network according to the network configuration information to obtain a network scale index; generating modeling complexity according to the network scale index, and judging whether the modeling complexity is greater than preset modeling complexity or not; If the modeling complexity is greater than the preset modeling complexity, acquiring a dimension reduction instruction, and performing dimension reduction on the target network according to the dimension reduction instruction to acquire a dimension reduction network; and modeling and mapping the dimension reduction network to generate a digital twin topology model. Optionally, attacking the physical entity model includes: typical attack types are combed from an attack database, attack characteristics, load codes and triggering conditions are extracted, and an attack scene is designe