技术领域Technical field
本发明涉及计算机技术领域,具体而言,涉及一种物联网数据安全事件预测方法及系统。The present invention relates to the field of computer technology, and specifically to an Internet of Things data security event prediction method and system.
背景技术Background technique
在客户端和服务端间数据交互的问题,由接收端接收数据,但是有时会出现数据不安全的现象,不安全的数据会对接收端造成伤害,所以需要判别传输数据的安全性。由于传输数据过多,且传输数据不为理想状态的数据,而是转化为二进制的数据,所以不容易解决安全性问题。In the problem of data interaction between the client and the server, the receiving end receives the data, but sometimes the data is insecure. Insecure data will cause harm to the receiving end, so the security of the transmitted data needs to be judged. Since there is too much data to be transmitted, and the transmitted data is not ideal data but converted into binary data, it is not easy to solve the security problem.
发明内容Contents of the invention
本发明的目的在于提供了一种物联网数据安全事件预测方法及系统,用以解决现有技术中存在的上述问题。The purpose of the present invention is to provide an Internet of Things data security event prediction method and system to solve the above problems existing in the prior art.
第一方面,本发明实施例提供了一种物联网数据安全事件预测方法,包括:In a first aspect, embodiments of the present invention provide a method for predicting Internet of Things data security events, including:
获得物联网数据;所述物联网数据为用户请求所传输的信息;所述物联网数据是接收端接收到的,通过网络传输的应用层请求信息;Obtain Internet of Things data; the Internet of Things data is information transmitted by user requests; the Internet of Things data is application layer request information received by the receiving end and transmitted through the network;
将所述物联网数据,通过检测,得到传输向量集合;所述传输向量集合包括报头向量和数据内容向量;所述数据内容向量中的向量值表示传输的内容;The Internet of Things data is detected to obtain a transmission vector set; the transmission vector set includes a header vector and a data content vector; the vector value in the data content vector represents the transmitted content;
将所述数据内容向量,进行哈希映射,得到映射向量;Perform hash mapping on the data content vector to obtain a mapping vector;
将所述映射向量和报头向量,输入安全事件预测模型,得到预测安全值;所述预测安全值为1表示数据传输安全;所述预测安全值为0表示传输数据不安全;Input the mapping vector and header vector into the security event prediction model to obtain the predicted safety value; the predicted safety value of 1 indicates that the data transmission is safe; the predicted safety value of 0 indicates that the transmitted data is unsafe;
若所述预测安全值为0,将数据包丢弃。If the predicted safety value is 0, the data packet is discarded.
可选的,所述安全事件预测模型包括存储结构、LTSM神经网络和DNN神经网络:Optionally, the security event prediction model includes storage structure, LTSM neural network and DNN neural network:
所述DNN神经网络的输入为数据内容向量;所述存储结构的输入为数据内容向量;所述LTSM神经网络的输入为报头向量和所述存储结构的输出。The input of the DNN neural network is the data content vector; the input of the storage structure is the data content vector; the input of the LTSM neural network is the header vector and the output of the storage structure.
可选的,所述将所述物联网数据,通过检测,得到传输向量集合,包括:Optionally, the Internet of Things data is detected to obtain a transmission vector set, including:
获得物联网协议;所述物联网协议为收端固定的通信协议;所述物联网协议为应用层协议;Obtain an Internet of Things protocol; the Internet of Things protocol is a communication protocol with a fixed receiving end; the Internet of Things protocol is an application layer protocol;
将所述物联网数据,按照物联网协议,得到多个起始位置;所述起始位置为各类信息在传输的物联网数据中的位置;Use the Internet of Things data according to the Internet of Things protocol to obtain multiple starting positions; the starting positions are the positions of various types of information in the transmitted Internet of Things data;
将多个起始位置的物联网数据,进行分割,得到多个传输数据集合;所述传输数据集合为物联网协议对应位置的值组成的集合;Divide the Internet of Things data at multiple starting positions to obtain multiple transmission data sets; the transmission data set is a set composed of values at corresponding positions of the Internet of Things protocol;
将多个传输数据集合中的值,分别构成多个向量,得到传输向量集合。The values in multiple transmission data sets are formed into multiple vectors to obtain a transmission vector set.
可选的,所述将所述数据内容向量,进行哈希映射,得到映射向量,包括:Optionally, perform hash mapping on the data content vector to obtain a mapping vector, including:
获得请求长度;所述请求长度为请求所传输的数据长度;Obtain the request length; the request length is the length of data transmitted by the request;
按照请求长度,将多个数据内容向量,进行顺序合并,得到多个合并数据向量;所述合并数据向量的向量长度为请求长度;According to the requested length, multiple data content vectors are sequentially merged to obtain multiple merged data vectors; the vector length of the merged data vector is the requested length;
获得固定长度值;所述固定长度值为设定好的长度值;Obtain a fixed length value; the fixed length value is the set length value;
基于固定长度值和合并数据向量,通过哈希映射,得到映射向量。Based on the fixed-length value and the merged data vector, the mapping vector is obtained through hash mapping.
可选的,所述基于固定长度值和合并数据向量,通过哈希映射,得到映射向量,包括:Optionally, the mapping vector is obtained through hash mapping based on the fixed length value and the merged data vector, including:
建立哈希映射表;所述哈希映射表中关键值为从0排列的多个键值对;Establish a hash map table; the key values in the hash map table are multiple key-value pairs arranged from 0;
将所述合并数据除以固定长度值,得到分割长度;Divide the merged data by the fixed length value to obtain the split length;
按照分割长度,将所述合并数据向量,分割成多个数据,得到多个分割数据;Divide the merged data vector into multiple data according to the split length to obtain multiple split data;
将分割数据,通过哈希映射表,进行查找,得到多个映射数据;The data will be split and searched through the hash mapping table to obtain multiple mapping data;
将多个映射数据组成映射向量;所述映射向量长度为固定长度值大小。Multiple mapping data are composed into a mapping vector; the length of the mapping vector is a fixed length value.
可选的,安全事件预测模型的训练方法,包括:Optional security event prediction model training methods include:
获得训练集;训练集包括多个训练数据和对应多个标注数据;所述训练数据包括训练报头数据和训练内容数据;所述训练内容数据为历史传输过程中构造的映射数据;所述标注数据为1表示安全;所述标注数据为0表示不安全;Obtain a training set; the training set includes multiple training data and corresponding multiple annotation data; the training data includes training header data and training content data; the training content data is mapping data constructed during the historical transmission process; the annotation data A value of 1 indicates safety; a value of 0 indicates unsafeness;
基于所述训练内容数据,得到训练长度位置;Based on the training content data, the training length position is obtained;
将所述训练数据和训练长度位置,输入安全事件预测模型,得到训练预测安全值;Input the training data and training length position into the safety event prediction model to obtain the training prediction safety value;
将所述训练预测安全值和所述标注数据,通过损失函数,得到损失值;Pass the training predicted safety value and the annotated data through a loss function to obtain a loss value;
获得安全事件预测模型当前的训练迭代次数以及预先设定的所述安全事件预测模型训练的最大迭代次数;Obtain the current number of training iterations of the security event prediction model and the preset maximum number of iterations of training the security event prediction model;
当损失值小于或等于阈值或训练迭代次数达到所述最大迭代次数时停止训练,得到训练好的安全事件预测模型。When the loss value is less than or equal to the threshold or the number of training iterations reaches the maximum number of iterations, the training is stopped, and a trained security event prediction model is obtained.
可选的,所述基于所述训练内容数据,得到训练长度位置,包括:Optionally, the training length position is obtained based on the training content data, including:
查找训练内容数据,判断数据中,是否存在训练数据中向量值为-1的值;Search the training content data and determine whether there is a vector value of -1 in the training data in the data;
若存在训练内容数据中向量值为-1的值,得到训练内容长度位置;所述训练内容长度位置为训练数据中第一个等于-1的值的位置。If there is a value with a vector value of -1 in the training content data, the training content length position is obtained; the training content length position is the position of the first value equal to -1 in the training data.
可选的,所述将所述训练数据和训练长度位置,输入安全事件预测模型,得到训练预测安全值,包括:Optionally, the training data and training length position are input into the safety event prediction model to obtain the training prediction safety value, including:
将训练长度位置和所述训练数据中的训练内容数据,输入LTSM神经网络,得到训练内容值;所述训练内容值表示数据的依次关系;所述训练内容值为1表示训练内容数据安全,所述训练内容值为0表示训练内容数据不安全;Input the training length position and the training content data in the training data into the LTSM neural network to obtain the training content value; the training content value represents the sequential relationship of the data; the training content value of 1 indicates that the training content data is safe, so The above training content value is 0, which means that the training content data is not safe;
将所述训练数据中的训练报头数据,输入DNN神经网络,得到训练报头值;所述训练报头值为1表示训练报头数据安全,所述训练报头值为0表示训练报头数据不安全;Input the training header data in the training data into the DNN neural network to obtain the training header value; the training header value of 1 indicates that the training header data is safe, and the training header value of 0 indicates that the training header data is unsafe;
当所述训练内容值为1,且,所述训练报头值为1,将所述训练预测安全值设为1;When the training content value is 1, and the training header value is 1, the training prediction safety value is set to 1;
当所述训练内容值为0,或,所述训练报头值为0,将所述训练预测安全值设为0。When the training content value is 0, or the training header value is 0, the training prediction safety value is set to 0.
可选的,所述将训练长度位置和所述训练数据中的训练内容数据,输入LTSM神经网络,得到训练内容值,包括:Optionally, the training length position and the training content data in the training data are input into the LTSM neural network to obtain the training content value, including:
将所述训练长度位置,输入存储结构中;Enter the training length position into the storage structure;
将所述训练内容数据中第一个向量值,输入第一LTSM结构,得到第一LTSM输出值;Input the first vector value in the training content data into the first LTSM structure to obtain the first LTSM output value;
将所述第一LTSM输出值和训练内容数据中第二个向量值,输入第二LTSM结构,得到第二LTSM输出值;Input the first LTSM output value and the second vector value in the training content data into the second LTSM structure to obtain the second LTSM output value;
通过多次将LTSM输出值和训练内容数据中的向量,输入LTSM结构,直到到达存储结构中训练长度位置,得到训练内容值。By inputting the LTSM output value and the vector in the training content data into the LTSM structure multiple times until the training length position in the storage structure is reached, the training content value is obtained.
第二方面,本发明实施例提供了一种物联网数据安全事件预测系统,包括:In the second aspect, embodiments of the present invention provide an Internet of Things data security event prediction system, including:
获取模块:获得物联网数据;所述物联网数据为用户请求所传输的信息;所述物联网数据是接收端接收到的,通过网络传输的应用层请求信息;Acquisition module: obtains Internet of Things data; the Internet of Things data is the information transmitted by user request; the Internet of Things data is the application layer request information received by the receiving end and transmitted through the network;
切分模块:将所述物联网数据,通过检测,得到传输向量集合;所述传输向量集合包括报头向量和数据内容向量;所述数据内容向量中的向量值表示传输的内容;Segmentation module: The Internet of Things data is detected to obtain a transmission vector set; the transmission vector set includes a header vector and a data content vector; the vector value in the data content vector represents the transmitted content;
映射模块:将所述数据内容向量,进行哈希映射,得到映射向量;Mapping module: perform hash mapping on the data content vector to obtain the mapping vector;
安全预测模块:将所述映射向量和报头向量,输入安全事件预测模型,得到预测安全值;所述预测安全值为1表示数据传输安全;所述预测安全值为0表示传输数据不安全;Security prediction module: input the mapping vector and header vector into the security event prediction model to obtain the predicted security value; the predicted security value of 1 indicates that the data transmission is safe; the predicted security value of 0 indicates that the transmitted data is unsafe;
丢弃模块:若所述预测安全值为0,将数据包丢弃。Discard module: If the predicted safety value is 0, discard the data packet.
相较于现有技术,本发明实施例达到了以下有益效果:Compared with the prior art, the embodiments of the present invention achieve the following beneficial effects:
本发明实施例还提供了一种物联网数据安全事件预测方法和系统,所述方法包括:获得物联网数据。所述物联网数据为用户请求所传输的信息;所述物联网数据是接收端接收到的,通过网络传输的应用层请求信息。将所述物联网数据,通过检测,得到传输向量集合。所述传输向量集合包括报头向量和数据内容向量。所述数据内容向量中的向量值表示传输的内容。将所述数据内容向量,进行哈希映射,得到映射向量。将所述映射向量和报头向量,输入安全事件预测模型,得到预测安全值。所述预测安全值为1表示数据传输安全。所述预测安全值为0表示传输数据不安全。若所述预测安全值为0,将数据包丢弃。Embodiments of the present invention also provide a method and system for predicting Internet of Things data security events. The method includes: obtaining Internet of Things data. The Internet of Things data is information transmitted by user requests; the Internet of Things data is application layer request information received by the receiving end and transmitted through the network. The Internet of Things data is detected to obtain a set of transmission vectors. The set of transmission vectors includes header vectors and data content vectors. The vector values in the data content vector represent the transmitted content. Perform hash mapping on the data content vector to obtain a mapping vector. The mapping vector and header vector are input into the security event prediction model to obtain the predicted security value. The predicted safety value of 1 indicates that the data transmission is safe. The predicted safety value of 0 indicates that the transmitted data is unsafe. If the predicted safety value is 0, the data packet is discarded.
采用神经网络,能够更加准确的得到安全信息。将物联网数据中的报头信息和数据信息分开,能够根据两者的各种特性。将数据信息通过哈希映射表,映射数据后,控制存储结构存储训练长度位置,输入LTSM神经网络,能够将数据长度变小且变得固定长度,使得在神经网络检测的时候更加快捷,并且得到数据信息顺序上的关联,控制训练内容数据在什么位置输出,从而减少不必要的数据对训练的影响。将报头信息输入DNN神经网络,共同判断,准确得到预测安全值。Using neural networks, security information can be obtained more accurately. Separating header information and data information in IoT data can be based on various characteristics of both. Pass the data information through the hash map table. After mapping the data, the storage structure is controlled to store the training length position and input into the LTSM neural network. The data length can be reduced to a fixed length, making the neural network detection faster and obtaining The sequential association of data information controls where the training content data is output, thereby reducing the impact of unnecessary data on training. Input the header information into the DNN neural network and make joint judgments to accurately obtain the predicted safety value.
附图说明Description of the drawings
图1是本发明实施例提供的一种物联网数据安全事件预测方法流程图。Figure 1 is a flow chart of a method for predicting Internet of Things data security events provided by an embodiment of the present invention.
图2是本发明实施例提供的一种物联网数据安全事件预测系统中安全事件预测模型结构示意图。Figure 2 is a schematic structural diagram of a security event prediction model in an Internet of Things data security event prediction system provided by an embodiment of the present invention.
图3是本发明实施例提供的一种电子设备的方框结构示意图。FIG. 3 is a schematic block structure diagram of an electronic device provided by an embodiment of the present invention.
图中标记:总线500;接收器501;处理器502;发送器503;存储器504;总线接口505。Labeled in the figure: bus 500; receiver 501; processor 502; transmitter 503; memory 504; bus interface 505.
具体实施方式Detailed ways
下面结合附图,对本发明作详细的说明。The present invention will be described in detail below with reference to the accompanying drawings.
实施例1Example 1
如图1所示,本发明实施例提供了一种物联网数据安全事件预测方法,所述方法包括:As shown in Figure 1, an embodiment of the present invention provides a method for predicting Internet of Things data security events. The method includes:
S101:获得物联网数据;所述物联网数据为用户请求所传输的信息;所述物联网数据是接收端接收到的,通过网络传输的应用层请求信息。S101: Obtain Internet of Things data; the Internet of Things data is information transmitted by user requests; the Internet of Things data is application layer request information received by the receiving end and transmitted through the network.
其中,所述物联网数据是在客户端和服务端之间传递的信息。Wherein, the Internet of Things data is information transferred between the client and the server.
S102:将所述物联网数据,通过检测,得到传输向量集合;所述传输向量集合包括报头向量和数据内容向量;所述数据内容向量中的向量值表示传输的内容。S102: Obtain a transmission vector set through detection of the Internet of Things data; the transmission vector set includes a header vector and a data content vector; the vector value in the data content vector represents the transmission content.
S103:将所述数据内容向量,进行哈希映射,得到映射向量;S103: Perform hash mapping on the data content vector to obtain a mapping vector;
S104:将所述映射向量和报头向量,输入安全事件预测模型,得到预测安全值。所述预测安全值为1表示数据传输安全。所述预测安全值为0表示传输数据不安全。S104: Input the mapping vector and header vector into the security event prediction model to obtain the predicted security value. The predicted safety value of 1 indicates that the data transmission is safe. The predicted safety value of 0 indicates that the transmitted data is unsafe.
其中,所述安全事件预测模型结构示意图如图2所示。The structural diagram of the security event prediction model is shown in Figure 2.
S105:若所述预测安全值为0,将数据包丢弃。S105: If the predicted safety value is 0, discard the data packet.
可选的,所述安全事件预测模型包括存储结构、LTSM神经网络和DNN神经网络:Optionally, the security event prediction model includes storage structure, LTSM neural network and DNN neural network:
所述DNN神经网络的输入为数据内容向量;所述存储结构的输入为数据内容向量;所述LTSM神经网络的输入为报头向量和所述存储结构的输出。The input of the DNN neural network is the data content vector; the input of the storage structure is the data content vector; the input of the LTSM neural network is the header vector and the output of the storage structure.
可选的,所述将所述物联网数据,通过检测,得到传输向量集合,包括:Optionally, the Internet of Things data is detected to obtain a transmission vector set, including:
获得物联网协议;所述物联网协议为收端固定的通信协议。所述物联网协议为应用层协议。Obtain the Internet of Things protocol; the Internet of Things protocol is a communication protocol with a fixed receiving end. The Internet of Things protocol is an application layer protocol.
其中,本实施例中物联网协议为HTTP协议。Among them, the Internet of Things protocol in this embodiment is the HTTP protocol.
将所述物联网数据,按照物联网协议,得到多个起始位置;所述起始位置为各类信息在传输的物联网数据中的位置;Use the Internet of Things data according to the Internet of Things protocol to obtain multiple starting positions; the starting positions are the positions of various types of information in the transmitted Internet of Things data;
将多个起始位置的物联网数据,进行分割,得到多个传输数据集合;所述传输数据集合为物联网协议对应位置的值组成的集合;Divide the Internet of Things data at multiple starting positions to obtain multiple transmission data sets; the transmission data set is a set composed of values at corresponding positions of the Internet of Things protocol;
将多个传输数据集合中的值,分别构成多个向量,得到传输向量集合。The values in multiple transmission data sets are formed into multiple vectors to obtain a transmission vector set.
通过上述方法,将物联网数据中的报头信息和数据信息分开,能够根据两者的各种特性,在之后的安全判断中,准确得到预测安全值。Through the above method, the header information and data information in the Internet of Things data are separated, and the predicted security value can be accurately obtained in the subsequent security judgment based on the various characteristics of the two.
可选的,所述将所述数据内容向量,进行哈希映射,得到映射向量,包括:Optionally, perform hash mapping on the data content vector to obtain a mapping vector, including:
获得请求长度;所述请求长度为请求所传输的数据长度。Get the request length; the request length is the length of data transmitted by the request.
按照请求长度,将多个数据内容向量,进行顺序合并,得到多个合并数据向量;所述合并数据向量的向量长度为请求长度。According to the requested length, multiple data content vectors are sequentially merged to obtain multiple merged data vectors; the vector length of the merged data vector is the requested length.
获得固定输入长度。所述固定长度值为设定好的长度值。Get a fixed input length. The fixed length value is a set length value.
基于固定长度值和合并数据向量,通过哈希映射,得到映射向量。Based on the fixed-length value and the merged data vector, the mapping vector is obtained through hash mapping.
通过上述方法,将有相同请求的数据整理为一个向量,通过这一个向量去判断传输数据的安全性。Through the above method, data with the same request is organized into a vector, and the security of the transmitted data is judged through this vector.
可选的,所述基于固定长度值和合并数据向量,通过哈希映射,得到映射向量,包括:Optionally, the mapping vector is obtained through hash mapping based on the fixed length value and the merged data vector, including:
建立哈希映射表;所述哈希映射表中关键值以0为初始值构建的多个键值对。Establish a hash map table; the key values in the hash map table are multiple key-value pairs constructed with 0 as the initial value.
其中,本实施例中,所述哈希映射表中有多个个键值对。所述键值对的关键字为分割的二进制;部分哈希映射表如表1所示。In this embodiment, there are multiple key-value pairs in the hash map table. The keyword of the key-value pair is divided binary; a partial hash map is shown in Table 1.
表1Table 1
将所述合并数据除以固定长度值,得到分割长度。Divide the merged data by the fixed length value to obtain the split length.
其中,若合并数据除以固定长度值有余数。将商加1,得到分割长度。如20除以7,分割长度为3。Among them, if the merged data is divided by the fixed-length value, there will be a remainder. Add 1 to the quotient to get the split length. For example, if 20 is divided by 7, the division length is 3.
按照分割长度,将所述合并数据向量,分割成多个数据,得到多个分割数据。Divide the merged data vector into multiple pieces of data according to the division length to obtain multiple pieces of divided data.
将分割数据,通过哈希映射表,进行查找,得到多个映射数据。The data will be split and searched through the hash mapping table to obtain multiple mapping data.
将多个映射数据组成映射向量。所述映射向量长度为固定长度值大小。Combine multiple mapping data into a mapping vector. The length of the mapping vector is a fixed length value.
其中,所述映射向量中向量值的初始值为-1,当没有映射向量替代时,则向量值依旧为-1不变。Wherein, the initial value of the vector value in the mapping vector is -1. When there is no mapping vector to replace it, the vector value remains -1 unchanged.
通过上述方法,通过哈希映射表,使得在之后进行神经网络输入时,能够使用固定长度输入。并且能够将数据长度变小,使得在神经网络检测的时候更加快捷。Through the above method, through the hash map table, fixed-length input can be used when inputting the neural network later. And it can reduce the data length, making the neural network detection faster.
可选的,安全事件预测模型的训练方法,包括:Optional security event prediction model training methods include:
获得训练集;训练集包括多个训练数据和对应多个标注数据;所述训练数据为历史传输过程中构造的映射向量;所述标注数据为1表示安全;所述标注数据为0表示不安全。Obtain a training set; the training set includes multiple training data and corresponding multiple annotation data; the training data is a mapping vector constructed during the historical transmission process; the annotation data is 1, indicating safety; the annotation data is 0, indicating unsafe .
基于所述训练数据,得到预处理训练数据。Based on the training data, preprocessed training data is obtained.
将所述训练数据,输入安全事件预测模型,得到训练预测安全值;Input the training data into the safety event prediction model to obtain the training prediction safety value;
将所述训练预测安全值和所述标注数据,通过损失函数,得到损失值。The training predicted safety value and the labeled data are passed through the loss function to obtain the loss value.
其中,所述损失函数为二元交叉熵损失函数。Wherein, the loss function is a binary cross-entropy loss function.
获得安全事件预测模型当前的训练迭代次数以及预先设定的所述安全事件预测模型训练的最大迭代次数。Obtain the current number of training iterations of the security event prediction model and the preset maximum number of iterations of training the security event prediction model.
其中,本实施例中预先设定的所述安全事件预测模型训练的最大迭代次数为1200次。The maximum number of iterations of the security event prediction model training preset in this embodiment is 1,200.
当所述损失值小于或等于阈值或训练迭代次数达到所述最大迭代次数时停止训练,得到训练好的安全事件预测模型。When the loss value is less than or equal to the threshold or the number of training iterations reaches the maximum number of iterations, the training is stopped, and a trained security event prediction model is obtained.
通过上述方法,由于神经网络中输入神经元固定的原因,所以对向量长度小于安全事件预测模型中神经网络输入神经元个数的训练数据,用-1进行补足,但是由于训练过程中这部分没有意义,所以需要在求损失时,要排除这部分的影响。获得真实长度,然后在损失值时不计算长度。Through the above method, due to the fixed input neurons in the neural network, the training data whose vector length is smaller than the number of input neurons of the neural network in the security event prediction model are supplemented with -1. However, since this part does not exist during the training process meaning, so it is necessary to exclude the influence of this part when calculating the loss. Get the true length and then don't calculate the length when losing the value.
可选的,所述基于所述训练内容数据,得到训练长度位置,包括:Optionally, the training length position is obtained based on the training content data, including:
查找训练内容数据,判断数据中,是否存在训练数据中向量值为-1的值;Search the training content data and determine whether there is a vector value of -1 in the training data in the data;
若存在训练内容数据中向量值为-1的值,得到训练内容长度位置;所述训练内容长度位置为训练数据中第一个等于-1的值的位置。If there is a value with a vector value of -1 in the training content data, the training content length position is obtained; the training content length position is the position of the first value equal to -1 in the training data.
通过上述方法,找到真实用于训练的数据的结尾处。Through the above method, find the end of the data actually used for training.
可选的,所述将所述训练数据和训练长度位置,输入安全事件预测模型,得到训练预测安全值,包括:Optionally, the training data and training length position are input into the safety event prediction model to obtain the training prediction safety value, including:
将训练长度位置和所述训练数据中的训练内容数据,输入LTSM神经网络,得到训练内容值;所述训练内容值表示数据的依次关系;所述训练内容值为1表示训练内容数据安全,所述训练内容值为0表示训练内容数据不安全。Input the training length position and the training content data in the training data into the LTSM neural network to obtain the training content value; the training content value represents the sequential relationship of the data; the training content value of 1 indicates that the training content data is safe, so The above training content value is 0, indicating that the training content data is not safe.
将所述训练数据中的训练报头数据,输入DNN神经网络,得到训练报头值;所述训练报头值为1表示训练报头数据安全,所述训练报头值为0表示训练报头数据不安全。Input the training header data in the training data into the DNN neural network to obtain the training header value; the training header value of 1 means that the training header data is safe, and the training header value of 0 means that the training header data is not safe.
当所述训练内容值为1,且,所述训练报头值为1,将所述训练预测安全值设为1。When the training content value is 1 and the training header value is 1, the training prediction safety value is set to 1.
当所述训练内容值为0,或,所述训练报头值为0,将所述训练预测安全值设为0。When the training content value is 0, or the training header value is 0, the training prediction safety value is set to 0.
通过上述方法,由于训练内容数据存在顺序关系,将训练内容数据,输入LTSM神经网络中,提取信息。而训练报头信息时单独提取,所以采用DNN神经网络提取信息。Through the above method, since the training content data has a sequential relationship, the training content data is input into the LTSM neural network to extract information. The header information is extracted separately during training, so the DNN neural network is used to extract the information.
可选的,所述将训练长度位置和所述训练数据中的训练内容数据,输入LTSM神经网络,得到训练内容值,包括:Optionally, the training length position and the training content data in the training data are input into the LTSM neural network to obtain the training content value, including:
将所述训练长度位置,输入存储结构中;Enter the training length position into the storage structure;
将所述训练内容数据中第一个向量值,输入第一LTSM结构,得到第一LTSM输出值;Input the first vector value in the training content data into the first LTSM structure to obtain the first LTSM output value;
将所述第一LTSM输出值和训练内容数据中第二个向量值,输入第二LTSM结构,得到第二LTSM输出值;Input the first LTSM output value and the second vector value in the training content data into the second LTSM structure to obtain the second LTSM output value;
通过多次将LTSM输出值和训练内容数据中的向量,输入LTSM结构,直到到达存储结构中训练长度位置,得到训练内容值。By inputting the LTSM output value and the vector in the training content data into the LTSM structure multiple times until the training length position in the storage structure is reached, the training content value is obtained.
通过上述方法,控制存储结构存储训练长度位置,控制训练内容数据在什么位置输出,从而减少不必要的数据对训练的影响。Through the above method, the storage structure is controlled to store the training length location, and the location at which training content data is output is controlled, thereby reducing the impact of unnecessary data on training.
通过上述方法,将物联网数据中的报头信息和数据信息分开,能够根据两者的各种特性,在之后的安全判断中,准确得到预测安全值。将有相同请求的数据整理为一个向量,通过这一个向量去判断传输数据的安全性。通过哈希映射表,使得在之后进行神经网络输入时,能够使用固定长度输入。并且能够将数据长度变小,使得在神经网络检测的时候更加快捷。由于神经网络中输入神经元固定的原因,所以对向量长度小于安全事件预测模型中神经网络输入神经元个数的训练数据,用-1进行补足。由于训练内容数据存在顺序关系,将训练内容数据,输入LTSM神经网络中,提取信息。而训练报头信息时单独提取,所以采用DNN神经网络提取信息。控制存储结构存储训练长度位置,控制训练内容数据在什么位置输出,从而减少不必要的数据对训练的影响。Through the above method, the header information and data information in the Internet of Things data are separated, and the predicted security value can be accurately obtained in the subsequent security judgment based on the various characteristics of the two. Organize data with the same request into a vector, and use this vector to determine the security of the transmitted data. Through the hash map table, fixed-length input can be used when inputting the neural network later. And it can reduce the data length, making the neural network detection faster. Due to the fixed input neurons in the neural network, -1 is used to supplement the training data whose vector length is smaller than the number of input neurons in the neural network in the security event prediction model. Since the training content data has a sequential relationship, the training content data is input into the LTSM neural network to extract information. The header information is extracted separately during training, so the DNN neural network is used to extract the information. Control the storage structure to store the training length location and control where the training content data is output, thereby reducing the impact of unnecessary data on training.
实施例2Example 2
基于上述的一种物联网数据安全事件预测方法,本发明实施例还提供了一种物联网数据安全事件预测系统,所述系统包括获取模块、切分模块、映射模块、安全预测模块和丢弃模块。Based on the above-mentioned method for predicting Internet of Things data security events, embodiments of the present invention also provide an Internet of Things data security event prediction system. The system includes an acquisition module, a segmentation module, a mapping module, a security prediction module and a discarding module. .
获取模块用于获得物联网数据。所述物联网数据为用户请求所传输的信息。所述物联网数据是接收端接收到的,通过网络传输的应用层请求信息。The acquisition module is used to obtain IoT data. The Internet of Things data is information transmitted by user requests. The Internet of Things data is the application layer request information received by the receiving end and transmitted through the network.
切分模块用于将所述物联网数据,通过检测,得到传输向量集合。所述传输向量集合包括报头向量和数据内容向量。所述数据内容向量中的向量值表示传输的内容。The segmentation module is used to detect the Internet of Things data to obtain a set of transmission vectors. The set of transmission vectors includes header vectors and data content vectors. The vector values in the data content vector represent the transmitted content.
映射模块用于将所述数据内容向量,进行哈希映射,得到映射向量。The mapping module is used to perform hash mapping on the data content vector to obtain a mapping vector.
安全预测模块用于将所述映射向量和报头向量,输入安全事件预测模型,得到预测安全值;所述预测安全值为1表示数据传输安全;所述预测安全值为0表示传输数据不安全。The security prediction module is used to input the mapping vector and header vector into the security event prediction model to obtain a predicted security value; the predicted security value of 1 indicates that the data transmission is safe; the predicted security value of 0 indicates that the transmitted data is unsafe.
丢弃模块用于若所述预测安全值为0,将数据包丢弃。The discard module is used to discard the data packet if the predicted safety value is 0.
在此关于上述实施例中的系统,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the system in the above embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be described in detail here.
本发明实施例还提供了一种电子设备,如图3所示,包括存储器504、处理器502及存储在存储器504上并可在处理器502上运行的计算机程序,所述处理器502执行所述程序时实现前文所述一种物联网数据安全事件预测方法的任一方法的步骤。An embodiment of the present invention also provides an electronic device, as shown in Figure 3, including a memory 504, a processor 502, and a computer program stored in the memory 504 and executable on the processor 502. The processor 502 executes the The above procedure is a step to implement any one of the methods for predicting Internet of Things data security events described above.
其中,在图3中,总线架构(用总线500来代表),总线500可以包括任意数量的互联的总线和桥,总线500将包括由处理器502代表的一个或多个处理器和存储器504代表的存储器的各种电路链接在一起。总线500还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进进一步描述。总线接口505在总线500和接收器501和发送器503之间提供接口。接收器501和发送器503可以是同一个元件,即收发机,提供用于在传输介质上与各种其他装置通信的单元。处理器502负责管理总线500和通常的处理,而存储器504可以被用于存储处理器502在执行操作时所使用的数据。Among them, in Figure 3, the bus architecture (represented by bus 500), bus 500 can include any number of interconnected buses and bridges, bus 500 will include one or more processors represented by processor 502 and memory 504. The various circuits of memory are linked together. Bus 500 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, etc., which are all well known in the art and therefore will not be further described herein. Bus interface 505 provides an interface between bus 500 and receiver 501 and transmitter 503 . The receiver 501 and the transmitter 503 may be the same element, a transceiver, providing a unit for communicating with various other devices over a transmission medium. Processor 502 is responsible for managing bus 500 and general processing, while memory 504 may be used to store data used by processor 502 in performing operations.
本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现前文所述一种物联网数据安全事件预测方法的任一方法的步骤以及上述的所涉及的数据。Embodiments of the present invention also provide a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the steps of any of the methods for predicting Internet of Things data security events described above are implemented, as well as the above-mentioned steps. the data involved.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently associated with any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. From the above description, the structure required to construct such a system is obvious. Furthermore, this invention is not specific to any specific programming language. It should be understood that a variety of programming languages may be utilized to implement the invention described herein, and that the above descriptions of specific languages are intended to disclose the best mode of carrying out the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the instructions provided here, a number of specific details are described. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques have not been shown in detail so as not to obscure the understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, in order to streamline the disclosure and aid in the understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together into a single embodiment. figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that modules in the devices in the embodiment can be adaptively changed and arranged in one or more devices different from that in the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of the equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments herein include certain features included in other embodiments but not others, combinations of features of different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the device according to embodiments of the present invention. The invention may also be implemented as an apparatus or apparatus program (eg, computer program and computer program product) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, or provided on a carrier signal, or in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In the element claim enumerating several means, several of these means may be embodied by the same item of hardware. The use of the words first, second, third, etc. does not indicate any order. These words can be interpreted as names.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210979624.7ACN115348184B (en) | 2022-08-16 | 2022-08-16 | Internet of things data security event prediction method and system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210979624.7ACN115348184B (en) | 2022-08-16 | 2022-08-16 | Internet of things data security event prediction method and system |
| Publication Number | Publication Date |
|---|---|
| CN115348184A CN115348184A (en) | 2022-11-15 |
| CN115348184Btrue CN115348184B (en) | 2024-01-26 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210979624.7AActiveCN115348184B (en) | 2022-08-16 | 2022-08-16 | Internet of things data security event prediction method and system |
| Country | Link |
|---|---|
| CN (1) | CN115348184B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115659243B (en)* | 2022-12-22 | 2023-04-28 | 四川九通智路科技有限公司 | Infrastructure risk monitoring method and monitoring system based on MEMS |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284606A (en)* | 2018-09-04 | 2019-01-29 | 中国人民解放军陆军工程大学 | Data flow anomaly detection system based on empirical characteristics and convolutional neural network |
| CN110995769A (en)* | 2020-02-27 | 2020-04-10 | 上海飞旗网络技术股份有限公司 | Deep data packet detection method and device and readable storage medium |
| CN111324889A (en)* | 2020-03-04 | 2020-06-23 | 深信服科技股份有限公司 | Security event prediction method, device, equipment and computer readable storage medium |
| CN112165402A (en)* | 2020-09-28 | 2021-01-01 | 北京环境特性研究所 | Method and device for predicting network security situation |
| CN112840355A (en)* | 2018-09-05 | 2021-05-25 | 甲骨文国际公司 | Context-Aware Feature Embedding and Anomaly Detection from Sequence Log Data Using Deep Recurrent Neural Networks |
| CN113179244A (en)* | 2021-03-10 | 2021-07-27 | 上海大学 | Federal deep network behavior feature modeling method for industrial internet boundary safety |
| CN113765896A (en)* | 2021-08-18 | 2021-12-07 | 广东三水合肥工业大学研究院 | Internet of things implementation system and method based on artificial intelligence |
| CN113934862A (en)* | 2021-09-29 | 2022-01-14 | 北方工业大学 | Community security risk prediction method, device, electronic equipment and medium |
| CN114172881A (en)* | 2021-11-19 | 2022-03-11 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
| CN114520736A (en)* | 2022-01-24 | 2022-05-20 | 广东工业大学 | Internet of things security detection method, device, equipment and storage medium |
| CN114785609A (en)* | 2022-05-09 | 2022-07-22 | 内蒙古铖品科技有限公司 | Data transmission safety detection system and method under block chain scene |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5792654B2 (en)* | 2012-02-15 | 2015-10-14 | 株式会社日立製作所 | Security monitoring system and security monitoring method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284606A (en)* | 2018-09-04 | 2019-01-29 | 中国人民解放军陆军工程大学 | Data flow anomaly detection system based on empirical characteristics and convolutional neural network |
| CN112840355A (en)* | 2018-09-05 | 2021-05-25 | 甲骨文国际公司 | Context-Aware Feature Embedding and Anomaly Detection from Sequence Log Data Using Deep Recurrent Neural Networks |
| CN110995769A (en)* | 2020-02-27 | 2020-04-10 | 上海飞旗网络技术股份有限公司 | Deep data packet detection method and device and readable storage medium |
| CN111324889A (en)* | 2020-03-04 | 2020-06-23 | 深信服科技股份有限公司 | Security event prediction method, device, equipment and computer readable storage medium |
| CN112165402A (en)* | 2020-09-28 | 2021-01-01 | 北京环境特性研究所 | Method and device for predicting network security situation |
| CN113179244A (en)* | 2021-03-10 | 2021-07-27 | 上海大学 | Federal deep network behavior feature modeling method for industrial internet boundary safety |
| CN113765896A (en)* | 2021-08-18 | 2021-12-07 | 广东三水合肥工业大学研究院 | Internet of things implementation system and method based on artificial intelligence |
| CN113934862A (en)* | 2021-09-29 | 2022-01-14 | 北方工业大学 | Community security risk prediction method, device, electronic equipment and medium |
| CN114172881A (en)* | 2021-11-19 | 2022-03-11 | 上海纽盾科技股份有限公司 | Network security verification method, device and system based on prediction |
| CN114520736A (en)* | 2022-01-24 | 2022-05-20 | 广东工业大学 | Internet of things security detection method, device, equipment and storage medium |
| CN114785609A (en)* | 2022-05-09 | 2022-07-22 | 内蒙古铖品科技有限公司 | Data transmission safety detection system and method under block chain scene |
| Title |
|---|
| LBDMIDS:LSTM Based Deep Learning Model for Intrusion Detection Systems for IoT Networks;Kumar Saurabh;《2022 IEEE World AI IoT Congress》;全文* |
| 基于物联网安全监测数据的预测研究;朱洪根;《中国优秀硕士学位论文全文数据库》;全文* |
| Publication number | Publication date |
|---|---|
| CN115348184A (en) | 2022-11-15 |
| Publication | Publication Date | Title |
|---|---|---|
| CN108122032B (en) | Neural network model training method, device, chip and system | |
| US10645105B2 (en) | Network attack detection method and device | |
| WO2020140403A1 (en) | Text classification method and apparatus, computer device and storage medium | |
| CN103248711B (en) | A kind of method of files passe and server | |
| CN113379813B (en) | Training method, device, electronic device and storage medium for depth estimation model | |
| CN104486461A (en) | Domain name classification method and device and domain name recognition method and system | |
| CN110750555A (en) | Method, apparatus, computing device, and medium for generating index | |
| CN108327745A (en) | A kind of train data real time parsing method and apparatus | |
| CN108696453A (en) | The power telecom network SDN Business Streams cognitive method and system of lightweight | |
| CN113743277A (en) | A kind of short video classification method and system, equipment and storage medium | |
| WO2020034808A1 (en) | Decision data acquisition method and apparatus, computer device, and storage medium | |
| CN115348184B (en) | Internet of things data security event prediction method and system | |
| CN109583896A (en) | Transaction verification method, block chain node and storage medium | |
| CN111861998A (en) | A human body image quality assessment method, device, system and computer equipment | |
| CN105099918A (en) | Method and apparatus for data searching and matching | |
| CN113868481A (en) | Component acquisition method, device, electronic device and storage medium | |
| US11599583B2 (en) | Deep pagination system | |
| RU2757592C1 (en) | Method and system for clustering documents | |
| CN105224252A (en) | Date storage method and device | |
| US20220318592A1 (en) | Sampler and apparatus for executing graph neural network model | |
| CN114882333B (en) | Data processing model training method, device, electronic device and storage medium | |
| CN111783446B (en) | Method and device for processing sequence | |
| CN107391627B (en) | Data memory occupation analysis method and device and server | |
| CN114925406B (en) | Data verification method, device and computer program product | |
| CN115087042A (en) | 5G private network data distribution method, device, equipment and storage medium |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information | Inventor after:Zhang Wenjing Inventor after:Gao Xiaohu Inventor before:Gao Xiaohu | |
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20241104 Address after:No. 32, Huangsha Village, Xiahu Town, Xiapu County, Ningde City, Fujian Province 352000 Patentee after:Zhang Wenjing Country or region after:China Address before:No. 48, Jiangtong Road, Chongchuan District, Nantong City, Jiangsu Province, 226000 Patentee before:JIANGSU VOCATIONAL College OF BUSINESS Country or region before:China | |
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20241118 Address after:Room 426, Xinglian Electronics Building, No. 2 Chuangxin Road, Torch Park, Xiamen Torch High tech Zone, Xiamen City, Fujian Province 361000 Patentee after:Fujian Guodun Network Technology Co.,Ltd. Country or region after:China Address before:No. 32, Huangsha Village, Xiahu Town, Xiapu County, Ningde City, Fujian Province 352000 Patentee before:Zhang Wenjing Country or region before:China |