CN119922019B

Movatterモバイル変換

Info

Publication number: CN119922019B
Application number: CN202510412857.2A
Authority: CN
Inventors: 马海兵; 郭庆; 李普健
Original assignee: Xi'an Yunwan Technology Co ltd
Current assignee: Xi'an Yunwan Technology Co ltd
Priority date: 2025-04-03
Filing date: 2025-04-03
Publication date: 2025-05-30
Anticipated expiration: 2045-04-03
Also published as: CN119922019A

Abstract

本发明属于网络安全验证技术领域，尤其涉及面向复杂网络系统安全有效性的动态验证方法及系统，该方法首先依据复杂网络系统属性配置由分布式安全验证层和分布式功能验证层构成的分层分布式有效验证网络，其次，获取待验证更新的复杂网络系统参数，经内置验证分解模型得出连续待验证节点网及各节点的第一安全待验证参数与第一功能待验证参数，再根据节点参数及连接关系属性构建前向攻击验证包，对节点及数据传输链进行前向验证攻击，判断参数有效性，若有效则持续验证至所有节点完成，无效则待验证参数失效，本发明通过分层分布式架构，有效避免单点故障，提升系统可靠性。

The present invention belongs to the technical field of network security verification, and in particular, relates to a dynamic verification method and system for the security effectiveness of complex network systems. The method first configures a hierarchical distributed effective verification network composed of a distributed security verification layer and a distributed function verification layer according to the properties of the complex network system. Secondly, the complex network system parameters to be verified and updated are obtained, and the first security parameters to be verified and the first function parameters to be verified of the continuous node network to be verified and each node are obtained through the built-in verification decomposition model. Then, a forward attack verification package is constructed according to the node parameters and connection relationship attributes, and a forward verification attack is performed on the nodes and the data transmission chain to judge the validity of the parameters. If valid, the verification is continued until all nodes are completed. If invalid, the parameters to be verified are invalid. The present invention effectively avoids single point failures and improves system reliability through a hierarchical distributed architecture.

Description

Translated fromChinese

面向复杂网络系统安全有效性的动态验证方法及系统Dynamic verification method and system for security effectiveness of complex network systems

技术领域Technical Field

本发明属于网络安全验证技术领域，尤其涉及面向复杂网络系统安全有效性的动态验证方法及系统。The present invention belongs to the technical field of network security verification, and in particular, relates to a dynamic verification method and system for the security effectiveness of a complex network system.

背景技术Background Art

在工业控制领域，电力、石油化工、汽车制造等行业的工业控制系统实时性和可靠性要求极高。在上述领域的复杂网络系统中，随着生成规模及对应网络规模的不断扩大和应用场景的日益复杂，确保系统的安全有效性成为了至关重要的问题；现有的复杂网络系统验证技术存在诸多不足。一方面，传统的验证方式大多采用集中式架构，在面对大规模复杂网络时，集中式验证容易导致单点故障且单一节点的安全验证无法捕捉跨节点关联攻击，难以满足实时性和安全性要求。另一方面，对于网络系统中节点的安全和有效性验证，往往缺乏全面且动态的评估机制，仅侧重于部分参数或特定场景的验证，无法适应复杂多变的网络环境。In the field of industrial control, the real-time and reliability requirements of industrial control systems in industries such as power, petrochemicals, and automobile manufacturing are extremely high. In the complex network systems in the above fields, with the continuous expansion of the generation scale and the corresponding network scale and the increasing complexity of application scenarios, ensuring the security and effectiveness of the system has become a crucial issue; the existing complex network system verification technology has many shortcomings. On the one hand, traditional verification methods mostly adopt a centralized architecture. When facing large-scale complex networks, centralized verification is prone to single point failures and the security verification of a single node cannot capture cross-node related attacks, making it difficult to meet real-time and security requirements. On the other hand, there is often a lack of a comprehensive and dynamic evaluation mechanism for the security and effectiveness verification of nodes in the network system, which only focuses on the verification of some parameters or specific scenarios and cannot adapt to the complex and changing network environment.

如授权公告号为CN116112284B的中国专利公开的门限代理重加密协作网络的有效性验证方法及系统，通过门限加密片段生成器和数据代理方的配合生成相关公共验证参数，并由有效性验证器基于这些参数完成门限代理重加密协作网络的有效性验证。但从架构上看，未明确提及是否能解决传统集中式架构中存在的单点故障问题，若在验证过程中门限加密片段生成器或其他关键部分出现故障，可能影响整个网络的有效性验证，难以保障系统的实时性和可靠性，其次在验证机制方面，仅侧重于门限代理重加密协作网络的有效性验证，对于网络系统中节点的安全和有效性验证，缺乏全面的评估，没有充分考虑到复杂网络环境下节点间的各种关联以及可能出现的跨节点关联攻击，无法全面适应工业控制领域中复杂多变的网络环境对安全有效性验证的需求。For example, the validity verification method and system of the threshold proxy re-encryption collaborative network disclosed in the Chinese patent with the authorization announcement number CN116112284B generates relevant public verification parameters through the cooperation of the threshold encryption fragment generator and the data agent, and the validity verifier completes the validity verification of the threshold proxy re-encryption collaborative network based on these parameters. However, from the perspective of architecture, it is not clearly mentioned whether the single point failure problem existing in the traditional centralized architecture can be solved. If the threshold encryption fragment generator or other key parts fail during the verification process, it may affect the validity verification of the entire network, making it difficult to ensure the real-time and reliability of the system. Secondly, in terms of the verification mechanism, it only focuses on the validity verification of the threshold proxy re-encryption collaborative network. There is a lack of comprehensive evaluation of the security and validity verification of nodes in the network system, and it does not fully consider the various associations between nodes in a complex network environment and possible cross-node association attacks. It cannot fully adapt to the complex and changeable network environment in the field of industrial control. The demand for security and validity verification.

发明内容Summary of the invention

针对现有技术的不足，本发明提出了面向复杂网络系统安全有效性的动态验证方法及系统，首先依据复杂网络系统属性配置由分布式安全验证层和分布式功能验证层构成的分层分布式有效验证网络，其次，获取待验证更新的复杂网络系统参数，经内置验证分解模型得出连续待验证节点网及各节点的第一安全待验证参数集、第一功能待验证参数集，再根据节点参数及连接关系属性构建前向攻击验证包，对节点及数据传输链进行前向验证攻击，判断参数有效性，若有效则持续验证至所有节点完成，无效则待验证参数失效，本发明通过分层分布式架构，有效避免单点故障，提升系统可靠性。In view of the shortcomings of the prior art, the present invention proposes a dynamic verification method and system for the security and effectiveness of complex network systems. First, a hierarchical distributed effective verification network consisting of a distributed security verification layer and a distributed functional verification layer is configured according to the properties of the complex network system. Secondly, the complex network system parameters to be verified and updated are obtained, and the first security parameter set to be verified and the first functional parameter set to be verified of the continuous node network to be verified and each node are obtained through the built-in verification decomposition model. Then, a forward attack verification package is constructed according to the node parameters and connection relationship attributes, and a forward verification attack is performed on the nodes and data transmission chain to determine the validity of the parameters. If valid, the verification is continued until all nodes are completed. If invalid, the parameters to be verified are invalid. The present invention effectively avoids single point failures and improves system reliability through a hierarchical distributed architecture.

为实现上述目的，本发明提供如下技术方案：To achieve the above object, the present invention provides the following technical solutions:

面向复杂网络系统安全有效性的动态验证方法，包括：Dynamic verification methods for the security effectiveness of complex network systems include:

基于复杂网络系统属性配置分层分布式有效验证网络，所述分层分布式有效验证网络包括分布式安全验证层和分布式功能验证层；Configuring a hierarchical distributed effective verification network based on complex network system properties, wherein the hierarchical distributed effective verification network includes a distributed security verification layer and a distributed function verification layer;

获取待验证更新复杂网络系统参数，通过内置的验证分解模型，获得连续待验证节点网及每一节点对应的第一安全待验证参数集与第一功能待验证参数集；Obtain the updated complex network system parameters to be verified, and obtain the continuous node network to be verified and the first security parameter set to be verified and the first function parameter set to be verified corresponding to each node through the built-in verification decomposition model;

基于连续待验证节点网中连续两个节点对应的第一安全待验证参数与第一功能待验证参数及连接关系属性，构建每一待验证节点对应的前向攻击验证包并内置到分层分布式有效验证网络；Based on the first security parameter to be verified and the first function parameter to be verified corresponding to two consecutive nodes in the continuous node network to be verified and the connection relationship attribute, a forward attack verification package corresponding to each node to be verified is constructed and built into the hierarchical distributed effective verification network;

利用所述分层分布式有效验证网络对所述连续待验证节点网中任一节点及对应的数据传输链进行前向验证攻击，并判别每一被攻击节点对应第一安全待验证参数与第一功能待验证参数是否有效；Using the hierarchical distributed effective verification network, a forward verification attack is performed on any node in the continuous node network to be verified and the corresponding data transmission chain, and determining whether the first security parameter to be verified and the first function parameter to be verified corresponding to each attacked node are valid;

若有效，则继续验证并将连续待验证节点网中前一节点对应的攻击类型进行后向共享，直至所有待验证节点验证完成，若无效，则待验证更新复杂网络系统参数失效。If valid, the verification will continue and the attack type corresponding to the previous node in the continuous node network to be verified will be shared backward until the verification of all nodes to be verified is completed. If invalid, the complex network system parameters to be verified will be invalid.

具体地，分布式安全验证层和分布式功能验证层对应分布结构相同；Specifically, the distributed security verification layer and the distributed functional verification layer have the same corresponding distribution structure;

所述分布式安全验证层中的安全攻击验证节点和连续待验证节点网中一级连续待验证节点子网的待验证节点数量相同且一一对应；The number of security attack verification nodes in the distributed security verification layer and the number of nodes to be verified in the first-level continuous node to be verified subnet in the continuous node to be verified network are the same and correspond one to one;

所述分布式功能验证层中功能攻击验证节点和所述连续待验证节点网中的二级功能性待验证子网中的待验证功能子节点数量相同且一一对应；The number of the function attack verification nodes in the distributed function verification layer and the number of the function sub-nodes to be verified in the secondary functional sub-network to be verified in the continuous node network to be verified are the same and correspond one to one;

每一个待验证节点包含M个待验证功能子节点；Each node to be verified containsM functional sub-nodes to be verified;

所述分布式安全验证层，用于对所述连续待验证节点网中每一待验证节点及节点间的连接关系对应的数据加密强度与访问控制流程进行攻击验证；The distributed security verification layer is used to perform attack verification on the data encryption strength and access control process corresponding to each node to be verified and the connection relationship between nodes in the continuous node network to be verified;

所述分布式功能验证层，用于对所述二级功能性待验证子网中每一待验证功能子节点及子节点间的连接关系对应的时延容忍度、负载均衡、节点控制标准参数进行攻击验证。The distributed function verification layer is used to perform attack verification on the delay tolerance, load balancing, and node control standard parameters corresponding to each function sub-node to be verified and the connection relationship between the sub-nodes in the secondary functional sub-network to be verified.

具体地，连续待验证节点网的构建步骤包括：Specifically, the steps for building a continuous network of nodes to be verified include:

根据待验证更新复杂网络系统参数，获得复杂网络系统中每一关键功能控制点信息及关键功能控制点之间数据传输关系信息；Update the complex network system parameters to be verified, obtain the information of each key function control point in the complex network system and the data transmission relationship information between the key function control points;

所述每一关键功能控制点与所述一级连续待验证节点子网中的待验证节点一一对应；Each of the key function control points corresponds one-to-one to a node to be verified in the first-level continuous node subnet to be verified;

根据每一关键功能控制点信息，进行二次分解，获得每一关键功能控制点对应的子功能控制点集及子功能控制点集内的数据传输关系和关键功能控制点间对应子功能控制点集间的数据传输关系；According to the information of each key function control point, secondary decomposition is performed to obtain the sub-function control point set corresponding to each key function control point and the data transmission relationship within the sub-function control point set and the data transmission relationship between the key function control points and the corresponding sub-function control point sets;

根据每一关键功能控制点对应的子功能控制点集及子功能控制点集内的数据传输关系和关键功能控制点间对应子功能控制点集间的数据传输关系，通过自适应聚类算法进行聚类，获得功能相同的子功能控制点集并进行关键功能控制点标签标记。According to the sub-function control point set corresponding to each key function control point, the data transmission relationship within the sub-function control point set, and the data transmission relationship between the sub-function control point sets corresponding to the key function control points, clustering is performed through an adaptive clustering algorithm to obtain the sub-function control point set with the same function and mark the key function control point labels.

具体地，连续待验证节点网的构建步骤还包括：Specifically, the steps of building a continuous network of nodes to be verified also include:

根据关键功能控制点数量及关键功能控制点之间数据传输关系信息，通过拓扑算法，构建一级连续待验证节点子网并在一级连续待验证节点子网内节点之间的连接关系上标记数据传输方向；According to the number of key function control points and the data transmission relationship information between the key function control points, a first-level continuous node subnet to be verified is constructed through a topology algorithm, and the data transmission direction is marked on the connection relationship between the nodes in the first-level continuous node subnet to be verified;

根据所述级连续待验证节点子网中每一关键功能控制点信息，通过功能需求分析模型，获得每一关键功能控制点可扩展功能信息及对应的需求资源与内存；According to the information of each key function control point in the subnet of the node to be verified, the scalable function information of each key function control point and the corresponding required resources and memory are obtained through the function requirement analysis model;

根据对应的每一关键功能控制点可扩展功能信息及对应的需求资源与内存，进行对应需求资源与内存预留，当进行系统更新时，根据更新需求和预留需求资源与内存，在对应每一关键功能控制点进行下级子功能控制点挂载和资源与内存分配。According to the expandable function information and the corresponding required resources and memory of each corresponding key function control point, the corresponding required resources and memory are reserved. When the system is updated, the lower-level sub-function control points are mounted and the resources and memory are allocated at each corresponding key function control point according to the update requirements and the reserved required resources and memory.

具体地，连续待验证节点网的构建步骤还包括：Specifically, the steps of constructing a continuous network of nodes to be verified also include:

根据每一关键功能控制点对应的子功能控制点集及子功能控制点集内的数据传输关系，获得每一个一级连续待验证节点下待验证功能子节点集对应的二级区域功能性待验证子网；According to the sub-function control point set corresponding to each key function control point and the data transmission relationship within the sub-function control point set, the second-level regional functional subnet to be verified corresponding to the function sub-node set to be verified under each first-level continuous node to be verified is obtained;

根据关键功能控制点间对应子功能控制点集的数据传输关系构建所有所述二级区域功能性待验证子网间对应待验证功能子节点之间的有向连接关系集；Constructing a directed connection relationship set between corresponding function sub-nodes to be verified between all the secondary regional functional sub-networks to be verified according to the data transmission relationship between the corresponding sub-function control point sets between the key function control points;

基于有向连接关系集和所有所述二级区域功能性待验证子网，获得二级功能性待验证子网。Based on the directed connection relationship set and all the secondary regional functional subnets to be verified, a secondary functional subnet to be verified is obtained.

具体地，每一待验证节点对应的前向攻击验证包由安全性攻击验证子包和功能性攻击验证子包组成；Specifically, the forward attack verification package corresponding to each node to be verified consists of a security attack verification sub-package and a functional attack verification sub-package;

具体地，分布式安全验证层和分布式功能验证层的构建步骤包括：Specifically, the construction steps of the distributed security verification layer and the distributed function verification layer include:

基于所述一级连续待验证节点子网中待验证节点的数量和连接关系，构建相同结构的分布式安全验证节点子网；Based on the number and connection relationship of the nodes to be verified in the first-level continuous node subnet to be verified, a distributed security verification node subnet with the same structure is constructed;

基于所述一级连续待验证节点子网中数据传输的方向，构建初始安全攻击验证节点，并将安全性攻击验证子包配置到初始安全攻击验证节点内；Based on the direction of data transmission in the first-level continuous node subnet to be verified, construct an initial security attack verification node, and configure the security attack verification sub-package into the initial security attack verification node;

基于所述二级功能性待验证子网和对应的数据传输方向，构建得到分布式功能验证子网并根据数据传输方向标记所述分布式功能验证子网中各节点验证的顺序；Based on the secondary functional subnet to be verified and the corresponding data transmission direction, a distributed function verification subnet is constructed and the order of verification of each node in the distributed function verification subnet is marked according to the data transmission direction;

同时根据分布式功能验证子网中各节点验证的顺序，将功能性攻击验证子包配置到所述分布式功能验证子网中初始区域功能攻击验证子网内的每一个功能攻击验证节点中；At the same time, according to the order of verification of each node in the distributed function verification subnet, the functional attack verification sub-package is configured to each functional attack verification node in the initial area functional attack verification subnet in the distributed function verification subnet;

具体地，分布式功能验证子网由区域功能攻击验证子网组成，所述区域功能攻击验证子网与所述二级区域功能性待验证子网结构和节点数量相同；Specifically, the distributed functional verification subnet is composed of a regional functional attack verification subnet, and the regional functional attack verification subnet has the same structure and number of nodes as the secondary regional functional subnet to be verified;

配置分布式同步验证评估控制模型，并将分布式同步验证评估控制模型内置到所述分布式安全验证节点子网、分布式功能验证子网和连续待验证节点网中，进行同步验证评估控制，获得连续待验证节点网对应的验证评估结果。A distributed synchronous verification and evaluation control model is configured, and the distributed synchronous verification and evaluation control model is built into the distributed security verification node subnet, distributed function verification subnet and continuous node network to be verified, and synchronous verification and evaluation control is performed to obtain verification and evaluation results corresponding to the continuous node network to be verified.

具体地，分布式同步验证评估控制模型包括分布式通过控制子模型、分布式评估参数子模型和差分后向共享子模型；Specifically, the distributed synchronous verification evaluation control model includes a distributed pass control sub-model, a distributed evaluation parameter sub-model and a differential backward sharing sub-model;

所述分布式通过控制子模型，用于控制所述分布式安全验证层和分布式功能验证层中对应的安全攻击验证节点与功能攻击验证节点的同步性，并将评估为高危待验证节点对应安全攻击验证节点的安全性攻击验证子包根据分布式安全验证节点子网中连接关系的方向，向后一安全攻击验证节点进行安全攻击参数共享；The distributed control sub-model is used to control the synchronization of the corresponding security attack verification nodes and functional attack verification nodes in the distributed security verification layer and the distributed functional verification layer, and share the security attack parameter of the security attack verification sub-package of the security attack verification node corresponding to the high-risk node to be verified with the next security attack verification node according to the direction of the connection relationship in the distributed security verification node subnet;

具体地，高危待验证节点，通过所述分布式评估参数子模型结合预设的危险评估区间等级，根据每一同步被攻击待验证节点和对应M个待验证功能子节点对应的第一安全待验证参数与第一功能待验证参数获取得到；Specifically, the high-risk node to be verified is obtained by combining the distributed evaluation parameter sub-model with the preset risk assessment interval level according to the first security parameter to be verified and the first function parameter to be verified corresponding to each synchronously attacked node to be verified and the corresponding M function sub-nodes to be verified;

同时将高危待验证功能子节点对应功能攻击验证节点的有效攻击参数，根据聚类算法将获取的功能相同的子功能控制点集和分布式功能验证子网中连接关系的方向对应的后一功能攻击验证节点进行共享。At the same time, the effective attack parameters of the function attack verification node corresponding to the high-risk function sub-node to be verified are shared with the next function attack verification node corresponding to the direction of the connection relationship in the distributed function verification subnet and the sub-function control point set with the same function obtained according to the clustering algorithm.

具体地，分布式评估参数子模型，用于对每一同步被攻击待验证节点和对应M个待验证功能子节点的第一安全待验证参数与第一功能待验证参数进行评估并结合预设的危险评估区间等级，获得待验证节点和对应M个待验证功能子节点的攻击危险评分及对应的危险等级和有效性评估得分；Specifically, the distributed evaluation parameter sub-model is used to evaluate the first security parameter to be verified and the first function parameter to be verified of each synchronously attacked node to be verified and the corresponding M function sub-nodes to be verified, and combine the preset risk assessment interval level to obtain the attack risk score of the node to be verified and the corresponding M function sub-nodes to be verified and the corresponding risk level and effectiveness assessment score;

具体地，差分后向共享子模型，根据所述连续待验证节点网中连接关系的方向和当前被攻击的待验证节点及待验证功能子节点的攻击类型参数，向后向处于同一数据传输链的待验证节点及待验证功能子节点进行共享判断，若对应待验证节点或待验证功能子节点包含相同攻击类型参数，则不共享，若不包含则进行攻击类型参数共享。Specifically, the differential backward sharing sub-model performs sharing judgment backward toward the nodes to be verified and the functional sub-nodes to be verified that are in the same data transmission chain according to the direction of the connection relationship in the continuous network of nodes to be verified and the attack type parameters of the currently attacked nodes to be verified and the functional sub-nodes to be verified. If the corresponding nodes to be verified or the functional sub-nodes to be verified contain the same attack type parameters, they are not shared; if not, the attack type parameters are shared.

具体地，进行同步验证评估控制，获得连续待验证节点网对应的验证评估结果的步骤包括：Specifically, the steps of performing synchronous verification and evaluation control and obtaining verification and evaluation results corresponding to the continuous node network to be verified include:

根据所述初始安全攻击验证节点对所述连续待验证节点网中初始待验证节点以及初始待验证节点和第二待验证节点之间的有向连接关系进行攻击；Attacking the initial node to be verified and the directed connection relationship between the initial node to be verified and the second node to be verified in the continuous node to be verified network according to the initial security attack verification node;

同时通过分布式通过控制子模型控制初始安全攻击验证节点对应的所述初始区域功能攻击验证子网对初始二级区域功能性待验证子网以及初始二级区域功能性待验证子网与第二二级区域功能性待验证子网之间的有向连接关系进行攻击；At the same time, the initial regional functional attack verification subnet corresponding to the initial security attack verification node is controlled by the distributed control submodel to attack the initial secondary regional functional subnet to be verified and the directed connection relationship between the initial secondary regional functional subnet to be verified and the second secondary regional functional subnet to be verified;

所述初始二级区域功能性待验证子网与所述初始待验证节点对应；The initial secondary regional functional subnet to be verified corresponds to the initial node to be verified;

获取初始待验证节点及对应连接关系和初始二级区域功能性待验证子网及对应有向连接关系被攻击后的第一安全待验证参数与第一功能待验证参数并进行对应待验证节点和待验证功能子节点标号标记，构建得到初始攻击参数集；Obtain the first security parameters to be verified and the first functional parameters to be verified after the initial nodes to be verified and the corresponding connection relationships and the initial secondary regional functional subnets to be verified and the corresponding directed connection relationships are attacked, and label the corresponding nodes to be verified and the functional subnodes to be verified, so as to construct an initial attack parameter set;

将构建的初始攻击参数集，输入到所述分布式评估参数子模型对初始待验证节点及初始二级区域功能性待验证子网中每一待验证功能子节点进行评估，获得初始待验证节点及初始二级区域功能性待验证子网中每一待验证功能子节点对应的危险等级和有效性评估得分。The constructed initial attack parameter set is input into the distributed evaluation parameter sub-model to evaluate the initial node to be verified and each functional sub-node to be verified in the initial secondary area functional sub-network to be verified, so as to obtain the corresponding danger level and effectiveness evaluation score of the initial node to be verified and each functional sub-node to be verified in the initial secondary area functional sub-network to be verified.

具体地，进行同步验证评估控制，获得连续待验证节点网对应的验证评估结果的步骤还包括：Specifically, the step of performing synchronous verification and evaluation control to obtain verification and evaluation results corresponding to the continuous node network to be verified also includes:

以预设的危险评估区间内高危等级区间下限对应评分值构建有效性评估阈值，若初始待验证节点或初始二级区域功能性待验证子网中任一待验证功能子节点对应的有效性评估得分大于或等于有效性评估阈值，则判定待验证更新复杂网络系统参数失效；The validity assessment threshold is constructed with the score value corresponding to the lower limit of the high-risk level interval within the preset risk assessment interval. If the validity assessment score corresponding to the initial node to be verified or any functional sub-node to be verified in the initial secondary regional functional sub-network to be verified is greater than or equal to the validity assessment threshold, the update of the complex network system parameters to be verified is determined to be invalid;

若初始待验证节点和初始二级区域功能性待验证子网中所有待验证功能子节点对应的有效性评估得分都小于有效性评估阈值，则判定初始待验证节点及对应的初始二级区域功能性待验证子网中所有待验证功能子节点有效；If the validity evaluation scores corresponding to the initial node to be verified and all the functional sub-nodes to be verified in the initial secondary regional functional sub-network to be verified are less than the validity evaluation threshold, then the initial node to be verified and all the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified are determined to be valid;

当判定初始待验证节点及对应的初始二级区域功能性待验证子网中所有待验证功能子节点有效后，根据初始待验证节点及对应的初始二级区域功能性待验证子网中所有待验证功能子节点对应的危险等级进行攻击参数后向共享传播判断。When it is determined that the initial node to be verified and all the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified are valid, the attack parameters are backward shared and propagated according to the danger levels corresponding to the initial node to be verified and all the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified.

若初始待验证节点为高危等级或对应的初始二级区域功能性待验证子网中任一待验证功能子节点为高危等级，则通过所述分布式通过控制子模型将初始安全攻击验证节点对应的安全性攻击验证子包，根据分布式安全验证节点子网中连接关系的方向，向后一安全攻击验证节点进行安全攻击参数共享；If the initial node to be verified is of high risk level or any of the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified is of high risk level, the security attack verification sub-package corresponding to the initial security attack verification node is shared with the next security attack verification node through the distributed control sub-model according to the direction of the connection relationship in the distributed security verification node sub-network;

同时将初始二级区域功能性待验证子网中高危待验证功能子节点对应功能攻击验证节点内的功能性攻击验证子包，根据聚类算法将获取的功能相同的子功能控制点集和分布式功能验证子网中当前功能攻击验证节点对应连接关系方向的后一功能攻击验证节点进行共享；At the same time, the functional attack verification sub-package in the functional attack verification node corresponding to the high-risk functional sub-node to be verified in the initial secondary regional functional to-be-verified sub-network is shared according to the clustering algorithm with the obtained sub-function control point set with the same function and the next functional attack verification node in the direction of the connection relationship corresponding to the current functional attack verification node in the distributed functional verification sub-network;

若初始待验证节点和对应的初始二级区域功能性待验证子网中任一待验证功能子节点都不为高危等级，则不对安全攻击验证节点和功能攻击验证节点进行后向攻击验证子包共享；If the initial node to be verified and any of the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified are not of high risk level, the backward attack verification sub-package sharing will not be performed on the security attack verification node and the functional attack verification node;

同时通过差分后向共享子模型将所述初始待验证节点及对应的初始二级区域功能性待验证子网中所有待验证功能子节点对应受到的攻击类型参数根据所述连续待验证节点网中数据传输对应的连接关系方向进行后向共享。At the same time, the attack type parameters corresponding to the initial node to be verified and all the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified are shared backwards according to the connection relationship direction corresponding to the data transmission in the continuous node to be verified network through the differential backward sharing sub-model.

根据所述连续待验证节点网中数据传输对应的连接关系方向，重复初始待验证节点及对应的初始二级区域功能性待验证子网中所有待验证功能子节点的攻击过程，对所述连续待验证节点网后续的每一待验证节点及对应的二级区域功能性待验证子网中所有待验证功能子节点进行攻击；Repeat the attack process of the initial node to be verified and all the functional sub-nodes to be verified in the corresponding initial secondary regional functional sub-network to be verified according to the connection relationship direction corresponding to the data transmission in the continuous node to be verified network, and attack each subsequent node to be verified in the continuous node to be verified network and all the functional sub-nodes to be verified in the corresponding secondary regional functional sub-network to be verified;

同时根据每一待验证节点及对应二级区域功能性待验证子网对应的安全攻击验证节点与区域功能攻击验证子网，对当前待验证节点及对应二级区域功能性待验证子网所在数据传输链上的处于前向顺序的验证节点及对应连接关系和对应二级区域功能性待验证子网中待验证功能子节点及对应连接关系进行前向验证攻击；At the same time, according to the security attack verification nodes and regional functional attack verification subnets corresponding to each node to be verified and the corresponding secondary regional functional subnet to be verified, a forward verification attack is performed on the verification nodes and corresponding connection relationships in the forward sequence on the data transmission chain where the current node to be verified and the corresponding secondary regional functional subnet to be verified are located, and the functional subnodes to be verified and the corresponding connection relationships in the corresponding secondary regional functional subnet to be verified;

对上述每一待验证节点及对应二级区域功能性待验证子网被攻击后的危险等级及有效性评估评分进行判定，若对应待验证节点及对应二级区域功能性待验证子网对应的有效性评估得分大于或等于有效性评估阈值，则判定待验证更新复杂网络系统参数失效；Determine the danger level and effectiveness evaluation score of each of the above-mentioned nodes to be verified and the corresponding secondary regional functional subnet to be verified after being attacked. If the effectiveness evaluation score corresponding to the corresponding node to be verified and the corresponding secondary regional functional subnet to be verified is greater than or equal to the effectiveness evaluation threshold, then determine that the update of the complex network system parameters to be verified is invalid;

否则继续进行验证并将所述每一待验证节点及对应的二级区域功能性待验证子网中所有待验证功能子节点对应受到的攻击类型参数根据所述连续待验证节点网中数据传输对应的连接关系方向进行后向共享，直到所有待验证节点验证完成。Otherwise, verification continues and the attack type parameters corresponding to each node to be verified and all the functional sub-nodes to be verified in the corresponding secondary regional functional sub-node to be verified are shared backward according to the connection relationship direction corresponding to the data transmission in the continuous node network to be verified until the verification of all nodes to be verified is completed.

面向复杂网络系统安全有效性的动态验证系统，包括：验证网络模块、参数解析模块、攻击验证模块；Dynamic verification system for security and effectiveness of complex network systems, including: verification network module, parameter parsing module, attack verification module;

所述验证网络模块，基于复杂网络系统属性配置分层分布式有效验证网络，所述分层分布式有效验证网络包括分布式安全验证层和分布式功能验证层；The verification network module configures a hierarchical distributed effective verification network based on complex network system properties, wherein the hierarchical distributed effective verification network includes a distributed security verification layer and a distributed function verification layer;

所述参数解析模块，用于获取待验证更新复杂网络系统参数，通过内置的验证分解模型，获得连续待验证节点网及每一节点对应的第一安全待验证参数集与第一功能待验证参数集。The parameter parsing module is used to obtain the complex network system parameters to be verified and updated, and obtain the continuous node network to be verified and the first security parameter set to be verified and the first function parameter set to be verified corresponding to each node through the built-in verification decomposition model.

所述攻击验证模块包括攻击构建单元和攻击验证单元；The attack verification module includes an attack construction unit and an attack verification unit;

所述攻击构建单元，基于连续待验证节点网中连续两个节点对应的第一安全待验证参数与第一功能待验证参数及连接关系属性，构建每一待验证节点对应的前向攻击验证包并内置到分层分布式有效验证网络；The attack construction unit constructs a forward attack verification package corresponding to each node to be verified based on the first security parameter to be verified and the first function parameter to be verified corresponding to two consecutive nodes in the continuous node network to be verified and the connection relationship attribute, and builds the package into the hierarchical distributed effective verification network;

所述攻击验证单元，利用所述分层分布式有效验证网络对所述连续待验证节点网中任一节点及对应的数据传输链进行前向验证攻击，并判别每一被攻击节点对应第一安全待验证参数与第一功能待验证参数是否有效；若有效，则继续验证并将连续待验证节点网中前一节点对应的攻击类型进行后向共享，直至所有待验证节点验证完成，若无效，则待验证更新复杂网络系统参数失效。The attack verification unit uses the hierarchical distributed effective verification network to perform a forward verification attack on any node in the continuous node network to be verified and the corresponding data transmission chain, and determines whether the first security parameter to be verified and the first function parameter to be verified corresponding to each attacked node are valid; if valid, continue to verify and share the attack type corresponding to the previous node in the continuous node network to be verified backward until the verification of all nodes to be verified is completed; if invalid, the updated complex network system parameters to be verified are invalid.

与现有技术相比，本发明的有益效果是：Compared with the prior art, the present invention has the following beneficial effects:

本发明针对现有技术的不足，通过分层分布式有效验证网络，构建了“动态防御-关联分析-主动验证”三位一体的协同机制，实现了复杂网络验证效能的系统性提升，特别是，通过分布式安全验证层和分布式功能验证层的解耦协同，在规避单点故障的同时，形成安全参数验证与网络参数有效性评估的双重防护屏障，节点级验证包的链式攻击验证机制，使得跨节点攻击路径可被动态追踪，破解了传统验证中局部防护与全局安全割裂的难题，其次，基于验证分解模型的参数解耦技术，将安全验证（如加密强度、访问控制）与有效性验证（如时延容忍度、负载均衡、节点控制标准参数）进行动态关联分析，结合连接关系属性的时空建模，可精准识别参数异常与拓扑演变的耦合风险，进一步提升验证指标覆盖率；In view of the deficiencies of the prior art, the present invention constructs a three-in-one collaborative mechanism of "dynamic defense-correlation analysis-active verification" through a hierarchical distributed effective verification network, thereby achieving a systematic improvement in the verification efficiency of complex networks. In particular, through the decoupled collaboration of the distributed security verification layer and the distributed functional verification layer, a double protection barrier of security parameter verification and network parameter validity evaluation is formed while avoiding single point failures. The chain attack verification mechanism of the node-level verification package enables the cross-node attack path to be dynamically tracked, solving the problem of the separation of local protection and global security in traditional verification. Secondly, based on the parameter decoupling technology of the verification decomposition model, security verification (such as encryption strength, access control) and validity verification (such as delay tolerance, load balancing, node control standard parameters) are dynamically correlated and analyzed. Combined with the spatiotemporal modeling of connection relationship attributes, the coupling risk of parameter anomalies and topological evolution can be accurately identified, further improving the coverage of verification indicators.

本发明还通过前向攻击验证包的主动注入机制和后向攻击共享机制，将传统被动响应转变为攻击路径预演验证，这种以攻促防的策略，结合连续节点网的递推验证逻辑，可提前暴露多条攻击链的脆弱环节，进一步提升新型复合攻击的识别速度。The present invention also transforms traditional passive response into attack path preview verification through the active injection mechanism of forward attack verification packages and the backward attack sharing mechanism. This strategy of promoting defense through attack, combined with the recursive verification logic of the continuous node network, can expose the vulnerable links of multiple attack chains in advance and further improve the recognition speed of new compound attacks.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明实施例1面向复杂网络系统安全有效性的动态验证方法流程图；FIG1 is a flow chart of a dynamic verification method for security effectiveness of a complex network system according to Embodiment 1 of the present invention;

图2为本发明实施例2面向复杂网络系统安全有效性的动态验证系统模块图。FIG. 2 is a module diagram of a dynamic verification system for security effectiveness of a complex network system according to Embodiment 2 of the present invention.

具体实施方式DETAILED DESCRIPTION

实施例1Example 1

在工业控制领域，电力、石油化工、汽车制造等行业的工业控制系统实时性和可靠性要求极高，在上述领域的复杂网络系统中，随着生成规模及对应网络规模的不断扩大和应用场景的日益复杂，且每一个生成步骤对应的控制过程都极为精细和复杂，但对应的复杂网络系统在更新时也更容易被攻击，导致系统失效，带来不可挽回的损失，为了解决上述问题，参阅图1，本发明提供的一种实施例：面向复杂网络系统安全有效性的动态验证方法，步骤包括：In the field of industrial control, the real-time and reliability requirements of industrial control systems in industries such as electric power, petrochemicals, and automobile manufacturing are extremely high. In the complex network systems in the above fields, with the continuous expansion of the generation scale and the corresponding network scale and the increasing complexity of the application scenarios, and the control process corresponding to each generation step is extremely delicate and complex, the corresponding complex network system is also more vulnerable to attacks during the update, resulting in system failure and irreparable losses. In order to solve the above problems, referring to FIG1, an embodiment of the present invention is provided: a dynamic verification method for the security effectiveness of a complex network system, the steps comprising:

S1、基于复杂网络系统属性配置分层分布式有效验证网络，所述分层分布式有效验证网络包括分布式安全验证层和分布式功能验证层；S1. configuring a hierarchical distributed effective verification network based on complex network system properties, wherein the hierarchical distributed effective verification network includes a distributed security verification layer and a distributed function verification layer;

进一步地，本实施例中复杂网络系统属性根据对应领域，进行具体领域属性参数获取，构建分层分布式有效验证网络，例如电力领域对应包括：设备参数、运行参数和通信参数等；Furthermore, in this embodiment, the complex network system attributes are acquired according to the corresponding fields, and the specific field attribute parameters are obtained to build a hierarchical distributed effective verification network. For example, the power field corresponds to: equipment parameters, operation parameters and communication parameters, etc.;

其中，设备参数包括：The device parameters include:

发电设备：发电机的额定功率、额定电压、额定电流、功率因数、转子转速、励磁电流等。这些参数决定了发电机的发电能力和运行特性，在复杂网络系统更新时，其参数变化可能影响电力的稳定供应。例如，发电机额定功率提升可能改变电网的功率平衡，需要验证相关节点的负载均衡能力。Power generation equipment: rated power, rated voltage, rated current, power factor, rotor speed, excitation current, etc. of the generator. These parameters determine the generator's power generation capacity and operating characteristics. When the complex network system is updated, its parameter changes may affect the stable supply of electricity. For example, the increase in the rated power of the generator may change the power balance of the power grid, and the load balancing capability of the relevant nodes needs to be verified.

输电设备：输电线路的电阻、电抗、电容、电导等电气参数，以及线路长度、杆塔高度、导线型号等物理参数。电阻和电抗影响输电过程中的功率损耗和电压降，电容和电导则与线路的充电功率和泄漏电流相关。如输电线路电阻变化可能影响线路的输电效率，需验证数据加密强度以防止参数被恶意篡改。Transmission equipment: electrical parameters such as resistance, reactance, capacitance, and conductance of the transmission line, as well as physical parameters such as line length, tower height, and conductor model. Resistance and reactance affect power loss and voltage drop during transmission, while capacitance and conductance are related to the charging power and leakage current of the line. For example, changes in the resistance of the transmission line may affect the transmission efficiency of the line, and the data encryption strength needs to be verified to prevent malicious tampering of parameters.

变电设备：变压器的额定容量、变比、短路阻抗、空载损耗、负载损耗等。变比决定了电压变换的比例，短路阻抗影响变压器的短路电流和电压波动。当变压器参数改变时，需要验证其对电网运行的影响，以及访问控制流程是否安全。Transformer equipment: transformer rated capacity, ratio, short-circuit impedance, no-load loss, load loss, etc. The ratio determines the proportion of voltage transformation, and the short-circuit impedance affects the short-circuit current and voltage fluctuation of the transformer. When the transformer parameters change, it is necessary to verify its impact on the operation of the power grid and whether the access control process is safe.

运行参数包括：The operating parameters include:

电压参数：电网各节点的电压幅值和相角。电压幅值的稳定是保证电力设备正常运行的关键，相角差则影响功率的传输方向和大小。在复杂网络系统更新时，新的设备接入或线路调整可能导致电压波动，需要验证节点间连接关系的时延容忍度，确保电压稳定控制的及时性。Voltage parameters: voltage amplitude and phase angle of each node in the power grid. The stability of voltage amplitude is the key to ensure the normal operation of power equipment, and the phase angle difference affects the direction and size of power transmission. When a complex network system is updated, the access of new equipment or line adjustment may cause voltage fluctuations. It is necessary to verify the delay tolerance of the connection relationship between nodes to ensure the timeliness of voltage stability control.

电流参数：各条线路的电流大小和相位。电流大小反映了线路的负载情况，相位则与功率因数相关。当电流超过线路额定电流时，可能引发线路过热等问题，需要验证负载均衡机制，合理分配电流。Current parameters: the current magnitude and phase of each line. The current magnitude reflects the load of the line, and the phase is related to the power factor. When the current exceeds the rated current of the line, it may cause problems such as line overheating. It is necessary to verify the load balancing mechanism and reasonably distribute the current.

功率参数：有功功率和无功功率的分布。有功功率用于电能的转换和消耗，无功功率用于维持电场和磁场的建立。电网中功率的平衡对于系统的稳定运行至关重要，复杂网络系统更新时，需要验证节点控制标准参数，确保功率的合理分配和调节。Power parameters: distribution of active power and reactive power. Active power is used for the conversion and consumption of electric energy, and reactive power is used to maintain the establishment of electric and magnetic fields. The balance of power in the power grid is crucial to the stable operation of the system. When complex network systems are updated, it is necessary to verify the node control standard parameters to ensure the reasonable distribution and regulation of power.

通信参数包括：The communication parameters include:

数据传输速率：电力系统中各通信链路的数据传输速率，如变电站与调度中心之间、不同变电站之间的通信速率。数据传输速率影响信息传递的及时性和准确性，在复杂网络系统更新时，需要验证其是否满足实时性要求，以及数据加密强度是否能保障通信安全。Data transmission rate: The data transmission rate of each communication link in the power system, such as the communication rate between the substation and the dispatch center, and between different substations. The data transmission rate affects the timeliness and accuracy of information transmission. When updating a complex network system, it is necessary to verify whether it meets the real-time requirements and whether the data encryption strength can ensure communication security.

通信延迟：数据在通信网络中传输的延迟时间。通信延迟可能影响电力系统的控制精度和稳定性，如对继电保护装置的动作时间产生影响。在验证过程中，需要关注时延容忍度，确保通信延迟在可接受范围内。Communication delay: The delay time of data transmission in the communication network. Communication delay may affect the control accuracy and stability of the power system, such as affecting the action time of the relay protection device. During the verification process, it is necessary to pay attention to the delay tolerance to ensure that the communication delay is within an acceptable range.

通信可靠性：通信链路的可靠性指标，如误码率、丢包率等。误码率和丢包率过高可能导致数据传输错误或丢失，影响电力系统的正常运行。在分布式安全验证层和分布式功能验证层中，需要对通信可靠性进行攻击验证，保障通信的稳定。Communication reliability: Reliability indicators of communication links, such as bit error rate, packet loss rate, etc. High bit error rate and packet loss rate may lead to data transmission errors or loss, affecting the normal operation of the power system. In the distributed security verification layer and distributed function verification layer, communication reliability needs to be verified by attack to ensure the stability of communication.

进一步地，本实施例中的分布式安全验证层和分布式功能验证层对应分布结构相同；Furthermore, the distributed security verification layer and the distributed function verification layer in this embodiment have the same corresponding distribution structure;

进一步地，本实施例中的分布式安全验证层中的安全攻击验证节点和连续待验证节点网中一级连续待验证节点子网的待验证节点数量相同且一一对应；Furthermore, the number of security attack verification nodes in the distributed security verification layer in this embodiment and the number of nodes to be verified in the first-level continuous node to be verified subnet in the continuous node to be verified network are the same and correspond one to one;

进一步地，本实施例中的分布式功能验证层中功能攻击验证节点和所述连续待验证节点网中的二级功能性待验证子网中的待验证功能子节点数量相同且一一对应；Furthermore, the number of the function attack verification nodes in the distributed function verification layer in this embodiment and the number of the function sub-nodes to be verified in the secondary functional sub-network to be verified in the continuous node network to be verified are the same and correspond one to one;

进一步地，本实施例中的每一个待验证节点包含M个待验证功能子节点；Furthermore, each node to be verified in this embodiment includesM function sub-nodes to be verified;

进一步地，本实施例中的分布式安全验证层，用于对所述连续待验证节点网中每一待验证节点及节点间的连接关系对应的数据加密强度与访问控制流程进行攻击验证；Furthermore, the distributed security verification layer in this embodiment is used to perform attack verification on the data encryption strength and access control process corresponding to each node to be verified and the connection relationship between nodes in the continuous node network to be verified;

进一步地，本实施例中的分布式功能验证层，用于对所述二级功能性待验证子网中每一待验证功能子节点及子节点间的连接关系对应的时延容忍度、负载均衡、节点控制标准参数进行攻击验证。Furthermore, the distributed function verification layer in this embodiment is used to perform attack verification on the delay tolerance, load balancing, and node control standard parameters corresponding to each function sub-node to be verified and the connection relationship between the sub-nodes in the secondary functional sub-net to be verified.

进一步地，本实施例中分布式安全验证层与分布式功能验证层对应的攻击验证算法，根据对应领域和安全需求，由本领域对应人员进行具体的设定。Furthermore, in this embodiment, the attack verification algorithms corresponding to the distributed security verification layer and the distributed function verification layer are specifically set by corresponding personnel in this field according to the corresponding fields and security requirements.

S2、获取待验证更新复杂网络系统参数，通过内置的验证分解模型，获得连续待验证节点网及每一节点对应的第一安全待验证参数集与第一功能待验证参数集；S2. Obtain the updated complex network system parameters to be verified, and obtain the continuous node network to be verified and the first security parameter set to be verified and the first function parameter set to be verified corresponding to each node through the built-in verification decomposition model;

进一步地，本实施例中的连续待验证节点网的构建步骤包括：Furthermore, the steps of constructing a continuous network of nodes to be verified in this embodiment include:

根据待验证更新复杂网络系统参数，获得系统中每一关键功能控制点信息及关键功能控制点之间数据传输关系信息；Update the complex network system parameters to be verified, obtain the information of each key function control point in the system and the data transmission relationship information between the key function control points;

例如，在电力领域当中，一级关键功能控制点包括区域控制中心、变电站1~10。For example, in the power industry, the first-level key function control points include regional control centers and substations 1 to 10.

二级子功能控制点包括每个变电站下的馈线终端单元（20个）、智能电表（100个）、光伏逆变器控制单元（5个）等。The secondary sub-function control points include feeder terminal units (20), smart meters (100), photovoltaic inverter control units (5), etc. under each substation.

根据所述一级连续待验证节点子网中每一关键功能控制点信息，通过功能需求分析模型，获得每一关键功能控制点可扩展功能信息及对应的需求资源与内存；According to the information of each key function control point in the first-level continuous node subnet to be verified, the scalable function information of each key function control point and the corresponding required resources and memory are obtained through the function requirement analysis model;

示例性地，在本实施例中通过功能需求分析模型对变电站1需预留5%计算资源，用于未来新增光伏逆变器控制单元的计算，同时为每个光伏逆变器控制单元预留10MB内存和2个CPU核心，用于后续新增系统功能或控制设备对应控制子功能的更新存储。For example, in this embodiment, the functional requirement analysis model is used to reserve 5% computing resources for substation 1 for the calculation of new photovoltaic inverter control units in the future. At the same time, 10MB of memory and 2 CPU cores are reserved for each photovoltaic inverter control unit for subsequent update and storage of new system functions or corresponding control sub-functions of the control device.

根据对应的每一关键功能控制点可扩展功能信息及对应的需求资源与内存，进行对应需求资源与内存预留，当进行系统更新时，根据更新需求和预留需求资源与内存，在对应每一关键功能控制点进行下级子功能控制点挂载和资源与内存分配；According to the scalable function information and the corresponding required resources and memory of each corresponding key function control point, the corresponding required resources and memory are reserved. When the system is updated, the lower-level sub-function control points are mounted and resources and memory are allocated at each corresponding key function control point according to the update requirements and the reserved required resources and memory;

进一步地，本实施例中的功能需求分析模型，通过支持向量机和历史功能参数及对应的需求资源与内存构建得到；Furthermore, the functional requirement analysis model in this embodiment is constructed by using a support vector machine and historical functional parameters and corresponding demand resources and memory;

示例性地，在本实施例中针对电力领域，本实施例中的一级连续待验证节点子网包括区域控制中心→变电站1→变电站2→……→变电站N（基于电网物理拓扑），对应的有向箭头为数据传输的方向。Exemplarily, in this embodiment for the power field, the first-level continuous node subnet to be verified in this embodiment includes regional control center → substation 1 → substation 2 → ... → substation N (based on the physical topology of the power grid), and the corresponding directed arrow is the direction of data transmission.

本实施例中的二级功能性待验证子网为每个变电站下挂载馈线终端单元（FTU）、智能电表、光伏逆变器控制单元形成的子网结构；The secondary functional subnet to be verified in this embodiment is a subnet structure formed by a feeder terminal unit (FTU), a smart meter, and a photovoltaic inverter control unit mounted under each substation;

S3、基于连续待验证节点网中连续两个节点对应的第一安全待验证参数与第一功能待验证参数及连接关系属性，构建每一待验证节点对应的前向攻击验证包并内置到分层分布式有效验证网络；S3. Based on the first security parameter to be verified and the first function parameter to be verified corresponding to two consecutive nodes in the continuous node network to be verified and the connection relationship attribute, a forward attack verification package corresponding to each node to be verified is constructed and built into the hierarchical distributed effective verification network;

进一步地，本实施例中的每一待验证节点对应的前向攻击验证包由安全性攻击验证子包和功能性攻击验证子包构成；Furthermore, the forward attack verification package corresponding to each node to be verified in this embodiment is composed of a security attack verification sub-package and a functional attack verification sub-package;

进一步地，本实施例中的安全性攻击验证子包在电力领域模拟针对变电站1的中间人攻击（测试AES-256加密是否被破解），并模拟越权访问（测试操作员权限分级是否生效）。Furthermore, the security attack verification sub-package in this embodiment simulates a man-in-the-middle attack against substation 1 in the power field (testing whether AES-256 encryption is cracked) and simulates unauthorized access (testing whether operator authority classification is effective).

本实施例中的功能性攻击验证子包在电力领域模拟网络拥塞（测试FTU时延容忍度）、模拟光伏发电突增（测试逆变器电压调节精度）和对应智能电表控制参数的篡改（测试对应子功能控制参数被篡改的过程，如智能电表对应电压调节功能，假设标准安全电压为36V，在更新的过程中被篡改成了72V）；The functional attack verification sub-package in this embodiment simulates network congestion in the power field (testing the FTU delay tolerance), simulates a sudden increase in photovoltaic power generation (testing the voltage regulation accuracy of the inverter), and tampering with the corresponding smart meter control parameters (testing the process of tampering with the corresponding sub-function control parameters, such as the smart meter corresponding voltage regulation function, assuming that the standard safety voltage is 36V, which is tampered to 72V during the update process);

所述分布式安全验证层和分布式功能验证层的构建步骤包括：The steps of constructing the distributed security verification layer and the distributed function verification layer include:

进一步地，分布式功能验证子网由区域功能攻击验证子网组成，所述区域功能攻击验证子网与所述二级区域功能性待验证子网结构和节点数量相同；Further, the distributed functional verification subnet is composed of a regional functional attack verification subnet, and the regional functional attack verification subnet has the same structure and number of nodes as the secondary regional functional subnet to be verified;

进一步地，本实施例中的分布式功能验证子网中的功能攻击验证节点随着二级功能性待验证子网对应待验证功能子节点的增加而对应增加，并实时保持一一对应。Furthermore, the function attack verification nodes in the distributed function verification subnet in this embodiment increase accordingly with the increase of the corresponding function sub-nodes to be verified in the secondary functional subnet to be verified, and maintain a one-to-one correspondence in real time.

所述区域有效攻击验证子网与所述二级区域功能性待验证子网结构相同且一一对应；The effective attack verification subnet of the region has the same structure as the functional subnet to be verified in the secondary region and has a one-to-one correspondence;

进一步地，本实施例中的分布式同步验证评估控制模型包括分布式通过控制子模型、分布式评估参数子模型和差分后向共享子模型；Further, the distributed synchronous verification evaluation control model in this embodiment includes a distributed pass control sub-model, a distributed evaluation parameter sub-model and a differential backward sharing sub-model;

进一步地，本实施例中的分布式通过控制子模型，用于控制所述分布式安全验证层和分布式功能验证层中对应的安全攻击验证节点与功能攻击验证节点的同步性，并将评估为高危待验证节点对应安全攻击验证节点的安全性攻击验证子包根据分布式安全验证节点子网中连接关系的方向，向后一安全攻击验证节点进行安全攻击参数共享；Furthermore, the distributed control sub-model in this embodiment is used to control the synchronization of the corresponding security attack verification nodes and functional attack verification nodes in the distributed security verification layer and the distributed functional verification layer, and share the security attack parameter of the security attack verification sub-package of the security attack verification node corresponding to the high-risk node to be verified with the next security attack verification node according to the direction of the connection relationship in the distributed security verification node subnet;

进一步地，本实施例中的高危待验证节点，通过所述分布式同步验证评估控制模型结合预设的危险评估区间等级，根据每一同步被攻击待验证节点和对应M个待验证功能子节点对应的第一安全待验证参数与第一功能待验证参数获取得到；Furthermore, the high-risk node to be verified in this embodiment is obtained by combining the distributed synchronous verification assessment control model with the preset risk assessment interval level according to the first security parameter to be verified and the first function parameter to be verified corresponding to each synchronous attacked node to be verified and the corresponding M function sub-nodes to be verified;

进一步地，本实施例中的分布式评估参数子模型，用于对每一同步被攻击待验证节点和对应M个待验证功能子节点的第一安全待验证参数与第一功能待验证参数进行评估并结合预设的危险评估区间等级，获得待验证节点和对应M个待验证功能子节点的攻击危险评分及对应的危险等级和有效性评估得分；Furthermore, the distributed evaluation parameter sub-model in this embodiment is used to evaluate the first security parameter to be verified and the first function parameter to be verified of each synchronously attacked node to be verified and the corresponding M function sub-nodes to be verified, and combine the preset risk assessment interval level to obtain the attack risk score of the node to be verified and the corresponding M function sub-nodes to be verified and the corresponding risk level and effectiveness assessment score;

进一步地，本实施例中的预设的危险评估区间等级，由对应领域的技术人员根据对应领域具体的安全要求进行具体的区间和区间对应的得分设置；Furthermore, the preset risk assessment interval levels in this embodiment are set by technical personnel in the corresponding field according to the specific safety requirements of the corresponding field to set specific intervals and scores corresponding to the intervals;

进一步地，本实施例中的差分后向共享子模型，根据所述连续待验证节点网中连接关系的方向和当前被攻击的待验证节点及待验证功能子节点的攻击类型参数，向后向处于同一数据传输链的待验证节点及待验证功能子节点进行共享判断，若对应待验证节点或待验证功能子节点包含相同攻击类型参数，则不共享，若不包含则进行攻击类型参数共享。Furthermore, the differential backward sharing sub-model in this embodiment makes a sharing judgment backward toward the nodes to be verified and the functional sub-nodes to be verified in the same data transmission chain according to the direction of the connection relationship in the continuous network of nodes to be verified and the attack type parameters of the currently attacked nodes to be verified and the functional sub-nodes to be verified. If the corresponding nodes to be verified or the functional sub-nodes to be verified contain the same attack type parameters, they are not shared; if not, the attack type parameters are shared.

S4、利用所述分层分布式有效验证网络对所述连续待验证节点网中任一节点及对应的数据传输链进行前向验证攻击，并判别每一被攻击节点对应第一安全待验证参数与第一功能待验证参数是否有效；S4, using the hierarchical distributed effective verification network to perform a forward verification attack on any node in the continuous node network to be verified and the corresponding data transmission chain, and determine whether the first security parameter to be verified and the first function parameter to be verified corresponding to each attacked node are valid;

S5、若有效，则继续验证并将连续待验证节点网中前一节点对应的攻击类型进行后向共享，直至所有待验证节点验证完成，若无效，则待验证更新复杂网络系统参数失效。S5. If it is valid, continue to verify and share the attack type corresponding to the previous node in the continuous node network to be verified backward until all nodes to be verified are verified. If it is invalid, the complex network system parameters to be verified will be invalid.

进一步地，本实施例中的进行同步验证评估控制，获得连续待验证节点网对应的验证评估结果的步骤包括：Furthermore, the step of performing synchronous verification and evaluation control in this embodiment to obtain verification and evaluation results corresponding to the continuous node network to be verified includes:

根据所述初始安全攻击验证节点对所述连续待验证节点网中初始待验证节点以及初始待验证节点和第二待验证节点之间的有向连接关系进行攻击；Attacking the initial node to be verified in the continuous node to be verified network and the directed connection relationship between the initial node to be verified and the second node to be verified according to the initial security attack verification node;

将构建的初始攻击参数集，输入到所述分布式评估参数子模型对初始待验证节点及初始二级区域功能性待验证子网中每一待验证功能子节点进行评估，获得初始待验证节点及初始二级区域功能性待验证子网中每一待验证功能子节点对应的危险等级和有效性评估得分；Input the constructed initial attack parameter set into the distributed evaluation parameter sub-model to evaluate the initial node to be verified and each functional sub-node to be verified in the initial secondary regional functional sub-network to be verified, and obtain the corresponding danger level and effectiveness evaluation score of each functional sub-node to be verified in the initial node to be verified and the initial secondary regional functional sub-network to be verified;

为了更好的说明上述前向验证攻击过程，假设当前连续待验证节点网中的一级连续待验证节点子网包括5个待验证节点和对应的5个二级功能性待验证子网；In order to better illustrate the above forward verification attack process, it is assumed that the first-level continuous to-be-verified node subnet in the current continuous to-be-verified node network includes 5 to-be-verified nodes and corresponding 5 second-level functional to-be-verified subnets;

这里首先对第一个待验证节点和二级功能性待验证子网中对应的节点进行攻击，并对攻击后待验证节点和二级功能性待验证子网对应的第一安全待验证参数与第一功能待验证参数进行评估和验证，当待验证节点和二级功能性待验证子网中有一个节点对应的有效评估得分大于有效评估得分阈值，则整个待更新的系统参数失效，若通过，则根据危险等级，将高危待验证节点和二级功能性待验证子网中待验证功能子节点对应的安全攻击验证节点与功能攻击验证节点共享到第二待验证节点和二级功能性待验证子网中高危待验证功能子节点对应的功能攻击验证节点；并对待验证节点和二级功能性待验证子网中所有待验证功能子节点受到的攻击类型参数共享到后面4个待验证节点和对应的4个二级功能性待验证子网中的待验证功能子节点中；Here, the first node to be verified and the corresponding node in the secondary functional subnet to be verified are attacked first, and the first security parameter to be verified and the first functional parameter to be verified corresponding to the node to be verified and the secondary functional subnet to be verified after the attack are evaluated and verified. When the valid evaluation score corresponding to one of the nodes to be verified and the secondary functional subnet to be verified is greater than the valid evaluation score threshold, the entire system parameter to be updated is invalid. If it passes, the security attack verification node and the functional attack verification node corresponding to the high-risk node to be verified and the functional subnode to be verified in the secondary functional subnet are shared with the functional attack verification node corresponding to the high-risk functional subnode to be verified in the second node to be verified and the secondary functional subnet; and the attack type parameters of all the functional subnodes to be verified in the node to be verified and the secondary functional subnet are shared with the next 4 nodes to be verified and the corresponding 4 functional subnodes to be verified in the secondary functional subnet;

当验证到第3个待验证节点和二级功能性待验证子网，除了根据上述相同的步骤对第3个待验证节点和二级功能性待验证子网中的待验证功能子节点进行攻击以外，还通过第3个待验证节点和二级功能性待验证子网对应的安全攻击验证节点和区域功能攻击验证子网同时对第一、第二待验证节点、二级功能性待验证子网、第一和第二或第二和第三待验证节点以及二级功能性待验证子网之间的有向连接过程进行同步攻击，并验证攻击后有效，重复上述步骤直到验证完所有的待验证节点。When the third node to be verified and the secondary functional subnet to be verified are verified, in addition to attacking the third node to be verified and the functional subnodes to be verified in the secondary functional subnet according to the same steps as above, the first and second nodes to be verified, the secondary functional subnet to be verified, the first and second or the second and third nodes to be verified, and the directed connection process between the secondary functional subnet are simultaneously attacked synchronously through the security attack verification nodes and regional functional attack verification subnets corresponding to the third node to be verified and the secondary functional subnet, and the attack is verified to be effective. Repeat the above steps until all nodes to be verified are verified.

本实施例中分布式安全验证层和分布式功能验证层与连续待验证节点网的对应结构设计，保障验证全面性与扩展性，具体地，分布式安全验证层和分布式功能验证层与待验证节点子网采用对应结构设计，功能攻击验证节点又能随着待验证功能子节点的增加实时对应增加并保持一一对应关系，这种设计不仅保证了对网络系统中每个节点和连接关系的全面验证覆盖，避免出现验证盲区，而且在系统规模扩大或功能拓展时，能够灵活地进行扩展，持续满足验证需求，提升了系统的适应性和可扩展性。In this embodiment, the corresponding structural design of the distributed security verification layer and the distributed function verification layer and the continuous node network to be verified ensures the comprehensiveness and scalability of verification. Specifically, the distributed security verification layer and the distributed function verification layer and the node subnet to be verified adopt a corresponding structural design, and the functional attack verification nodes can be increased in real time with the increase of the functional sub-nodes to be verified and maintain a one-to-one correspondence. This design not only ensures comprehensive verification coverage of each node and connection relationship in the network system, avoiding verification blind spots, but also can be flexibly expanded when the system scale is expanded or the function is expanded, continuously meet the verification needs, and improve the adaptability and scalability of the system.

在本实施例中分布式同步验证评估控制模型的配置及其中各子模型的协同工作，极大地增强了验证过程的有效性和系统的风险应对能力，分布式通过控制子模型确保了安全与功能验证节点的同步性，实现了高危节点攻击参数的共享，使后续节点能够提前感知潜在风险并做好防范准备，促进了系统各部分之间的协同防御，分布式评估参数子模型能够对节点和子节点的参数进行量化评估，明确危险等级和有效性得分，为判断系统参数的有效性提供了科学、客观的依据，差分后向共享子模型则通过智能判断攻击类型参数的共享，避免了资源浪费和重复验证，提高了验证效率，使系统能够更快速、准确地应对各种攻击情况。In this embodiment, the configuration of the distributed synchronous verification and evaluation control model and the collaborative work of its sub-models greatly enhance the effectiveness of the verification process and the risk response capability of the system. The distributed control sub-model ensures the synchronization of the safety and functional verification nodes and realizes the sharing of attack parameters of high-risk nodes, so that subsequent nodes can perceive potential risks in advance and make preparations for prevention, thereby promoting collaborative defense among various parts of the system. The distributed evaluation parameter sub-model can quantitatively evaluate the parameters of nodes and sub-nodes, clarify the danger level and effectiveness score, and provide a scientific and objective basis for judging the effectiveness of system parameters. The differential backward sharing sub-model intelligently judges the sharing of attack type parameters, avoids resource waste and repeated verification, improves verification efficiency, and enables the system to respond to various attack situations more quickly and accurately.

本实施例中对应的前向验证与后向共享结合，强化系统稳定性，具体表现为，前向验证攻击与后向攻击类型参数共享相结合的验证方式，在对每个节点进行逐一有效性检验的同时，还能将前一节点的攻击类型信息及时共享给后续节点，这使得后续节点在面临相同或类似攻击时能够提前采取针对性措施，增强了系统整体的防御能力和稳定性，有效避免了因部分节点的脆弱性而导致整个系统的崩溃或失效，保障了复杂网络系统的可靠运行。The corresponding forward verification and backward sharing in this embodiment are combined to enhance the stability of the system. Specifically, the verification method combines the forward verification attack with the backward attack type parameter sharing. While performing validity checks on each node one by one, the attack type information of the previous node can be shared with subsequent nodes in a timely manner. This enables subsequent nodes to take targeted measures in advance when facing the same or similar attacks, thereby enhancing the overall defense capability and stability of the system, effectively avoiding the collapse or failure of the entire system due to the vulnerability of some nodes, and ensuring the reliable operation of complex network systems.

本实施例中在验证过程中，通过设定明确的有效性评估阈值和失效判定规则，能够准确判断待验证更新的复杂网络系统参数是否有效，若发现节点或子节点的有效性评估得分超过阈值，则及时判定参数失效，避免存在安全隐患或功能缺陷的参数进入系统，确保了系统更新过程的安全性和可靠性，为系统的持续稳定运行提供了有力保障。In the verification process of this embodiment, by setting clear validity evaluation thresholds and failure judgment rules, it is possible to accurately determine whether the complex network system parameters to be verified and updated are valid. If it is found that the validity evaluation score of a node or sub-node exceeds the threshold, the parameter is promptly determined to be invalid, preventing parameters with security risks or functional defects from entering the system, thereby ensuring the security and reliability of the system update process and providing a strong guarantee for the continuous and stable operation of the system.

为了更好的对上述复杂系统验证过程进行说明，本实施例以电力行业为例，进行具体实例验证过程分解，步骤包括：In order to better illustrate the above complex system verification process, this embodiment takes the power industry as an example to decompose the specific instance verification process, and the steps include:

1、系统分层构建与参数分解：1. System hierarchical construction and parameter decomposition:

目标系统：某区域智能电网系统，包含1个区域控制中心、5个变电站（变电站1~5），每个变电站下挂载20个FTU（馈线终端单元）、100个智能电表、5个光伏逆变器控制单元。Target system: A regional smart grid system, including 1 regional control center, 5 substations (substations 1 to 5), each substation is equipped with 20 FTUs (feeder terminal units), 100 smart meters, and 5 photovoltaic inverter control units.

步骤实现：Steps to achieve:

1.1、构建分层验证网络包括：1.1. Constructing a hierarchical verification network includes:

分布式安全验证层：包含6个安全攻击验证节点（区域控制中心+5个变电站），结构与物理电网一致。Distributed security verification layer: includes 6 security attack verification nodes (regional control center + 5 substations), and the structure is consistent with the physical power grid.

分布式功能验证层：每个安全验证节点对应一个功能验证子网，例如变电站1的功能验证子网包含20个FTU节点、100个智能电表节点、5个光伏逆变器节点。Distributed functional verification layer: Each security verification node corresponds to a functional verification subnet. For example, the functional verification subnet of substation 1 contains 20 FTU nodes, 100 smart meter nodes, and 5 photovoltaic inverter nodes.

1.2、分解关键控制点包括：1.2. Decomposition of key control points includes:

一级节点（即一级连续待验证节点）：区域控制中心、变电站1~5，构成一级连续待验证节点子网，数据传输方向为区域控制中心→变电站1→变电站2→……→变电站5。Level 1 nodes (i.e., level 1 continuous nodes to be verified): regional control center, substations 1 to 5, constitute a level 1 continuous node subnet to be verified, and the data transmission direction is regional control center → substation 1 → substation 2 → ... → substation 5.

二级子节点（即待验证功能子节点）：每个变电站下的FTU、智能电表、光伏逆变器构成二级功能性待验证子网，通过自适应聚类算法将同一变电站下的同类设备（如所有FTU）聚为一类，标记为“变电站1-FTU集群”。Secondary subnode (i.e., functional subnode to be verified): The FTU, smart meter, and photovoltaic inverter under each substation constitute a secondary functional subnet to be verified. The same type of equipment under the same substation (such as all FTUs) is clustered into one category through an adaptive clustering algorithm, marked as "substation 1-FTU cluster".

1.3、资源预留与扩展性设计：1.3. Resource reservation and scalability design:

使用支持向量机（基于历史数据训练）预测资源需求：为每个变电站预留5%计算资源（用于未来新增光伏逆变器）和10MB内存/2个CPU核心（用于设备扩展）。Use support vector machines (trained based on historical data) to predict resource requirements: reserve 5% computing resources (for future additions of PV inverters) and 10MB of memory/2 CPU cores (for equipment expansion) for each substation.

示例：变电站1当前有5个光伏逆变器，预留资源可支持未来新增1个逆变器。Example: Substation 1 currently has 5 PV inverters, and reserved resources can support the addition of 1 inverter in the future.

2、前向攻击验证包配置包括：2. Forward attack verification package configuration includes:

2.1、攻击场景设计：2.1 Attack scenario design:

安全性攻击验证子包（分布式安全验证层）：Security attack verification sub-package (distributed security verification layer):

中间人攻击：模拟攻击者截取区域控制中心与变电站1之间的通信，尝试破解AES-256加密协议。Man-in-the-middle attack: Simulates an attacker to intercept the communication between the regional control center and substation 1 and attempts to crack the AES-256 encryption protocol.

越权访问：测试操作员权限分级，模拟低权限用户尝试修改变电站1的保护定值。Unauthorized access: Test the operator authority classification and simulate a low-authority user trying to modify the protection settings of substation 1.

功能性攻击验证子包（分布式功能验证层）：Functional attack verification sub-package (distributed functional verification layer):

网络拥塞攻击：向变电站1的FTU节点注入高流量数据，测试其时延容忍度（是否在50ms内响应）。Network congestion attack: Inject high-traffic data into the FTU node of substation 1 to test its delay tolerance (whether it responds within 50ms).

光伏发电突增：模拟光伏出力从0%突增至100%，测试逆变器控制单元能否在1秒内将电压波动控制在±5%以内。Sudden increase in photovoltaic power generation: simulates a sudden increase in photovoltaic output from 0% to 100%, and tests whether the inverter control unit can control the voltage fluctuation within ±5% within 1 second.

参数篡改攻击：篡改智能电表的安全电压阈值（从36V改为72V），验证控制系统是否能检测并告警。Parameter tampering attack: Tamper with the safety voltage threshold of the smart meter (from 36V to 72V) to verify whether the control system can detect and alarm.

3、同步攻击验证与动态共享步骤包括：3. The steps of synchronous attack verification and dynamic sharing include:

3.1、验证流程：3.1. Verification process:

初始攻击（区域控制中心）：Initial attack (regional control center):

安全验证：发起中间人攻击，若AES-256未被破解且权限分级生效，则安全性评估得分（如80分）低于高危阈值（90分）。Security verification: Initiate a man-in-the-middle attack. If AES-256 is not cracked and the permission classification is effective, the security assessment score (e.g. 80 points) is lower than the high-risk threshold (90 points).

功能验证：模拟区域控制中心向变电站1发送高频指令，测试其负载均衡能力。若CPU使用率≤70%，则功能评估得分（如85分）有效。Functional verification: simulate the regional control center to send high-frequency instructions to substation 1 to test its load balancing ability. If the CPU usage rate is ≤70%, the functional evaluation score (such as 85 points) is valid.

参数共享与后续攻击：Parameter sharing and subsequent attacks:

后向共享：区域控制中心验证通过后，将攻击类型（如中间人攻击模式）共享至变电站1的安全验证节点。Backward sharing: After verification by the regional control center, the attack type (such as man-in-the-middle attack mode) is shared to the security verification node of substation 1.

链式攻击：变电站1的安全验证节点对自身及与变电站2的连接发起相同攻击，同时其功能验证子网模拟FTU拥塞和逆变器突增攻击。Chain attack: The security verification node of substation 1 launches the same attack on itself and its connection with substation 2, while its functional verification subnet simulates FTU congestion and inverter surge attacks.

动态扩展验证：Dynamic Extended Validation:

新增设备测试：在预留资源中挂载第6个光伏逆变器，模拟其并网时系统能否自动分配资源并保持电压稳定。New equipment test: Mount the sixth PV inverter in the reserved resources to simulate whether the system can automatically allocate resources and maintain voltage stability when it is connected to the grid.

跨站攻击：若变电站3的智能电表被篡改，通过差分后向共享模型，将攻击参数同步至变电站4~5的同类型电表节点，验证全链路的免疫能力。Cross-site attack: If the smart meter at substation 3 is tampered with, the attack parameters are synchronized to the same type of meter nodes at substations 4 and 5 through the differential backward sharing model to verify the immunity of the entire link.

通过上述的示例性验证过程可知，该复杂网络系统验证方法，在分层靶向验证方面，实现安全与功能解耦，独立验证加密强度和设备性能，避免测试盲区，且针对电力行业变电站层级化结构设计验证网络，适配电网物理拓扑；动态资源预留与扩展上，支持智能电网演进，通过预留资源实现系统不中断扩展，并利用支持向量机基于历史记录训练，数据驱动预测准确率，远高于传统经验预留方法；攻击参数智能共享体现在高危攻击快速传播，如智能电表被篡改评估为高危时参数自动共享，实现全网同类设备快速验证，耗时仅为逐一测试的1/5，同时采用差分后向共享避免重复测试；同步评估模型提升了实时性，且实现多链路覆盖，能发现跨站数据传输漏洞；此外，本方法还支持实时验证系统更新；并成功支持风电场并网改造，预留资源验证提前识别风险，避免上线后宕机。Through the above exemplary verification process, it can be seen that the complex network system verification method, in terms of hierarchical targeted verification, realizes the decoupling of security and function, independently verifies the encryption strength and equipment performance, avoids test blind spots, and designs the verification network for the hierarchical structure of power industry substations to adapt to the physical topology of the power grid; in terms of dynamic resource reservation and expansion, it supports the evolution of smart grids, realizes uninterrupted expansion of the system by reserving resources, and uses support vector machines based on historical records for training, and the data-driven prediction accuracy is much higher than the traditional empirical reservation method; the intelligent sharing of attack parameters is reflected in the rapid spread of high-risk attacks. For example, when the smart meter is tampered and evaluated as high-risk, the parameters are automatically shared, and the rapid verification of similar devices in the entire network is realized, which takes only 1/5 of the time of testing one by one, and differential backward sharing is used to avoid repeated testing; the synchronous evaluation model improves real-time performance, and realizes multi-link coverage, which can discover cross-site data transmission vulnerabilities; in addition, this method also supports real-time verification of system updates; and successfully supports the grid-connected transformation of wind farms, and the reserved resource verification identifies risks in advance to avoid downtime after going online.

实施例2Example 2

请参阅图2，本发明提供的另一种实施例：面向复杂网络系统安全有效性的动态验证系统，包括：验证网络模块、参数解析模块、攻击验证模块；Please refer to FIG. 2 , another embodiment provided by the present invention: a dynamic verification system for security effectiveness of a complex network system, comprising: a verification network module, a parameter parsing module, and an attack verification module;

以上结合附图对本发明的实施例进行了描述，但是本发明并不局限于上述的具体实施方式，上述的具体实施方式仅仅是示意性的，而不是限制性的，本领域的普通技术人员在本发明的启示下，在不脱离本发明宗旨和权利要求所保护的范围情况下，还可以对上述实施例进行变化、修改、替换和变型，这些均属于本发明的保护之内。The embodiments of the present invention are described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementation modes, which are merely illustrative rather than restrictive. Under the guidance of the present invention, ordinary technicians in the field may also change, modify, replace and modify the above-mentioned embodiments without departing from the scope of protection of the purpose of the present invention and the claims, and all of these are within the protection of the present invention.

若本公开技术方案涉及个人信息，应用本公开技术方案的产品在处理个人信息前，已明确告知个人信息处理规则，并取得个人自主同意。若本公开技术方案涉及敏感个人信息，应用本公开技术方案的产品在处理敏感个人信息前，已取得个人单独同意，并且同时满足“明示同意”的要求。例如，在摄像头等个人信息采集装置处，设置明确显著的标识告知已进入个人信息采集范围，将会对个人信息进行采集，若个人自愿进入采集范围即视为同意对其个人信息进行采集；或者在个人信息处理的装置上，利用明显的标识/信息告知个人信息处理规则的情况下，通过弹窗信息或请个人自行上传其个人信息等方式获得个人授权；其中，个人信息处理规则可包括个人信息处理者、个人信息处理目的、处理方式以及处理的个人信息种类等信息。If the disclosed technical solution involves personal information, the product using the disclosed technical solution has clearly informed the personal information processing rules and obtained the individual's voluntary consent before processing the personal information. If the disclosed technical solution involves sensitive personal information, the product using the disclosed technical solution has obtained the individual's separate consent before processing the sensitive personal information, and at the same time meets the "explicit consent" requirement. For example, on personal information collection devices such as cameras, clear and prominent signs are set to inform that the personal information collection scope has been entered and personal information will be collected. If the individual voluntarily enters the collection scope, it is deemed that he or she agrees to the collection of his or her personal information; or on the device that processes personal information, when the personal information processing rules are notified by obvious signs/information, the individual's authorization is obtained through pop-up information or by asking the individual to upload his or her personal information; among them, the personal information processing rules may include information such as the personal information processor, the purpose of personal information processing, the processing method, and the type of personal information processed.