Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.
In the current era of advanced integration of globalization and informatization, urban key information infrastructures (such as electric power, traffic, communication, finance, etc.) have formed a highly interconnected, interdependent complex network system. The infrastructures are nerve centers which are socioeconomic and stable to operate, and failure of any link of the infrastructures can cause cascading faults through tight physical connection or logical dependency relationships, so that serious threat is caused to the regional network information security where the network system is located. Therefore, it is important to have a prospective, systematic cascading security risk assessment of critical information infrastructure.
However, existing security assessment methods for critical information infrastructure are generally based on static topologies and focus on identifying vulnerable components in the topology, so that each vulnerable component is subjected to security assessment to obtain the security assessment result of the critical information infrastructure. Since the actual infrastructure network is complex, static topology is difficult to dynamically simulate and quantify the propagation process of faults in the complex network, and safety evaluation is performed on single fragile components, and the situation that the accuracy of the safety evaluation result obtained by the existing infrastructure safety evaluation method is low is caused by the lack of the view point of the overall structural toughness of the system.
In order to improve the accuracy of safety assessment on an infrastructure system, the embodiment of the application constructs a vulnerability curve for each infrastructure node by utilizing an infrastructure undirected graph, carries out fault propagation simulation based on the vulnerability curve, can dynamically quantify the real fault probability of the node in a complex network, overcomes the defect that the traditional static topology analysis can not accurately reflect the cascade failure process, and then forcefully distributes the identified vulnerability nodes into different subsystems in a clustering division stage by introducing node division constraint, thereby realizing 'pre-isolation' and structural optimization of system risks so as to block a potential high risk propagation path, remarkably enhancing the structural toughness of the whole system, and then carries out comprehensive assessment by firstly carrying out local assessment on each optimized sub-division subsystem and then carrying out comprehensive assessment by combining with a global dependency relationship, thereby forming a complete closed loop from dynamic simulation to structural optimization and hierarchical assessment, and greatly improving the accuracy and the foresight of the cascade safety assessment result of the key information infrastructure.
The method, the device, the electronic equipment and the storage medium for evaluating the security of the infrastructure system provided by the embodiment of the application are further described below. Referring to fig. 1, an alternative flowchart of a method for evaluating security of an infrastructure system according to an embodiment of the application is provided, where the method in fig. 1 may include, but is not limited to, steps 101 to 105. It should be understood that the order of steps 101 to 105 in fig. 1 is not particularly limited, and the order of steps may be adjusted, or some steps may be reduced or added according to actual requirements. The infrastructure system security assessment method provided by the embodiment of the application can be applied to any server or intelligent processing terminal and the like.
And 101, acquiring an infrastructure undirected graph.
Step 101 is described in detail below.
In some embodiments, an infrastructure undirected graph G (V, E) is first obtained, the infrastructure undirected graph being generated from logical connections between a plurality of infrastructures in an infrastructure system and an infrastructure. In particular, complex infrastructure systems in the real world are abstracted into a mathematical model that can be computationally analyzed. As the functional unit of the infrastructure, as the node V in the graph theory, a specific functional unit such as a power station, a communication base station, a transportation hub or a financial data center may be represented. The logical connection between nodes V is abstracted to be an edge E of the graph, where the edge E represents a physical coupling (such as a cable connection) or a functional dependency (such as a data output of one system being an operational premise of another system) existing between nodes. By constructing the infrastructure undirected graph, a structured data foundation is laid for subsequent vulnerability analysis and fault propagation simulation.
And 102, generating a vulnerability curve corresponding to each node in the infrastructure undirected graph.
Step 102 is described in detail below.
In some embodiments, after the infrastructure undirected graph G (V, E) is obtained, a vulnerability profile is then generated for each node in the infrastructure undirected graph G (V, E) to quantify the inherent interference immunity of each individual node. The vulnerability profile is a function or data model describing the probability of each node failing itself when subjected to varying degrees of external stress (e.g., the number or proportion of failures of its connected neighbor nodes). The generation of the curve comprehensively considers the self attribute (such as equipment aging degree and safety protection level) of the node and the connection characteristic of the node in the network, so that the stability of the node is converted from a simple normal/fault binary state to a probability model which dynamically changes along with the external environment, and a core basis is provided for the subsequent dynamic simulation.
How the vulnerability profile for each node is generated will be further described below.
Referring to fig. 2, a vulnerability curve corresponding to each node in the infrastructure undirected graph is generated, including the following steps 201 to 203.
And 201, determining failure influence factors of the nodes according to the node attribute information and the node connection relation of each node.
And 202, obtaining failure pressure parameters of the nodes based on failure influence factors.
And 203, obtaining a vulnerability curve of the node based on the failure pressure parameter and the vulnerability function.
Steps 201 to 203 are described in detail below.
In some embodiments, when generating the vulnerability curve of each node, first determining a failure influencing factor of the node according to node attribute information and node connection relation of each node. This process builds the basis of a personalized vulnerability model, aimed at identifying all internal and external factors that may lead to the failure of one infrastructure node. The node attribute information is a static characteristic of the node, such as the type of node (whether it is a power plant or a substation), the ratio of its current design load to the actual operating load, and whether it has redundancy (i.e., redundancy) itself. The node connection relationship is a dynamic interaction effect between nodes in the network topology, for example, the failure state of the neighboring nodes directly connected with the node connection relationship, or more specifically, the ratio of the failed nodes in the neighboring nodes is quantized. By comprehensively collecting and analyzing these failure influencing factors, comprehensive and multidimensional data input can be provided for the subsequent accurate quantification of the bearing capacity of the nodes.
Wherein the failure influencing factor is a set of key indicators for comprehensively quantifying the risk of failure faced by one infrastructure node. It mainly covers two major dimensions, namely, the intrinsic properties of the node itself, such as the type of the node, the level of load currently borne, and whether the redundancy of the backup system is provided, which together determine the underlying compressive capacity thereof, and the dynamic pressure from the external network, which is mainly reflected in the failure state of the neighbor node to which it is directly connected, or more specifically, in the proportion of failed nodes in the neighbor node, which reflect the direct impact of the cascade failure on it.
And then obtaining the failure pressure parameter of the node based on the failure influencing factors. At this point, the identified multiple, heterogeneous failure influencing factors are integrated into a single, quantifiable indicator, namely failure pressure parameter Si, representing the sum or weighted sum of all negative effects acting on the current node. For example, factors such as the overload degree of the node, the failure state of the key neighbor node and the like can be fused through a predefined calculation formula (such as accumulation or weighted sum), so as to obtain a numerical value. The numerical failure pressure parameter Si can intuitively reflect the current risk level born by the node, is a core independent variable for subsequently constructing a vulnerability curve, and enables risks of different sources to be measured by a uniform scale.
And then obtaining a vulnerability curve Pi=fi(Si) of the node based on the failure pressure parameter Si and a preset vulnerability function fi), wherein the vulnerability curve Pi=fi(Si) is used for indicating the corresponding failure probability of the node under different failure pressures. It can be understood that the vulnerability function defines how the failure probability of the node changes with the increase of the failure pressure parameter, and the function can be a classical nonlinear function, such as a Sigmoid function that can smoothly transition from 0 to 1, or an exponential function that increases rapidly, and in a more complex scenario, it can be obtained by fitting even through expert experience, a large amount of historical failure data or special simulation data, so as to ensure that the failure rule of the node of a specific type can be reflected most truly. The obtained failure pressure parameter Si is used as input and substituted into the vulnerability function fi, and the output is the corresponding failure probability Pi. And finally, a complete vulnerability curve Pi=fi(Si is drawn by calculating the failure probability under a series of different failure pressures, the curve intuitively shows the pressure bearing capacity and the failure rule of the node, and a basic unit model is provided for the dynamic safety evaluation of the whole system.
Through implementation of the steps 201 to 203, internal and external factors affecting node stability are comprehensively identified, then quantified through failure pressure parameters, and then an accurate mapping relation between pressure and failure probability is established by means of flexible and configurable vulnerability functions, so that fuzzy qualitative description of node states in traditional evaluation is converted into an accurate, dynamic and computable probability model, the authenticity and accuracy of subsequent fault propagation simulation are greatly improved, and the whole safety evaluation system can be established on the basis of a firm and reliable microscopic model, and further the reliability and practical value of a final evaluation result are remarkably improved.
And 103, obtaining the simulated fault probability of each node based on the vulnerability curve of each node.
Step103 is described in detail below.
In some embodiments, after obtaining the vulnerability profile Pi=fi(Si of each node, the cascade propagation process of the fault in the whole network can be further deduced through simulation based on the vulnerability profiles of all nodes, so as to obtain the risk of node fault closer to reality than static analysis, thereby obtaining the simulated fault probability Pi of each node.
Specifically, the simulation process can adopt methods such as Monte Carlo simulation or graph simulation method, and the like, and can carry out hundreds or thousands of fault scene deductions by setting one or more initial fault nodes and utilizing the vulnerability curve generated in the last step as a propagation rule. In each simulation, the failure of one node applies pressure to its neighbors, which determine whether the failure also occurs based on its own vulnerability profile. By counting the frequency of the final failure of each node in all simulation scenarios, a comprehensive simulation failure probability can be obtained, which not only reflects the vulnerability of the node itself, but also includes the cascade risk that the node is subjected to in the whole system network.
How the Monte Carlo simulation is employed to derive a simulated failure probability for each node will be described in further detail below.
Referring to fig. 3, based on the vulnerability profile of each node, a simulated failure probability of each node is obtained, including the following steps 301 to 302.
Step 301, determining an initial fault node from a plurality of nodes, and performing multiple fault propagation simulation on the plurality of nodes in the infrastructure system based on the vulnerability curve of each node, the initial fault node and multiple fault propagation scenes to obtain simulated fault probability of each node under each fault propagation scene.
Step 302, in each fault propagation simulation, setting an initial fault node to be in a failure state, generating an initial propagation queue based on the initial fault node, determining the simulation fault probability of the neighbor node of the fault node aiming at each fault node in the initial propagation queue, updating the initial propagation queue based on the simulation fault probability of the neighbor node, and determining the simulation fault probability of the neighbor node of the fault node based on the updated initial propagation queue until the initial propagation queue is unchanged.
Steps 301 to 302 are described in detail below.
In some embodiments, when performing fault scenario simulation using Monte Carlo techniques, the risk of cascading failures that an infrastructure network may face is systematically explored through extensive simulation. First, one or a set of initial fault nodes F0 need to be set, which can be determined based on historical data, informative information, or hypothetical extreme attacks, as the origin of fault propagation. Then, multiple fault propagation simulations are performed under the framework of multiple fault propagation scenarios, i.e., the simulation process is repeatedly performed hundreds or thousands of times to cover enough random possibilities and ensure statistical significance of the results. In each simulation, the propagation rule of the fault is entirely dependent on the determined vulnerability profile Pi=fi(Si for each node). Through the process, the frequency of each node fault under various possible evolution paths can be counted finally, so that a comprehensive 'simulated fault probability' reflecting the dynamic risk of the node in the whole network is obtained.
Specifically, in each fault propagation simulation (simulation times t=1, 2,.. The term, T), all node states are first set to "normal state", then the initial fault node F0 is set to "failure state", and an initial propagation queue Q is generated based on the initial fault node, next, for each fault node in the initial propagation queue, all neighbor nodes v of the fault node are traversed to determine a simulated fault probability Pv of the neighbor node v of the fault node, and the initial propagation queue Q is updated based on the simulated fault probability Pv of the neighbor node, and the simulated fault probability Pv of the neighbor node v of the fault node is determined based on the updated initial propagation queue Q until the initial propagation queue does not change.
This process illustrates the specific execution logic of a single fault propagation simulation, which is an iterative algorithmic process. At the beginning of the simulation, the selected "initial failed node F0" is marked as "failed" and placed in a data structure called "initial propagation queue Q" which is used to store all currently known failed nodes whose effects have not yet been fully propagated. The algorithm then enters a loop of taking out a failed node from the queue and looking at all its neighbor nodes v that have not failed. For each neighbor node v, the failure pressure Sv of the neighbor node v is calculated according to the failure conditions of the surrounding (including the node which just fails), the simulated failure probability Pv of the neighbor node v when the neighbor node v fails is determined by utilizing the vulnerability curve of the neighbor node v, and a random judgment is carried out. If the neighbor node v fails due to this secondary decision, it is added to the propagation queue Q. The process continuously updates the initial propagation queue and continues until no new nodes in the queue can be affected by propagation, i.e., until the initial propagation queue is unchanged, indicating that the propagation process of the cascade fault in the simulation is stable. Wherein updating the initial propagation queue may be described in detail below.
Referring to fig. 4, determining a simulated failure probability of a neighbor node of a failed node and updating an initial propagation queue based on the simulated failure probability of the neighbor node includes the following steps 401 to 404.
And 401, when the neighbor node of the fault node is in a normal state, acquiring a failure influence value of the neighbor node, and determining the failure pressure of the neighbor node based on the failure influence value.
Step 402, obtaining failure probability of the neighbor node based on failure pressure and vulnerability curves of the neighbor node, and determining update state of the neighbor node based on Bernoulli test and failure probability.
And step 403, adding the neighbor node into the initial propagation queue when the update state of the neighbor node is a failure state.
And step 404, when the neighbor node of the fault node is in a failure state, adding the neighbor node into the initial propagation queue.
Steps 401 to 404 are described in detail below.
In some embodiments, for each failure node i in the initial propagation queue, the system examines all the neighbor nodes v in the "normal state" one by one, when the neighbor node v of the failure node i is in the normal state, determines a failure impact value corresponding to a failure impact factor of the current neighbor node v, and substitutes the vulnerability function based on the failure impact value to determine a failure pressure Sv of the neighbor node.
And substituting the obtained failure pressure Sv as input into the vulnerability curve Pv=fv(Sv) of the neighboring node, so as to inquire or calculate the specific failure probability Pv of the neighboring node under the current pressure. However, having the failure probability Pv does not mean that the node must fail. The present example thus incorporates a Bernoulli assay, a single random event with only two outcomes, success or failure. In this scenario, the system will perform a "Bernoulli test" with a "failure probability" as a probability of success, which can be understood as a weighted electronic "coin-out". The result of the test will be a direct "determination of the updated state of the neighbor node", i.e. a decision whether it is to transition to the "failure state" or to maintain the "normal state" in the present round of simulation.
And then adding the neighbor node v into the initial propagation queue Q when the update state of the neighbor node v is a failure state. This step is a critical operation to achieve the propagation of the cascading effect in the network. If the "Bernoulli test" results in the "updated state" of the neighbor node c being determined and updated to the "failed state", then the otherwise healthy node now becomes a new source of failure. In order for this newly generated failure to continue to have an impact on its own neighbor node, the system will "add the neighbor node to the initial propagation queue". Through this operation, the node will be treated as a "failed node" in a subsequent simulation cycle, thereby advancing the failed chain reaction one step forward.
In addition, when the neighbor node v of the fault node is originally in a failure state, the neighbor node is added into the initial propagation queue. This step is mainly used as a logical supplement and completeness check to deal with the situation that a certain "neighbor node" is found to be in a "failure state" when checking the neighbor of a "failure node". This may be the case because the neighboring node has been affected by the failure of other paths in the previous simulation cycle. To ensure the integrity of the entire fault propagation process, without missing any potential propagation sources, this step provides that as long as a node is identified as "failed, it should be" added to the initial propagation queue "whenever it fails, to ensure that its impact on other neighbors that have not failed can be fully calculated and propagated.
Through the tight matching of the steps 401 to 404, from the calculation of the pressure borne by the healthy node, the uncertainty of node failure is truly simulated by combining the vulnerability curve with the probabilistic determination of Bernoulli test verification, and the iterative diffusion of cascading faults in the network is realized by dynamically updating the propagation queue, so that the macroscopic fault simulation process is decomposed into a series of strict and repeatable microscopic operations, each simulation is ensured to follow the physical and logical rules and also include the randomness in the real world, and the finally obtained simulation fault probability can reflect the dynamic risk of the system with high fidelity, thereby providing firm algorithm guarantee for the evaluation accuracy.
In one example, the fault propagation scenario is generated by a monte carlo method or a graph simulation method, and the number of simulations is not less than a preset threshold T. For each round, t=1, 2,..in t., the specific procedure included the following steps.
Step 1, initializing states, namely setting all node states as normal, marking an initial fault node F0 as invalid, and initializing a propagation queue Q.
And 2, propagation circulation, namely traversing the neighbor node v of each node in the current propagation queue, calculating the current failure pressure Sv of the neighbor node if the neighbor node does not fail, substituting the current failure pressure Sv into the vulnerability function f to obtain the failure probability, executing a Bernoulli test according to the failure probability, and adding the propagation queue Q if v fails newly.
And 3, recording a propagation result, and recording a failure count +1 of all the nodes in the round Ft, which are failed in the set Ft, aiming at all the nodes.
And 4, repeating the T round simulation, and counting the failure frequency Pi of all nodes=the failure times/T of the node vi in all scenes.
Through the implementation of the steps 301 to 302, by setting the initial faults and performing large-scale repeated simulation, all potential fault propagation paths in the network are systematically explored, the previously constructed vulnerability curves are utilized as dynamic propagation rules, and the chain reaction of the faults spreading from one node to another node is accurately simulated by means of iteratively updating the propagation queues, so that the safety evaluation is not limited to static topology analysis, but hidden cascade risks in the network can be dynamically and quantitatively revealed, key nodes which are fragile and easily affected by neighbors to fail are accurately identified, and the finally obtained simulated fault probability of each node provides a highly reliable and high-insight data base for subsequent risk isolation and systematic safety evaluation.
Step 104, obtaining node partition constraint of the infrastructure system, generating a similarity matrix based on the simulated fault probability of each node, and carrying out clustering partition on the infrastructure system based on the similarity matrix and the node partition constraint to obtain a plurality of partition subsystems.
Step 104 is described in detail below.
In some embodiments, after obtaining the simulated failure probability of each node, then obtaining node partition constraints of the infrastructure system, generating a similarity matrix based on the simulated failure probability of each node, and performing cluster partition on the infrastructure system based on the similarity matrix and the node partition constraints to obtain a plurality of partition subsystems. The process is a key link for realizing active risk isolation and system structure optimization. Firstly, according to the simulated fault probability obtained in the last step, calculating the similarity among nodes, wherein nodes with similar fault probabilities are considered to have similar risk characteristics, so as to construct a similarity matrix W. At the same time, a core "node partition constraint" is introduced, which is a preset rule set, and explicitly specifies that "at most one fragile node is included in each partition subsystem" (i.e., the fragile node must be partitioned into different regions to achieve isolation), and "there is at least one node in the partition subsystem that includes multiple identical functions" (i.e., the units that functionally require coordination should be partitioned into the same region to ensure integrity). And finally, adopting a constraint spectral clustering algorithm capable of fusing data and rules, and dividing the whole infrastructure undirected graph according to a similarity matrix E and node division constraint to finally form a plurality of independent division subsystems.
The node partition constraints include the same partition constraint (Must-Link constraint) and a fragile independent partition constraint (Cannot-Link constraint), wherein Must-Link constraint is used for specifying that a functional unit corresponding to a specific node must be partitioned into the same region, and Cannot-Link constraint is used for specifying that a critical fragile node cannot be partitioned into the same region. The fragile node may be a node whose simulated failure probability is higher than a certain failure threshold value after the simulated failure probability of each node is obtained from the above, or may be a specific predetermined node which is likely to fail.
How the similarity matrix is generated will be further described below.
Referring to fig. 5, a similarity matrix is generated based on the simulated failure probability of each node, including the following steps 501 to 503.
Step 501, obtaining a node probability difference value based on the square of the difference between the simulated fault probabilities of every two nodes and dividing the square of the control parameter.
Step 502, based on the negative value of the node probability difference value, performing index processing to obtain the similarity between every two nodes.
And 503, obtaining a similarity matrix based on all the similarities.
Steps 501 to 503 are described in detail below.
In some embodiments, in generating the similarity matrix W, the node probability difference is obtained by first dividing the square of the difference between the simulated fault probabilities for each two nodes (e.g., node i and node j) by the square of the control parameter a (Pi-Pj)2/2a2. This step is the initial computational step to quantify the risk similarity between any two infrastructure nodes. The system traverses all node pairs in the network, for each pair of nodes, extracts the "fault probability P" they obtained by the fault propagation simulation at the previous stage, and then calculates the difference between the two "fault probability" values, the difference is squared, and the result is positive or negative, and only reflects the difference, and then the square difference is divided by the square of the control parameter, the control parameter a is a key technical feature and plays a role of scale regulation in mathematic and is used for controlling the sensitivity degree of the fault probability difference to the influence of the final similarity.
The control parameter a may be set to be the standard deviation of all Pi, and the more similar the nodes are, the higher the weight is.
And then, based on the negative value of the node probability difference value, carrying out index processing to obtain the similarity between every two nodes. This step aims to convert the difference metric obtained in the previous step into an intuitive similarity metric, namely the similarity wij=exp(-(Pi-Pj)2/2a2 between every two nodes. Firstly, the node probability difference value takes a negative value, and the purpose of the operation is to obtain an intuitive result after the subsequent exponential processing, namely, the smaller the difference is, the higher the similarity is. This negative value is then "further exponentiated", which generally refers to an exponential operation based on a natural constant e, i.e. a gaussian kernel function (RBF) is applied. The similarity value is between 0 and 1, wherein when the fault probabilities of two nodes are completely the same, the node probability difference value is 0, the similarity is 0 th power of e, namely 1 (complete similarity), and when the fault probability difference is huge, the node probability difference value is great, the negative value is a great negative number, and the similarity approaches to 0 (complete dissimilarity).
After completing the computation of the similarity Wij between all possible node pairs in the network, the system organizes the values into a two-dimensional matrix, the similarity matrix W. The rows and columns of the matrix represent all nodes in the infrastructure system, and the values of the elements in the ith row and jth column of the matrix are equal to the calculated "similarity" between node i and node j. The similarity matrix is a symmetric matrix (because the similarity of the nodes i and j is equal to the similarity of the nodes j and i), completely and structurally stores the interrelationship based on dynamic cascade risk among all nodes in the network, and provides core data input for the subsequent clustering algorithm.
Through the strict computation in the steps 501 to 503, the difference of the fault probabilities of the nodes is skillfully mapped to a standardized similarity space by applying the gaussian kernel function, so that the nodes with similar risk characteristics obtain high similarity, and conversely, the nodes are low, thereby providing a quantitative and visual basis for a subsequent clustering algorithm, enabling the algorithm to be capable of definitely showing similar behavior patterns when facing cascade faults, further providing a key data basis for realizing intelligent partitioning and active isolation of high risk node groups based on risks, and being a core bridge for connecting dynamic risk assessment and active structure optimization.
How the infrastructure system is clustered based on the similarity matrix and node partition constraints will be described further below.
Referring to fig. 6, the infrastructure system is clustered based on the similarity matrix and node partition constraints to obtain a plurality of partition subsystems, including the following steps 601 to 605.
And 601, carrying out constraint updating on the similarity matrix based on node partition constraint to obtain a constraint similarity matrix.
Step 601 is described in detail below.
In some embodiments, when partitioning the infrastructure system, the similarity matrix W is first constraint updated based on node partition constraints (including the same partition constraint and a fragile independent partition constraint) to obtain a constraint similarity matrix. The process is the core for realizing active risk isolation and functional aggregation, and preset expert knowledge or operation rules are forcedly injected into a data-driven clustering process. This process will be based on pre-defined node partitioning constraints to determine which nodes must be partitioned in the same region (Must-Link) and which critical fragile nodes must not be partitioned in the same region (Cannot-Link). The system will then modify the similarity matrix W with the node partition constraint to obtain an updated constraint similarity matrix, as described in detail below.
Referring to fig. 7, constraint updating is performed on the similarity matrix based on node division constraint, resulting in a constrained similarity matrix, including the following steps 701 to 703.
Step 701, in the similarity matrix, updating a first target element indicated in the same partition constraint to a first value.
Step 702, updating a second target element indicated in the fragile independent partition constraint to a second value in the similarity matrix.
Step 703, obtaining a constraint similarity matrix based on the updated similarity matrix.
Steps 701 to 703 are described in detail below.
In some embodiments, when modifying the similarity matrix W, first the first target element indicated in the same partition constraint is updated to a first value in the similarity matrix. In this process, it is explicitly specified which nodes must be partitioned together due to their tightly coupled functions or strong business logic dependencies using the same partitioning constraint (i.e., must-Link constraint). Thus, for each pair of nodes specified by this constraint, the system locates their corresponding element, i.e., the first target element, in the similarity matrix and updates its value to the first value. This first value is typically set to a very large positive number, for example 1 or a number much larger than the other similarity values. By doing so, the two nodes show extremely strong binding relations in the updated matrix no matter what the original risk similarity is, so that the subsequent clustering algorithm is guided to consider them as an integral body.
Then in the similarity matrix W, the second target element indicated in the fragile independent partition constraint is updated to a second value. The purpose of this process is to forcibly isolate the high risk nodes to actively block the potential cascading failure propagation paths. In this process, the relationship between high-risk fragile nodes, which is defined by the fragile independent partition constraint (i.e., cannot-Link constraint), cannot be partitioned to the same subsystem. For each pair of fragile nodes specified by this constraint, the system locates their corresponding element, the second target element, in the similarity matrix W and updates its value to the second value. This second value is typically set to 0 or a very small positive number. Such updating operations correspond to manually clipping connections between these high risk nodes, and regardless of the original risk similarity between them, they exhibit a strong repulsive relationship after updating, thereby ensuring that the clustering algorithm will split them into different regions.
After all the processes of 'same division constraint' and 'fragile independent division constraint' are completed, namely numerical value updating is carried out on all the elements designated by constraint in the similarity matrix W, the modified matrix which fuses data driving similarity and rule driving mandatory requirements at the same time is the constraint similarity matrix W ', and the constraint similarity matrix W' is used as direct input of subsequent spectral cluster analysis and carries all information for realizing intelligent and target-oriented system division.
Through the accurate operations of the steps 701 to 703, the method can ensure that the units which functionally need to be cooperated are tightly bound, and meanwhile, the fragile nodes with high risk are effectively isolated, so that the subsequent clustering division is not a pure data mining process, but an intelligent design process with a clear optimization target, the finally obtained constraint similarity matrix can guide the whole evaluation flow to generate a system partition scheme which meets the internal rules of data and meets the requirements of an active security defense strategy, and the practicability and the foresight of security evaluation are greatly improved.
Step 602, obtaining a graph Laplace matrix based on the difference value of the node degree matrix and the constraint similarity matrix.
Step 603, solving the Laplace matrix of the figure to obtain a plurality of feature vectors, and selecting the feature vectors with preset feature quantity as an embedding matrix according to the sequence of the feature vectors, wherein the embedding matrix corresponds to the embedding space.
And step 604, performing clustering processing in the embedded space by using a clustering algorithm to obtain a clustering identifier of each node.
Step 605, dividing the plurality of nodes based on the cluster identification to obtain a plurality of dividing subsystems.
Steps 602 to 605 are described in detail below.
In some embodiments, a graph laplacian matrix l=d-W 'is then derived based on the difference of the node degree matrix D and the constraint similarity matrix W'. The step is a standard core calculation link of a spectral clustering algorithm, and aims to convert connection information of the graph into a matrix with excellent mathematical properties so as to perform spectral analysis. First, a node degree matrix D needs to be calculated, which is a diagonal matrix whose ith element on the diagonal is equal to the sum of all elements of the ith row (or ith column) in the constraint similarity matrix, representing the total connection "weight" or "degree" of node i. Then, subtracting the constraint similarity matrix from the node degree matrix, wherein the difference is the drawing Laplace matrix. This matrix contains all the key information about the structure and connectivity of the graph, and its eigenvalues and eigenvectors can effectively reveal the best way to split the graph.
And then solving the Laplace matrix L of the graph to obtain a plurality of feature vectors, and selecting the feature vectors with the preset feature quantity k as an embedding matrix according to the ordering of the plurality of feature vectors, wherein the embedding matrix corresponds to an embedding space. This step is an embodiment of the concept of spectral clustering "dimension reduction" with the aim of mapping nodes from the original high-dimensional complex relationship space to a low-dimensional and easily clustered space. All the eigenvectors of the graph Laplace matrix L can be obtained by solving the eigenvalue decomposition of the graph Laplace matrix L. These "eigenvectors" correspond to different vibration modes of the graph, where the eigenvectors corresponding to the smallest few non-zero eigenvalues typically contain the optimal partition information of the graph. Thus, the system "selects" feature vectors "of a predetermined number of features (which is equal to the number k of subsystems that it eventually wants to divide) in the order of the plurality of feature vectors (typically in the order of their corresponding feature values from small to large), and combines them to form a new matrix, i.e., an" embedding matrix ". Each row of this "embedding matrix" represents a node in the original graph, but the node at this time has been represented as a point in k-dimensional space, which is the so-called "embedding space".
And then clustering is carried out in the embedded space by utilizing a clustering algorithm, so as to obtain the clustering identification of each node. This step is to complete the final node grouping in the dimension reduced space. In the "embedding space", nodes in the original graph that are structurally close, risk features are similar and satisfy partition constraints are geometrically close to each other, forming distinct clusters. At this point, the points in the K-dimensional space can be "clustered" efficiently using a clustering algorithm, such as the classical K-Means algorithm. The clustering algorithm will automatically partition the points into k different clusters and assign each point (i.e., each node) a "cluster identity" that (e.g., 1, 2..k) specifies the cluster to which it belongs.
And finally, dividing the plurality of nodes based on the cluster identification to obtain a plurality of dividing subsystems. This step is the final logical partitioning of the infrastructure system in the real world based on the calculation of the clusters. The system will traverse all infrastructure nodes and look at the "cluster identity" they are assigned to. All nodes with the same "cluster identity" will be grouped together to form a "partitioning subsystem". Because the whole process starts from the constraint similarity matrix containing forced constraint, the finally obtained dividing subsystems naturally meet the dual objectives of effectively isolating key fragile nodes and completely reserving functional coupling units, and the intelligent and optimized partition of the infrastructure system is completed.
Through implementation of steps 601 to 605, the complex graph partitioning problem is converted into a simple clustering problem in a low-dimensional space through spectrum analysis, so that nodes with similar risk characteristics can be clustered together like traditional clustering, more importantly, preset partitioning constraint can be strictly executed, and accordingly 'active design' of a system is achieved instead of passive analysis, the finally obtained partitioning subsystem is structurally provided with stronger toughness, potential propagation paths of cascading faults are effectively restrained, and an optimized partitioning scheme with prospective and operability is provided for subsequent safety evaluation and actual operation and maintenance management.
And 105, carrying out security assessment on each division subsystem to obtain a security assessment result of the infrastructure system.
Step 105 is described in detail below.
In some embodiments, after the optimization of the infrastructure system is completed, the security assessment is performed on the infrastructure system in two layers in order to reach a comprehensive and structured final assessment conclusion. First, for each independent partitioning subsystem, an internal local security assessment is performed, and the risk and toughness of the internal is analyzed. And then, from the global perspective, considering the macroscopic dependency relationship and the potential cross-regional propagation paths among the partitioned subsystems, and integrating and weighting the evaluation results of all the subsystems to finally form a layered and accurate security evaluation result of the whole infrastructure system. The evaluation mode not only reflects the safety condition of each part, but also reflects the overall safety level of the system after active risk isolation and structural optimization, and is described in detail below.
Referring to fig. 8, security assessment is performed on each of the divided subsystems to obtain a security assessment result of the infrastructure system, including the following steps 801 to 803.
Step 801, for each divided subsystem, acquiring node information of all nodes in the divided subsystem and node association information among the nodes, and determining a sub-security evaluation result of each divided subsystem based on all the node information and the node association information.
Step 802, acquiring system dependency relations among the division subsystems and determining propagation influence relations among the division subsystems based on the system dependency relations.
And 803, carrying out cascade security evaluation on all the divided subsystems based on the propagation influence relationship and all the sub-security evaluation results to obtain security evaluation results of the infrastructure system.
Steps 801 to 803 are described in detail below.
In some embodiments, first, for each partitioning subsystem, node information of all nodes in the partitioning subsystem and node association information between the nodes are acquired, and a sub-security assessment result of each partitioning subsystem is determined based on all the node information and the node association information. This step marks the shift of the center of gravity of the assessment effort from global partitioning to local refinement analysis. For each "partitioning subsystem" formed in the preceding steps, the system will treat it as a separate analysis unit. Inside this unit, the system will "get" all the node information "it contains (e.g. vulnerability, load, etc. of the nodes) and the node association information" between these "nodes" (i.e. the local topology inside the subsystem) on a global basis. Based on these detailed local data, a quantized "sub-security assessment result" representing the robustness or security level of the particular scoring subsystem itself can be calculated and "determined" using a corresponding risk assessment model or algorithm.
And then acquiring the system dependency relationship among the division subsystems, and determining the propagation influence relationship among the division subsystems based on the system dependency relationship. This step aims to promote the analysis view from the inside of the subsystems to the macroscopic level between the subsystems, and builds a "system of systems" dependency model. The system may identify and "acquire" system dependencies "between" different "partitioning subsystems," e.g., the output of the power subsystem is a prerequisite for the operation of the communication subsystem. Such dependencies are higher-level logical associations that go beyond single node connections. Based on these dependencies, the system then further quantifies and models to "determine" the propagation impact relationships between the partitioned subsystems, which may be a weighted directed graph or an impact matrix that accurately describes how well, in what manner, a failure of one subsystem affects other subsystems with which it has a dependency.
And finally, carrying out cascade security assessment on all the divided subsystems based on the propagation influence relationship and all the sub-security assessment results to obtain security assessment results of the infrastructure system. In this process, the system integrates the results of the first two steps, namely, the health status of each subsystem, namely, all sub-safety evaluation results, and the fault conduction paths between the subsystems, namely, the propagation influence relationship. By an algorithm of "cascade safety assessment", the system simulates how, when one or more subsystems with lower safety levels fail, the influence of the subsystem propagates to other subsystems through propagation influence relationships, and comprehensively considers all possible cascade paths and consequences. Through the global dynamic deduction, a security evaluation result of the infrastructure system is finally obtained, and the result is not a simple superposition of risks of all parts, but is a deep insight into the overall toughness of the whole system when the whole system faces to cascade failure.
Through implementation of the steps 801 to 803, refined internal evaluation is carried out on each subsystem subjected to optimization division, then a macroscopic inter-system dependence and influence model is constructed on the basis, and finally a global evaluation conclusion is obtained through a simulation cascading process, so that the safety condition of the system can be clearly revealed, the safety condition of the system depends on the strength of single components or subsystems and depends more deeply on the coupling mode among the single components or subsystems, the finally obtained safety evaluation result has unprecedented depth and breadth, the local risk source can be accurately positioned, the cascade collapse risk of the system level can be prejudged in advance, and a comprehensive, three-dimensional and very guiding-significance risk view is provided for a decision maker.
Referring to fig. 9, a flow chart of a security assessment method for an infrastructure system according to an embodiment of the present application is shown. As shown in fig. 9, a complete technical flow of a method for performing a gateway cascade security assessment based on constrained spectral clustering is shown. First, the top of the flow chart shows the modeling process of the complex critical infrastructure system, namely, abstracting the infrastructure undirected graph of the processing required by the scheme provided by the embodiment of the application from a complex network formed by interconnecting a plurality of industries (such as industries 1,2 and 3). Then, for each node in the graph, by analyzing its internal properties and external pressure, its vulnerability curve is determined, which quantifies the law of variation of node failure probability with increasing pressure. On the basis, a fault scene is generated by simulating the propagation of one or more initial fault nodes (shown as red nodes in the figure) in the network, so that the dynamic simulation fault probability of each node under the cascade effect is obtained. Further, based on constraint division areas, risk similarity among nodes is calculated by utilizing the fault probability obtained in the prior art, and a constraint spectrum clustering algorithm is adopted to divide the whole system into a plurality of more flexible division subsystems by combining preset node division constraints (such as forcing two red fragile nodes in a graph to be divided into different areas). And finally, carrying out internal evaluation on each divided subsystem, comprehensively considering the dependency relationship among the subsystems, and carrying out final safety evaluation to obtain an evaluation report which is comprehensive, accurate and has prospective risk insight.
The embodiment of the application provides an infrastructure system security assessment method, an infrastructure system security assessment device, The electronic equipment and the storage medium comprise the steps of firstly, acquiring an infrastructure undirected graph, wherein the infrastructure undirected graph is generated by a logic connection relation between a plurality of infrastructures in an infrastructure system, then, determining failure influence factors of nodes according to node attribute information and the node connection relation of each node, obtaining failure pressure parameters of the nodes based on the failure influence factors, obtaining vulnerability curves of the nodes based on the failure pressure parameters and vulnerability functions, and determining initial failure nodes from the plurality of nodes and based on the vulnerability curves of each node, wherein the vulnerability curves are used for indicating the corresponding failure probabilities of the nodes under different failure pressures, Performing multiple fault propagation simulation on a plurality of nodes in an infrastructure system by using an initial fault node and a plurality of fault propagation scenes to obtain simulated fault probability of each node under each fault propagation scene, setting the initial fault node as a failure state in each fault propagation simulation, generating an initial propagation queue based on the initial fault node, aiming at each fault node in the initial propagation queue, acquiring a failure influence value of the neighbor node when the neighbor node of the fault node is in a normal state, determining failure pressure of the neighbor node based on the failure influence value, obtaining failure probability of the neighbor node based on the failure pressure and a vulnerability curve of the neighbor node, determining update states of the neighbor node based on a Bernoulli test and the failure probability, adding the neighbor node into the initial propagation queue when the update states of the neighbor node are failure states, adding the neighbor node into the initial propagation queue, determining the simulated fault probability of the neighbor node of the fault node based on the updated initial propagation queue until the initial propagation queue is unchanged, obtaining node partition constraint of the infrastructure system, dividing the model based on the failure probability of each two nodes, dividing the model nodes into a second constraint matrix based on the second constraint coefficient, dividing the second constraint matrix based on the second constraint coefficient, obtaining a value based on a difference value, and obtaining a similarity value based on a difference value between the second constraint and a difference value, and obtaining a similarity value based on a difference value, obtaining constraint similarity matrixes based on updated similarity matrixes, obtaining a graph Laplace matrix based on differences of the node degree matrixes and the constraint similarity matrixes, solving the graph Laplace matrix to obtain a plurality of feature vectors, sorting the feature vectors according to the feature vectors, selecting the feature vectors with preset feature numbers as embedded matrixes, enabling the embedded matrixes to correspond to embedded spaces, carrying out clustering processing in the embedded spaces by using a clustering algorithm to obtain clustering identification of each node, dividing the nodes based on the clustering identification to obtain a plurality of division subsystems, wherein each division subsystem at most comprises one fragile node, at least one division subsystem comprises a plurality of nodes with the same functions, the fragile node is at least one of the nodes, finally, obtaining node information of all nodes in the division subsystems and node association information of all nodes, determining a sub-security assessment result of each division subsystem based on the node information and the node association information, obtaining a system dependency relationship between the division subsystems, determining a propagation influence relationship between the division subsystems based on the system dependency relationship, and carrying out cascade security assessment on the security assessment result of all division subsystems based on the propagation influence relationship and all the security assessment result of all division subsystems, and finally obtaining the security assessment infrastructure.
The embodiment of the application utilizes the infrastructure undirected graph to construct a vulnerability curve for each infrastructure node, carries out fault propagation simulation based on the vulnerability curve, can dynamically quantify the real fault probability of the nodes in a complex network, overcomes the defect that the traditional static topology analysis can not accurately reflect the cascade failure process, and then introduces node division constraint to forcefully disperse the identified vulnerability nodes into different subsystems in a clustering division stage, thereby realizing the 'pre-isolation' and structural optimization of system risks, blocking a potential high-risk propagation path, obviously enhancing the structural toughness of the whole system, and then carrying out local evaluation on each optimized dividing subsystem and then carrying out comprehensive evaluation by combining with a global dependency relationship to form a set of dynamic simulation to structural optimization, In addition, the internal and external factors influencing the stability of the node are comprehensively identified, the internal and external factors are quantized through failure pressure parameters, the accurate mapping relation between the pressure and the failure probability is established through a flexible and configurable vulnerability function, the fuzzy qualitative description of the node state in the traditional evaluation is converted into an accurate, dynamic and computable probability model, the authenticity and the accuracy of the subsequent fault propagation simulation are greatly improved, the whole safety evaluation system can be established on the basis of a firm and reliable microscopic model, the reliability and the practical value of the final evaluation result are further remarkably improved, the uncertainty of the node failure is truly simulated through the probabilistic judgment of combining the vulnerability curve and the Bernoulli test verification from the calculation of the pressure born by the healthy node, the iterative diffusion of the cascading fault in the network is realized through the dynamic update of the propagation queue, and the fault simulation is decomposed into a series of rigorous and strict iterative fault simulation in the network, The simulation method has the advantages that the simulation method can be used for solving the problems that the simulation method is simple, the simulation method is convenient to operate, the repeatable microscopic operation ensures that each simulation both follows physical and logic rules and contains randomness in the real world, so that the finally obtained simulation fault probability can reflect the dynamic risk of a system with high fidelity, a firm algorithm guarantee is provided for the accuracy of evaluation, all potential fault propagation paths in a network are systematically explored by setting initial faults and performing large-scale repeated simulation, the previously constructed vulnerability curves are used as dynamic propagation rules, the linkage reaction of faults spreading from one node to another node is accurately simulated by means of iteratively updating propagation queues, and the safety evaluation is not limited to static topology analysis any more, but can be dynamically implemented, In addition, through applying Gaussian kernel function, the fault probability difference of the nodes is mapped to a standardized similarity space skillfully, so that the nodes with similar risk characteristics obtain high similarity, otherwise, the nodes are low, thereby providing a quantized and visual basis for a subsequent clustering algorithm, enabling the algorithm to determine which nodes show similar behavior patterns when facing cascading faults, and further realizing intelligent partitioning based on risks, The method can ensure that units which functionally need to be cooperated are tightly bound by carrying out targeted forced updating on a similarity matrix, and simultaneously effectively isolate vulnerable nodes with high risk, so that the subsequent clustering division is not a pure data mining process but an intelligent design process with a definite optimization target, and the finally obtained constraint similarity matrix can guide the whole evaluation process to generate a data internal rule, The system partitioning scheme can greatly improve the practicability and the foresight of the safety evaluation, convert complex graph partitioning problems into simple clustering problems in a low-dimensional space through spectrum analysis, not only can aggregate nodes with similar risk characteristics like traditional clustering, but also can strictly execute preset partitioning constraint so as to realize 'active design' of the system rather than passive analysis, so that finally obtained partitioning subsystems have stronger toughness structurally, effectively suppress potential propagation paths of cascade faults, provide an optimized partitioning scheme with foresight and operability for subsequent safety evaluation and actual operation and maintenance management, finally, carry out refined internal evaluation on all subsystems subjected to optimized partitioning, then construct macroscopic inter-system dependence and influence models on the basis, finally obtain a global evaluation conclusion through simulating cascade processes, so that the safety condition of the system is revealed only depending on the strength of single components or subsystems, the risk is not completely and accurately and deeply coupled with the final risk judgment, and the risk is completely and deeply coupled with the final risk judgment stage, and the risk is completely and completely positioned, stereoscopic and very instructive risk views.
The embodiment of the present application further provides an infrastructure system security assessment device, which can implement the above-mentioned infrastructure system security assessment method, and referring to fig. 10, the device 1000 includes:
An undirected graph acquisition module 1010 configured to acquire an infrastructure undirected graph generated by logical connection relationships between a plurality of infrastructures in an infrastructure system and an infrastructure;
A curve generating module 1020, configured to generate a vulnerability curve corresponding to each node in the infrastructure undirected graph;
the fault probability simulation module 1030 is configured to obtain a simulated fault probability of each node based on the vulnerability curve of each node;
The subsystem partitioning module 1040 is configured to obtain node partitioning constraints of the infrastructure system, generate a similarity matrix based on a simulated fault probability of each node, and perform cluster partitioning on the infrastructure system based on the similarity matrix and the node partitioning constraints to obtain a plurality of partitioning subsystems, where each partitioning subsystem includes at most one fragile node, and at least one partitioning subsystem includes a plurality of nodes with the same function, and the fragile node is at least one of the plurality of nodes;
the security evaluation module 1050 is configured to perform security evaluation on each of the partition subsystems, so as to obtain a security evaluation result of the infrastructure system.
In some embodiments, the curve generation module 1020 is further to:
Determining failure influence factors of the nodes according to the node attribute information and the node connection relation of each node;
obtaining failure pressure parameters of the nodes based on failure influence factors;
Based on the failure pressure parameters and the vulnerability function, a vulnerability curve of the node is obtained, wherein the vulnerability curve is used for indicating the failure probability of the node corresponding to different failure pressures.
In some embodiments, the fault probability simulation module 1030 is further configured to:
Determining initial fault nodes from a plurality of nodes, and performing repeated fault propagation simulation on the plurality of nodes in an infrastructure system based on a vulnerability curve of each node, the initial fault nodes and a plurality of fault propagation scenes to obtain simulated fault probability of each node under each fault propagation scene;
In each fault propagation simulation, setting an initial fault node as a failure state, generating an initial propagation queue based on the initial fault node, determining the simulation fault probability of the neighbor node of the fault node aiming at each fault node in the initial propagation queue, updating the initial propagation queue based on the simulation fault probability of the neighbor node, and determining the simulation fault probability of the neighbor node of the fault node based on the updated initial propagation queue until the initial propagation queue is unchanged.
In some embodiments, the fault probability simulation module 1030 is further configured to:
When the neighbor node of the fault node is in a normal state, acquiring a failure influence value of the neighbor node, and determining failure pressure of the neighbor node based on the failure influence value;
Obtaining failure probability of the neighbor node based on failure pressure and vulnerability curves of the neighbor node, and determining update state of the neighbor node based on Bernoulli test and failure probability;
when the updating state of the neighbor node is a failure state, adding the neighbor node into an initial propagation queue;
and when the neighbor node of the fault node is in a failure state, adding the neighbor node into the initial propagation queue.
In some embodiments, the subsystem partitioning module 1040 is further to:
Dividing the square of the difference between the simulated fault probabilities of every two nodes by the square of the control parameter to obtain a node probability difference;
Based on the negative value of the node probability difference value, performing index processing to obtain the similarity between every two nodes;
And obtaining a similarity matrix based on all the similarities.
In some embodiments, the subsystem partitioning module 1040 is further to:
constraint updating is carried out on the similarity matrix based on node partition constraint, so that a constraint similarity matrix is obtained;
Obtaining a graph Laplace matrix based on the difference value of the node degree matrix and the constraint similarity matrix;
Solving the Laplace matrix to obtain a plurality of feature vectors, and selecting the feature vectors with preset feature quantity as an embedding matrix according to the ordering of the plurality of feature vectors, wherein the embedding matrix corresponds to an embedding space;
Clustering is carried out in the embedded space by utilizing a clustering algorithm, so as to obtain a clustering identifier of each node;
based on the cluster identification, dividing the plurality of nodes to obtain a plurality of dividing subsystems.
In some embodiments, the subsystem partitioning module 1040 is further to:
Updating a first target element indicated in the same partition constraint to a first numerical value in a similarity matrix;
Updating a second target element indicated in the fragile independent partition constraint to a second numerical value in the similarity matrix;
and obtaining a constraint similarity matrix based on the updated similarity matrix.
In some embodiments, the security assessment module 1050 is further configured to:
Aiming at each dividing subsystem, acquiring node information of all nodes in the dividing subsystem and node association information among the nodes, and determining a sub-security evaluation result of each dividing subsystem based on all the node information and the node association information;
acquiring a system dependency relationship between the dividing subsystems, and determining a propagation influence relationship between the dividing subsystems based on the system dependency relationship;
And carrying out cascade security evaluation on all the divided subsystems based on the propagation influence relationship and all the sub-security evaluation results to obtain security evaluation results of the infrastructure system.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and in a portion of an embodiment that is not described in detail, the specific implementation manner of the infrastructure system security evaluation device is substantially identical to the specific implementation manner of the infrastructure system security evaluation method, which is not described herein.
The infrastructure system safety assessment device provided by the embodiment of the application constructs a vulnerability curve for each infrastructure node by utilizing the infrastructure undirected graph, performs fault propagation simulation based on the vulnerability curve, can dynamically quantify the real fault probability of the node in a complex network, overcomes the defect that the traditional static topology analysis can not accurately reflect the cascade failure process, and then forcefully distributes the identified vulnerability nodes into different subsystems in a clustering division stage by introducing node division constraint, thereby realizing 'pre-isolation' and structural optimization of system risks so as to block a potential high risk propagation path, remarkably enhancing the structural toughness of the whole system, and then performing local assessment on each optimized dividing subsystem by combining with global dependency relationship to perform comprehensive assessment, thereby forming a set of dynamic simulation to structural optimization, In addition, the internal and external factors influencing the stability of the node are comprehensively identified, the internal and external factors are quantized through failure pressure parameters, the accurate mapping relation between the pressure and the failure probability is established through a flexible and configurable vulnerability function, the fuzzy qualitative description of the node state in the traditional evaluation is converted into an accurate, dynamic and computable probability model, the authenticity and the accuracy of the subsequent fault propagation simulation are greatly improved, the whole safety evaluation system can be established on the basis of a firm and reliable microscopic model, the reliability and the practical value of the final evaluation result are further remarkably improved, the uncertainty of the node failure is truly simulated through the probabilistic judgment of combining the vulnerability curve and the Bernoulli test verification from the calculation of the pressure born by the healthy node, the iterative diffusion of the cascading fault in the network is realized through the dynamic update of the propagation queue, and the fault simulation is decomposed into a series of rigorous and strict iterative fault simulation in the network, The simulation method has the advantages that the simulation method can be used for solving the problems that the simulation method is simple, the simulation method is convenient to operate, the repeatable microscopic operation ensures that each simulation both follows physical and logic rules and contains randomness in the real world, so that the finally obtained simulation fault probability can reflect the dynamic risk of a system with high fidelity, a firm algorithm guarantee is provided for the accuracy of evaluation, all potential fault propagation paths in a network are systematically explored by setting initial faults and performing large-scale repeated simulation, the previously constructed vulnerability curves are used as dynamic propagation rules, the linkage reaction of faults spreading from one node to another node is accurately simulated by means of iteratively updating propagation queues, and the safety evaluation is not limited to static topology analysis any more, but can be dynamically implemented, In addition, through applying Gaussian kernel function, the fault probability difference of the nodes is mapped to a standardized similarity space skillfully, so that the nodes with similar risk characteristics obtain high similarity, otherwise, the nodes are low, thereby providing a quantized and visual basis for a subsequent clustering algorithm, enabling the algorithm to determine which nodes show similar behavior patterns when facing cascading faults, and further realizing intelligent partitioning based on risks, The method can ensure that units which functionally need to be cooperated are tightly bound by carrying out targeted forced updating on a similarity matrix, and simultaneously effectively isolate vulnerable nodes with high risk, so that the subsequent clustering division is not a pure data mining process but an intelligent design process with a definite optimization target, and the finally obtained constraint similarity matrix can guide the whole evaluation process to generate a data internal rule, The system partitioning scheme can greatly improve the practicability and the foresight of the safety evaluation, convert complex graph partitioning problems into simple clustering problems in a low-dimensional space through spectrum analysis, not only can aggregate nodes with similar risk characteristics like traditional clustering, but also can strictly execute preset partitioning constraint so as to realize 'active design' of the system rather than passive analysis, so that finally obtained partitioning subsystems have stronger toughness structurally, effectively suppress potential propagation paths of cascade faults, provide an optimized partitioning scheme with foresight and operability for subsequent safety evaluation and actual operation and maintenance management, finally, carry out refined internal evaluation on all subsystems subjected to optimized partitioning, then construct macroscopic inter-system dependence and influence models on the basis, finally obtain a global evaluation conclusion through simulating cascade processes, so that the safety condition of the system is revealed only depending on the strength of single components or subsystems, the risk is not completely and accurately and deeply coupled with the final risk judgment, and the risk is completely and deeply coupled with the final risk judgment stage, and the risk is completely and completely positioned, stereoscopic and very instructive risk views.
The embodiment of the application also provides electronic equipment, which comprises:
at least one memory;
At least one processor;
at least one program;
The program is stored in the memory and the processor executes the at least one program to implement the present application to implement the above-described infrastructure system security assessment method. The electronic device can be any intelligent terminal including a mobile phone, a tablet Personal computer, a Personal digital assistant (PDA for short), a vehicle-mounted computer and the like.
Referring to fig. 11, fig. 11 illustrates a hardware structure of an electronic device according to another embodiment, the electronic device includes:
the processor 1101 may be implemented by a general purpose CPU (central processing unit), a microprocessor, an application specific integrated circuit (ApplicationSpecificIntegratedCircuit, ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solution provided by the embodiments of the present application;
The memory 1102 may be implemented in the form of a ROM (read only memory), a static storage device, a dynamic storage device, or a RAM (random access memory). Memory 1102 may store an operating system and other application programs, and when the technical solutions provided by the embodiments of the present disclosure are implemented in software or firmware, relevant program codes are stored in memory 1102 and invoked by processor 1101 to perform the infrastructure system security assessment method of the embodiments of the present disclosure;
an input/output interface 1103 for implementing information input and output;
the communication interface 1104 is configured to implement communication interaction between the device and other devices, and may implement communication in a wired manner (e.g. USB, network cable, etc.), or may implement communication in a wireless manner (e.g. mobile network, WIFI, bluetooth, etc.);
bus 1105 transmits information between the various components of the device (e.g., processor 1101, memory 1102, input/output interface 1103, and communication interface 1104);
Wherein the processor 1101, memory 1102, input/output interface 1103 and communication interface 1104 enable communication connection therebetween within the device via bus 1105.
The embodiment of the application also provides a storage medium, which is a computer readable storage medium, and the storage medium stores a computer program, and the computer program realizes the infrastructure system security evaluation method when being executed by a processor.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The embodiments described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of technology and the appearance of new application scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.
It will be appreciated by persons skilled in the art that the embodiments of the application are not limited by the illustrations, and that more or fewer steps than those shown may be included, or certain steps may be combined, or different steps may be included.
The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Those of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.
The terms "first," "second," "third," "fourth," and the like in the description of the application and in the above figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one (item)" means one or more, and "a plurality" means two or more. "and/or" is used to describe an association relationship of an associated object, and indicates that three relationships may exist, for example, "a and/or B" may indicate that only a exists, only B exists, and three cases of a and B exist simultaneously, where a and B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one of a, b or c may represent a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. The coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including multiple instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present application. The storage medium includes various media capable of storing programs, such as a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a magnetic disk, or an optical disk.
The preferred embodiments of the present application have been described above with reference to the accompanying drawings, and are not thereby limiting the scope of the claims of the embodiments of the present application. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the embodiments of the present application shall fall within the scope of the claims of the embodiments of the present application.