CN118797598A

CN118797598A - A lightweight user authentication method and system based on device fingerprint

Info

Publication number: CN118797598A
Application number: CN202410778149.6A
Authority: CN
Inventors: 吕磅; 孙歆; 孙昌华; 黄慧; 季奥颖; 郝自飞; 汪溢镭; 王译锋
Original assignee: Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Current assignee: Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date: 2024-06-17
Filing date: 2024-06-17
Publication date: 2024-10-18

Abstract

The present invention discloses a lightweight user authentication method and system based on device fingerprint, belonging to the technical field of electric power Internet of Things. The lightweight user authentication method based on device fingerprint of the present invention uses the trace of static random access memory SRAM as the device fingerprint by constructing a trace generation model, a cluster coupling model, an abnormal calculation model, and a user authentication model; clusters the data at the same time, selects objects that deviate from their cluster centers as trace objects, and measures the abnormal values of the trace objects using local abnormal value factors; and then obtains the ranking of user detection according to the abnormal value factor, and removes users with high abnormal values, thereby avoiding false detection, and obtaining lightweight legal user authentication, with high user authentication efficiency and good flexibility, so that the Internet of Things node can respond quickly, and is suitable for scenarios where a large number of requests need to be processed quickly, and the scheme is scientific, reasonable, and feasible.

Description

A lightweight user authentication method and system based on device fingerprint

技术领域Technical Field

本发明涉及一种基于设备指纹的轻量级用户认证方法和系统，属于电力物联网技术领域。The invention relates to a lightweight user authentication method and system based on device fingerprint, belonging to the technical field of electric power Internet of Things.

背景技术Background Art

在碳减排目标的推动下，我国分布式能源的渗透率稳步提升。以分布式新能源为主体的新型电网中引入了大量物联网节点，用来采集分布式能源接入、输网、配网以及终端用户的运行、用能等数据。采集过程中带来的互动业务指令交互及信息数据的传输大多采用无线公网传输，这些交互数据容易被物理攻击，从而造成数据被篡改。Driven by the goal of reducing carbon emissions, the penetration rate of distributed energy in my country has steadily increased. A large number of IoT nodes have been introduced into the new power grid with distributed new energy as the main body to collect data on distributed energy access, transmission network, distribution network and operation and energy consumption of end users. The interactive business instruction interaction and information data transmission brought about by the collection process are mostly transmitted through wireless public networks. These interactive data are easily attacked by physical attacks, resulting in data tampering.

进一步，中国专利(公开(公告)号：CN110620820A)本发明提供一种泛在电力物联网智能管理系统，包括设备终端和管理终端；所述的设备终端上设有信息采集模块和信息发送模块；所述的信息采集模块，用于采集设备终端的物联网数据；信息发送模块，用于将物联网数据发送到区块链网络中的各个节点进行物联网数据的合法性判断，若所述物联网数据合法，则将所述物联网数据分别写入管理终端和区块链中。通过将物联网数据发送到区块链网络中的各个节点进行物联网数据的合法性判断，若所述物联网数据合法，则将所述物联网数据分别写入管理终端和区块链中防止数据的丢失或变动，防止传统的结构化中心模式若终端出现故障，电网数据管理瘫痪而影响人们的正常生活，保证电网正常运行。Furthermore, the Chinese patent (publication (announcement) number: CN110620820A) The present invention provides a ubiquitous power Internet of Things intelligent management system, including a device terminal and a management terminal; the device terminal is provided with an information collection module and an information sending module; the information collection module is used to collect the Internet of Things data of the device terminal; the information sending module is used to send the Internet of Things data to each node in the blockchain network to judge the legitimacy of the Internet of Things data. If the Internet of Things data is legal, the Internet of Things data is written into the management terminal and the blockchain respectively. By sending the Internet of Things data to each node in the blockchain network to judge the legitimacy of the Internet of Things data, if the Internet of Things data is legal, the Internet of Things data is written into the management terminal and the blockchain respectively to prevent data loss or change, and to prevent the traditional structured center mode from failing. If the terminal fails, the power grid data management is paralyzed and affects people's normal life, ensuring the normal operation of the power grid.

上述利用区块链网络中的各个节点进行物联网数据的合法性判断，但物联网节点处理和存储能力较低，通常具有低带宽的通信通道，因此上述节点处理方案，对节点资源开销较大，使得物联网节点无法做到快速响应，因而上述方案无法适用于需要快速处理大量请求的场景中，导致用户认证效率低，灵活性较差。The above-mentioned method utilizes each node in the blockchain network to judge the legitimacy of IoT data, but the processing and storage capabilities of IoT nodes are low, and they usually have low-bandwidth communication channels. Therefore, the above-mentioned node processing solution has a large node resource overhead, making it impossible for IoT nodes to respond quickly. Therefore, the above-mentioned solution cannot be applied to scenarios that require rapid processing of a large number of requests, resulting in low user authentication efficiency and poor flexibility.

本背景技术中公开的信息仅用于理解本发明构思的背景，因此它可以包括不构成现有技术的信息。The information disclosed in this Background Art is only for understanding the background of the inventive concept and therefore it may include information that does not constitute the prior art.

发明内容Summary of the invention

针对上述问题或上述问题之一，本发明的目的一在于提供一种基于设备指纹的轻量级用户认证方法，通过构建迹线生成模型、聚类耦合模型、异常计算模型、用户认证模型，获得了轻量级的合法用户认证，用户认证效率高，灵活性较好，使得物联网节点可以做到快速响应，适用于需要快速处理大量请求的场景中，进而特别适用于处理和存储能力较低的低带宽的通信通道，方案科学、合理，切实可行。In response to the above problem or one of the above problems, an object of the present invention is to provide a lightweight user authentication method based on device fingerprint. By constructing a trace generation model, a cluster coupling model, an abnormal calculation model, and a user authentication model, a lightweight legitimate user authentication is obtained. The user authentication efficiency is high and the flexibility is good, so that the Internet of Things nodes can respond quickly. It is suitable for scenarios that need to process a large number of requests quickly, and is particularly suitable for low-bandwidth communication channels with low processing and storage capabilities. The solution is scientific, reasonable, and feasible.

针对上述问题或上述问题之一，本发明的目的二在于提供一种基于设备指纹的轻量级用户认证方法和系统，将静态随机存取存储器SRAM迹线表征设备指纹，并作为唯一标识实现对设备的准确区分；同时利用聚类算法对数据进行聚类，选择偏离其聚类中心的对象作为异常候选集，利用局部异常值因子度量异常候选集中的异常值，可以改进局部异常值因子方法的异常值重叠问题；并通过异常值因子获得用户检测的排名，利用排名的降序排序，将异常值高的用户剔除，从而避免了误检，获得了轻量级的合法用户认证。In response to the above problem or one of the above problems, the second object of the present invention is to provide a lightweight user authentication method and system based on device fingerprint, which uses static random access memory SRAM traces to characterize device fingerprints and use them as unique identifiers to accurately distinguish devices; at the same time, a clustering algorithm is used to cluster data, and objects that deviate from their cluster centers are selected as abnormal candidate sets, and local outlier factors are used to measure outliers in the abnormal candidate sets, which can improve the outlier overlap problem of the local outlier factor method; and the ranking of user detection is obtained through the outlier factor, and users with high outliers are eliminated by sorting the rankings in descending order, thereby avoiding false detection and obtaining lightweight legitimate user authentication.

针对上述问题或上述问题之一，本发明的目的三在于提供一种基于设备指纹的轻量级用户认证系统，通过设置采集层、接入层和应用层，实现轻量级合法用户的认证，认证效率高，灵活性较好，使得物联网节点可以做到快速响应，适用于需要快速处理大量请求的场景中，进而特别适用于处理和存储能力较低的低带宽的通信通道，方案科学、合理，切实可行。In response to the above problem or one of the above problems, the third object of the present invention is to provide a lightweight user authentication system based on device fingerprint. By setting up the collection layer, access layer and application layer, the authentication of lightweight legitimate users is realized. The authentication efficiency is high and the flexibility is good, so that the Internet of Things nodes can respond quickly. It is suitable for scenarios where a large number of requests need to be processed quickly, and is particularly suitable for low-bandwidth communication channels with low processing and storage capabilities. The solution is scientific, reasonable and feasible.

为实现上述目的之一，本发明的第一种技术方案为：To achieve one of the above purposes, the first technical solution of the present invention is:

一种基于设备指纹的轻量级用户认证方法，包括以下步骤：A lightweight user authentication method based on device fingerprint comprises the following steps:

第一步，通过先期构建的迹线生成模型，采集静态随机存取存储器SRAM的迹线样本，构造迹线数据集，用于表征设备指纹；In the first step, the trace generation model built in advance is used to collect trace samples of static random access memory (SRAM) and construct a trace data set to characterize device fingerprints.

第二步，利用先期构建的聚类耦合模型对迹线数据集进行聚类处理，得到偏离其聚类中心的一个或多个迹线对象；The second step is to cluster the trace data set using the cluster coupling model constructed in advance to obtain one or more trace objects that deviate from their cluster center;

第三步，采用先期构建的异常计算模型，基于局部异常值因子，度量一个或多个迹线对象的异常信息；The third step is to use the anomaly calculation model constructed in advance to measure the anomaly information of one or more trace objects based on the local outlier factor;

第四步，通过先期构建的用户认证模型，基于异常信息，完成轻量级用户的认证。The fourth step is to complete the authentication of lightweight users based on abnormal information through the user authentication model built in advance.

本发明经过不断探索以及试验，通过构建迹线生成模型、聚类耦合模型、异常计算模型、用户认证模型，将静态随机存取存储器SRAM的迹线作为设备指纹，即设备的唯一标识实现对设备的准确区分；同时对数据进行聚类，选择偏离其聚类中心的对象作为迹线对象，利用局部异常值因子度量迹线对象的异常值，可以改进局部异常值因子方法的异常值重叠问题；进而根据异常值因子获得用户检测的排名，利用排名的降序排序，将异常值高的用户剔除，从而避免了误检，获得了轻量级的合法用户认证，用户认证效率高，灵活性较好；因而本发明方案节点资源开销小，使得物联网节点可以做到快速响应，适用于需要快速处理大量请求的场景中，进而特别适用于处理和存储能力较低的低带宽的通信通道，方案科学、合理，切实可行。After continuous exploration and experimentation, the present invention constructs a trace generation model, a cluster coupling model, an abnormal calculation model, and a user authentication model, and uses the trace of a static random access memory SRAM as a device fingerprint, that is, a unique identifier of a device to achieve accurate distinction of the device; at the same time, the data is clustered, and objects that deviate from their cluster centers are selected as trace objects. The outlier value of the trace object is measured by a local outlier factor, which can improve the outlier overlap problem of the local outlier factor method; and then the ranking of user detection is obtained according to the outlier factor, and the ranking is sorted in descending order to eliminate users with high outliers, thereby avoiding false detection and obtaining lightweight legal user authentication, with high user authentication efficiency and good flexibility; therefore, the node resource overhead of the scheme of the present invention is small, so that the Internet of Things node can respond quickly, and is suitable for scenarios where a large number of requests need to be processed quickly, and is particularly suitable for low-bandwidth communication channels with low processing and storage capabilities. The scheme is scientific, reasonable, and feasible.

进一步，由于静态随机存取存储器SRAM存在于采集层中的物联网节点的板载控制器中，用来存储采集数据，并且各个节点都拥有静态随机存取存储器，因此可以将静态随机存取存储器SRAM的迹作为设备指纹特征，即唯一标识，从而实现设备的准确区分。Furthermore, since the static random access memory SRAM exists in the onboard controller of the IoT node in the acquisition layer and is used to store the acquired data, and each node has a static random access memory, the trace of the static random access memory SRAM can be used as a device fingerprint feature, that is, a unique identifier, to achieve accurate distinction of devices.

更进一步，由于局部异常值因子(local outlier factor，LOF)可以用于检测异常值，但是无法处理重叠异常值。因此，本发明引入聚类耦合模型聚簇，利用聚类耦合模型来分析用户的静态随机存取存储器SRAM迹线，将远离簇中心的用户列为异常候选，利用局部异常因子计算异常候选者的异常度，从而认证合法用户。Furthermore, since the local outlier factor (LOF) can be used to detect outliers, but cannot handle overlapping outliers, the present invention introduces cluster coupling model clustering, uses the cluster coupling model to analyze the user's static random access memory SRAM trace, lists the users far away from the cluster center as abnormal candidates, and uses the local abnormal factor to calculate the abnormal degree of the abnormal candidate, so as to authenticate the legitimate user.

作为优选技术措施：As the preferred technical measures:

所述第一步中，通过迹线生成模型构造迹线数据集的方法如下：In the first step, the method of constructing the trace data set through the trace generation model is as follows:

步骤11：确定待认证的采集层所有用户设备的静态随机存取存储器SRAM；Step 11: Determine the static random access memory SRAM of all user devices of the collection layer to be authenticated;

步骤12：通过打开和关闭电源，从每个静态随机存取存储器收集上电静态随机存取存储器SRAM的迹线样本；Step 12: Collect power-on SRAM trace samples from each SRAM by turning the power on and off;

步骤13：将迹线样本进行组装，得到迹线数据集。Step 13: Assemble the trace samples to obtain a trace data set.

作为优选技术措施：As the preferred technical measures:

所述第二步中，利用聚类耦合模型对迹线数据集进行聚类的方法如下：In the second step, the method of clustering the trace data set using the cluster coupling model is as follows:

步骤21：获取迹线数据集，并初始化聚类参数；Step 21: Obtain the trace data set and initialize the clustering parameters;

步骤22：利用高斯混合算法，对迹线数据集进行处理，获得相应的迹线聚簇；Step 22: Use the Gaussian mixture algorithm to process the trace data set to obtain corresponding trace clusters;

步骤23：基于迹线聚簇，计算迹线数据集的迹线聚簇数目；Step 23: Based on the trace clustering, the number of trace clusters of the trace data set is calculated;

步骤24：计算每个迹线样本属于每个迹线聚簇的概率；Step 24: Calculate the probability that each trace sample belongs to each trace cluster;

步骤25：最大化迹线样本属于某个迹线聚簇的概率，将迹线样本划分到某个迹线聚簇中；Step 25: Maximize the probability that the trace sample belongs to a certain trace cluster, and divide the trace sample into a certain trace cluster;

步骤26：迭代步骤3、步骤4、步骤5直到所有迹线样本聚类完成。Step 26: Iterate steps 3, 4, and 5 until all trace samples are clustered.

作为优选技术措施：As the preferred technical measures:

所述第二步中，利用聚类耦合模型得到偏离其聚类中心的迹线对象的方法如下：In the second step, the method of obtaining the trace object deviating from its cluster center by using the cluster coupling model is as follows:

S21：聚类完成后，对于任意迹线聚簇，计算簇中心；S21: After clustering is completed, for any trace cluster, the cluster center is calculated;

S22：计算迹线聚簇中各个迹线样本到各自簇中心的距离，得到偏离数据；S22: Calculate the distance between each trace sample in the trace cluster and the center of each cluster to obtain deviation data;

S23：基于偏离数据，得到偏离其聚类中心的一个或多个迹线对象；S23: based on the deviation data, obtaining one or more trace objects deviating from the cluster center;

S24：将偏离簇中心的一个或多个迹线样本进行汇聚，形成迹线异常数据候选集。S24: Aggregate one or more trace samples that deviate from the cluster center to form a candidate set of trace anomaly data.

作为优选技术措施：As the preferred technical measures:

计算迹线样本到各自簇中心的距离的公式如下：The formula for calculating the distance of a trace sample to the center of its respective cluster is as follows:

其中，x^j为迹线样本对应的簇中心，为迹线样本，为迹线样本到各自簇中心的距离；Among them, ^xj is the cluster center corresponding to the trace sample, is the trace sample, is the distance from the trace sample to the center of each cluster;

或/和，得到偏离其聚类中心的迹线对象的方法如下：Or/and, the method to obtain the trace object that deviates from its cluster center is as follows:

对所有迹线聚簇计算迹线异常数据集A，其方法如下：The trace anomaly dataset A is calculated for all trace clusters as follows:

对满足的迹线样本，作为偏离其聚类中心的迹线对象，并列入迹线异常数据集A；To satisfy The trace samples of are regarded as trace objects that deviate from their cluster centers and are included in the trace anomaly dataset A;

其中，|Dj|是第j个簇的大小，|D|是迹线数据集，δ是根据局部异常值因子中的n取的值，为偏离第j个簇的三重标准差。Where |Dj| is the size of the jth cluster, |D| is the trace dataset, and δ is the value of n in the local outlier factor. is the triple standard deviation from the jth cluster.

作为优选技术措施：As the preferred technical measures:

所述第三步中，采用异常计算模型度量异常信息的方法如下：In the third step, the method of using the abnormal calculation model to measure abnormal information is as follows:

步骤31：对迹线数据集中的迹线样本x，计算迹线数据集中最接近迹线样本x的n个最近邻N_n(x)，以及迹线数据集中迹线样本到迹线样本y之间的第n个最近距离dist_n(y)；Step 31: for the trace sample x in the trace data set, calculate the n nearest neighbors N _n (x) closest to the trace sample x in the trace data set, and the nth nearest distance dist _n (y) between the trace sample in the trace data set and the trace sample y;

步骤32：根据第n个最近距离dist_n(y)，计算迹线数据集中两个迹线样本x,y的可达距离Rd(x,y)，其计算公式如下：Step 32: According to the nth nearest distance dist _n (y), calculate the reachable distance Rd(x, y) between two trace samples x and y in the trace data set. The calculation formula is as follows:

Rd(x,y)＝max{dist(x,y),dist_n(y)}；Rd(x,y)=max{dist(x,y),dist _n (y)};

其中，dist(x,y)表示两个迹线样本x,y的欧式距离；Where dist(x,y) represents the Euclidean distance between two trace samples x and y;

步骤33：根据可达距离Rd(x,y)，计算迹线样本x的局部可达密度ρ_n(x)，其计算公式如下：Step 33: According to the reachable distance Rd(x,y), calculate the local reachable density _ρn (x) of the trace sample x, and the calculation formula is as follows:

其中，n为x的第n个最近邻，表示的是当从迹线样本x的最近邻中选择一个迹线样本y，迹线样本x与迹线样本y可达距离平均值的倒数；Where n is the nth nearest neighbor of x, It represents the reciprocal of the average distance between trace sample x and trace sample y when selecting a trace sample y from the nearest neighbors of trace sample x;

步骤34：基于局部可达密度ρ_n(x)，计算迹线样本x与其最近邻中迹线样本y对应特定n的局部可达密度之比LOF_n(x)，用于衡量x与其最近邻的离群度，其计算公式如下：Step 34: Based on the local reachability density _ρn (x), calculate the ratio of the local reachability density of the trace sample x to the trace sample y in its nearest neighbor corresponding to a specific n, _LOFn (x), which is used to measure the outlier degree of x and its nearest neighbor. The calculation formula is as follows:

其中，ρ_n(y)表示的是迹线样本y与其最近邻中选定的一个迹线样本的局部可达密度；Among them, ρ _n (y) represents the local reachability density between the trace sample y and a trace sample selected from its nearest neighbors;

步骤35：将局部可达密度之比LOF_n(x)作为迹线样本x的异常值，并对多个异常值按顺序进行排列，得到异常信息。Step 35: The local reachable density ratio _LOFn (x) is used as the outlier of the trace sample x, and multiple outliers are arranged in order to obtain outlier information.

作为优选技术措施：As the preferred technical measures:

所述第四步中，通过用户认证模型完成轻量级用户的认证的方法如下：In the fourth step, the method for completing the authentication of lightweight users through the user authentication model is as follows:

步骤41：根据异常信息中异常值的大小，对迹线异常数据集中的迹线样本进行排序，得的用户排名数据；Step 41: sorting the trace samples in the trace anomaly data set according to the size of the anomaly value in the anomaly information to obtain user ranking data;

步骤42：基于用户排名数据，剔除平均排名高的用户，获得授权用户认证结果。Step 42: Based on the user ranking data, users with high average rankings are eliminated to obtain the authorized user authentication result.

为实现上述目的之一，本发明的第二种技术方案为：To achieve one of the above purposes, the second technical solution of the present invention is:

一种基于设备指纹的轻量级用户认证方法，包括以下内容：A lightweight user authentication method based on device fingerprint includes the following contents:

采集静态随机存取存储器SRAM的迹线样本，构造迹线数据集，用于表征设备指纹对迹线数据集进行聚类处理，并选择偏离其聚类中心的迹线对象作为迹线异常候选集；Collect trace samples of static random access memory (SRAM) and construct a trace data set to characterize device fingerprints. Perform clustering on the trace data set and select trace objects that deviate from their cluster centers as trace anomaly candidate sets.

基于局部异常值因子，度量迹线异常候选集中的异常值；Based on the local outlier factor, measure the outliers in the trace anomaly candidate set;

基于异常值，完成轻量级用户的认证。Based on outliers, lightweight user authentication is completed.

本发明将静态随机存取存储器SRAM迹线表征设备指纹，并作为唯一标识实现对设备的准确区分；同时本发明利用聚类算法对数据进行聚类，选择偏离其聚类中心的对象作为异常候选集，利用局部异常值因子度量异常候选集中的异常值，可以改进局部异常值因子方法的异常值重叠问题；并通过异常值因子获得用户检测的排名，利用排名的降序排序，将异常值高的用户剔除，从而避免了误检，获得了轻量级的合法用户认证。The present invention characterizes the device fingerprint by using the static random access memory (SRAM) trace, and uses it as a unique identifier to accurately distinguish the device. At the same time, the present invention clusters the data using a clustering algorithm, selects objects that deviate from their cluster centers as an abnormal candidate set, and uses a local abnormal value factor to measure the abnormal values in the abnormal candidate set, thereby improving the abnormal value overlap problem of the local abnormal value factor method. The ranking of user detection is obtained through the abnormal value factor, and the ranking is sorted in descending order to eliminate users with high abnormal values, thereby avoiding false detection and obtaining lightweight legal user authentication.

为实现上述目的之一，本发明的第三种技术方案为：To achieve one of the above purposes, the third technical solution of the present invention is:

一种基于设备指纹的轻量级用户认证系统，采用上述的一种基于设备指纹的轻量级用户认证方法，其包括采集层、接入层和应用层；A lightweight user authentication system based on device fingerprint, which adopts the above-mentioned lightweight user authentication method based on device fingerprint, includes a collection layer, an access layer and an application layer;

采集层用于采集分布式能源、输网设备、配网设备以及终端用户的节点数据，其部署物联网节点和迹线提取模块；The collection layer is used to collect node data of distributed energy, transmission network equipment, distribution network equipment and end users. It deploys IoT nodes and trace extraction modules.

接入层设有4G或/和5G基站，用于传输节点数据；The access layer is equipped with 4G and/or 5G base stations for transmitting node data;

应用层为电网业务云，用于处理节点数据，其部署基于聚类耦合模型与异常值检测的异常计算模块，以及能剔除异常用户的用户认证模块；The application layer is the power grid business cloud, which is used to process node data. It deploys an abnormal calculation module based on cluster coupling model and outlier detection, as well as a user authentication module that can eliminate abnormal users.

物联网节点采集的节点数据经过4G或/和5G基站接入电网业务云，进行异常值检测以及异常用户剔除，实现轻量级用户的认证。The node data collected by the IoT nodes is connected to the power grid business cloud through 4G and/or 5G base stations to perform outlier detection and eliminate abnormal users, thereby achieving lightweight user authentication.

本发明通过设置采集层、接入层和应用层，实现轻量级合法用户的认证，认证效率高，灵活性较好，使得物联网节点可以做到快速响应，适用于需要快速处理大量请求的场景中，进而特别适用于处理和存储能力较低的低带宽的通信通道，方案科学、合理，切实可行。The present invention realizes lightweight authentication of legitimate users by setting up a collection layer, an access layer and an application layer. The authentication efficiency is high and the flexibility is good, so that the Internet of Things nodes can respond quickly. It is suitable for scenarios where a large number of requests need to be processed quickly, and is particularly suitable for low-bandwidth communication channels with low processing and storage capabilities. The solution is scientific, reasonable and feasible.

作为优选技术措施：As the preferred technical measures:

迹线提取模块，用于对采集层所有用户设备的静态随机存取存储器SRAM迹线提取，通过打开和关闭电源，从每个静态随机存取存储器SRAM收集上电静态随机存取存储器SRAM的迹线样本。The trace extraction module is used to extract the static random access memory SRAM traces of all user devices in the acquisition layer, and collect the trace samples of the power-on static random access memory SRAM from each static random access memory SRAM by turning the power on and off.

或/和，异常计算模块，用于利用聚类耦合模型对所有迹线样本进行聚类，选择偏离其聚类中心的迹线对象作为迹线异常候选集，利用局部异常值因子度量迹线异常候选集中的异常值。Or/and, an anomaly calculation module, used to cluster all trace samples using a cluster coupling model, select trace objects that deviate from their cluster centers as trace anomaly candidate sets, and measure the outliers in the trace anomaly candidate sets using a local outlier factor.

或/和，用户认证模块，用于利用异常值检测获得检测时刻的用户排名，若检测的平均排名总是位于前面，剔除该异常值对应的用户，完成用户的认证；or/and, a user authentication module, which is used to obtain the user ranking at the detection time by using outlier detection. If the average ranking of the detection is always at the front, the user corresponding to the outlier is eliminated to complete the user authentication;

或/和，节点数据至少包括运行数据和用能数据；Or/and, the node data at least includes operation data and energy consumption data;

或/和，物联网节点包括智能设备或/和智能电表。Or/and, the IoT nodes include smart devices and/or smart meters.

为实现上述目的之一，本发明的第四种技术方案为：To achieve one of the above purposes, the fourth technical solution of the present invention is:

一种电子设备，其包括：An electronic device comprising:

一个或多个处理器；one or more processors;

存储装置，用于存储一个或多个程序；A storage device for storing one or more programs;

当所述一个或多个程序被所述一个或多个处理器执行时，使得所述一个或多个处理器实现上述的一种基于设备指纹的轻量级用户认证方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the above-mentioned lightweight user authentication method based on device fingerprint.

为实现上述目的之一，本发明的第五种技术方案为：To achieve one of the above purposes, the fifth technical solution of the present invention is:

一种计算机可读存储介质，其上存储有计算机程序，该程序被处理器执行时实现上述的一种基于设备指纹的轻量级用户认证方法。A computer-readable storage medium stores a computer program, which, when executed by a processor, implements the above-mentioned lightweight user authentication method based on device fingerprint.

与现有技术方案相比，本发明具有以下有益效果：Compared with the prior art solutions, the present invention has the following beneficial effects:

进一步，本发明将静态随机存取存储器SRAM迹线表征设备指纹，并作为唯一标识实现对设备的准确区分；同时本发明利用聚类算法对数据进行聚类，选择偏离其聚类中心的对象作为异常候选集，利用局部异常值因子度量异常候选集中的异常值，可以改进局部异常值因子方法的异常值重叠问题；并通过异常值因子获得用户检测的排名，利用排名的降序排序，将异常值高的用户剔除，从而避免了误检，获得了轻量级的合法用户认证。Furthermore, the present invention characterizes the device fingerprint by using the static random access memory SRAM trace, and uses it as a unique identifier to accurately distinguish the device; at the same time, the present invention clusters the data using a clustering algorithm, selects objects that deviate from their cluster centers as an abnormal candidate set, and uses a local outlier factor to measure the outliers in the abnormal candidate set, which can improve the outlier overlap problem of the local outlier factor method; and obtains the ranking of user detection through the outlier factor, and uses the descending order of the ranking to eliminate users with high outliers, thereby avoiding false detection and obtaining lightweight legal user authentication.

更进一步，本发明通过设置采集层、接入层和应用层，实现轻量级合法用户的认证，认证效率高，灵活性较好，使得物联网节点可以做到快速响应，适用于需要快速处理大量请求的场景中，进而特别适用于处理和存储能力较低的低带宽的通信通道，方案科学、合理，切实可行。Furthermore, the present invention realizes lightweight authentication of legitimate users by setting up a collection layer, an access layer and an application layer. The authentication efficiency is high and the flexibility is good, so that the Internet of Things nodes can respond quickly. It is suitable for scenarios that need to process a large number of requests quickly, and is particularly suitable for low-bandwidth communication channels with low processing and storage capabilities. The solution is scientific, reasonable and feasible.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明基于设备指纹的轻量级用户认证方法的一种流程示意图；FIG1 is a schematic diagram of a flow chart of a lightweight user authentication method based on device fingerprint of the present invention;

图2是本发明引入合法用户认证的新型电网架构示意图；FIG2 is a schematic diagram of a novel power grid architecture in which legal user authentication is introduced in the present invention;

图3是本发明基于设备指纹的轻量级用户认证方法的另一种流程示意图；FIG3 is another schematic flow chart of a lightweight user authentication method based on device fingerprint of the present invention;

图4是本发明计算LOF的一种流程示意图。FIG. 4 is a schematic diagram of a flow chart of calculating LOF according to the present invention.

具体实施方式DETAILED DESCRIPTION

为了使本发明的目的、技术方案及优点更加清楚明白，以下结合附图及实施例，对本发明进行进一步详细说明。应当理解，此处所描述的具体实施例仅仅用以解释本发明，并不用于限定本发明。In order to make the purpose, technical solution and advantages of the present invention more clearly understood, the present invention is further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not intended to limit the present invention.

相反，本发明涵盖任何由权利要求定义的在本发明的精髓和范围上做的替代、修改、等效方法以及方案。进一步，为了使公众对本发明有更好的了解，在下文对本发明的细节描述中，详尽描述了一些特定的细节部分。对本领域技术人员来说没有这些细节部分的描述也可以完全理解本发明。On the contrary, the present invention covers any substitution, modification, equivalent method and scheme made on the essence and scope of the present invention as defined by the claims. Further, in order to make the public have a better understanding of the present invention, some specific details are described in detail in the detailed description of the present invention below. Those skilled in the art can fully understand the present invention without the description of these details.

除非另有定义，本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。本文所使用的术语只是为了描述具体的实施例的目的，不是旨在限制本发明。本文所使用的术语“或/和”包括一个或多个相关的所列项目的任意的和所有的组合。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as those commonly understood by those skilled in the art to which the present invention pertains. The terms used herein are only for the purpose of describing specific embodiments and are not intended to limit the present invention. The term "or/and" as used herein includes any and all combinations of one or more of the associated listed items.

如图1所示，本发明基于设备指纹的轻量级用户认证方法的第一种具体实施例：As shown in FIG1 , the first specific embodiment of the lightweight user authentication method based on device fingerprint of the present invention is as follows:

本发明基于设备指纹的轻量级用户认证方法的第二种具体实施例：A second specific embodiment of the lightweight user authentication method based on device fingerprint of the present invention:

第一步，通过先期构建的迹线生成模型，采集静态随机存取存储器SRAM的迹线样本，构造迹线数据集，用于表征设备指纹The first step is to collect trace samples of static random access memory (SRAM) through the trace generation model built in advance, and construct a trace dataset to characterize the device fingerprint.

第二步，利用先期构建的聚类耦合模型对迹线数据集进行聚类处理，并选择偏离其聚类中心的迹线对象作为迹线异常候选集；The second step is to cluster the trace data set using the cluster coupling model constructed in advance, and select the trace objects that deviate from their cluster centers as the trace anomaly candidate set;

第三步，采用先期构建的异常计算模型，基于局部异常值因子，度量迹线异常候选集中的异常值；The third step is to use the anomaly calculation model constructed in advance to measure the outliers in the trace anomaly candidate set based on the local outlier factor;

第四步，通过先期构建的用户认证模型，基于异常值，完成轻量级用户的认证。The fourth step is to complete the authentication of lightweight users based on outliers through the user authentication model built in advance.

本发明基于设备指纹的轻量级用户认证方法的第三种具体实施例：The third specific embodiment of the lightweight user authentication method based on device fingerprint of the present invention:

采集物联网设备上电静态随机存取存储器SRAM迹线样本，构成数据集D，利用聚类耦合模型对数据进行聚类，选择偏离其聚类中心的对象作为异常候选集A，利用局部异常值因子度量A中的异常值，获得检测时刻的排名，若检测的平均排名总是位于前面(整个数据量的前3％)，剔除该异常值，获得用户认证。本发明利用物联网节点的静态随机存取存储器SRAM迹线作为设备唯一合法标识，利用轻量级的分簇及局部异常值检测获得了合法用户的认证，方案科学、合理，构思巧妙。Collect the static random access memory SRAM trace samples of the IoT device when it is powered on to form a data set D, use the cluster coupling model to cluster the data, select the objects that deviate from their cluster center as the abnormal candidate set A, use the local outlier factor to measure the outliers in A, and obtain the ranking at the detection time. If the average ranking of the detection is always in the front (the first 3% of the entire data volume), remove the outlier and obtain user authentication. The present invention uses the static random access memory SRAM trace of the IoT node as the only legal identifier of the device, and uses lightweight clustering and local outlier detection to obtain the authentication of legal users. The scheme is scientific, reasonable, and ingenious.

静态随机存取存储器SRAM存在于采集层中的物联网节点的板载控制器中，用来存储采集的数据。SRAM结构分为数据部分、高方差堆栈以及低方差堆栈，器件的高方差堆栈的均值与方差大不同，可以用来作为设备指纹来唯一标定设备。静态随机存取存储器SRAM迹线表示的是静态随机存取存储器SRAM的高方差堆栈的大小，高方差堆栈由字节组成，将字节转化为对应的整数值，并按255倍缩小，缩放到[0,1]范围。Static random access memory SRAM exists in the onboard controller of the IoT node in the acquisition layer and is used to store the collected data. The SRAM structure is divided into a data part, a high variance stack, and a low variance stack. The mean and variance of the high variance stack of the device are very different, and can be used as a device fingerprint to uniquely calibrate the device. The static random access memory SRAM trace shows the size of the high variance stack of the static random access memory SRAM. The high variance stack consists of bytes. The bytes are converted into corresponding integer values and reduced by 255 times to the range of [0,1].

选择偏离其聚类中心的对象的方法如下：The method for selecting objects that are away from their cluster center is as follows:

S1.先计算簇中心x^j；S1. Calculate the cluster center x ^j first;

S2.接着计算迹线样本到各自簇中心的距离，其计算公式如下：S2. Then calculate the distance from the trace sample to the center of each cluster. The calculation formula is as follows:

S3.计算偏离第j个簇的三重标准差d_c ^j；S3. Calculate the triple standard deviation d _c ^j from the jth cluster;

S4.对满足以下判定条件的归类为异常候选集AS4. Classify the abnormal candidate set A that meets the following judgment conditions

其中，|Dj|是第j个簇的大小，|D|是整个数据集D的大小，δ为参数，本实施例取0.05。Wherein, |Dj| is the size of the jth cluster, |D| is the size of the entire data set D, and δ is a parameter, which is 0.05 in this embodiment.

由于物联网节点处理和存储能力较低，通常具有低带宽的通信通道，这限制了基于密码学的公钥加密算法等安全解决方案的使用。在引入合法用户认证的新型电网架构中(如图2所示)，各个节点都拥有静态随机存取存储器SRAM，因此将静态随机存取存储器SRAM的迹作为设备的指纹特征。Since IoT nodes have low processing and storage capabilities and usually have low-bandwidth communication channels, this limits the use of security solutions such as public key encryption algorithms based on cryptography. In the new power grid architecture that introduces legitimate user authentication (as shown in Figure 2), each node has a static random access memory SRAM, so the trace of the static random access memory SRAM is used as the fingerprint feature of the device.

同时，局部异常值因子(local outlier factor，LOF)可以用于检测异常值，但是无法处理重叠异常值。因此，本发明引入聚类耦合模型聚簇，利用聚类耦合模型来分析用户的静态随机存取存储器SRAM迹线，将远离簇中心的用户列为异常候选，利用局部异常因子计算异常候选者的异常度，从而认证合法用户。Meanwhile, the local outlier factor (LOF) can be used to detect outliers, but it cannot handle overlapping outliers. Therefore, the present invention introduces cluster coupling model clustering, uses the cluster coupling model to analyze the user's static random access memory SRAM trace, lists the users far away from the cluster center as abnormal candidates, and uses the local abnormal factor to calculate the abnormal degree of the abnormal candidate, thereby authenticating the legitimate user.

如图3所示，本发明基于设备指纹的轻量级用户认证方法的第四种具体实施例：As shown in FIG3 , a fourth specific embodiment of the lightweight user authentication method based on device fingerprint of the present invention is as follows:

一种基于设备指纹的轻量级用户认证方法，需对新型电网采集层各个物联网节点采集静态随机存取存储器SRAM迹线样本作为设备指纹，建立基于设备指纹的轻量级用户认证方法，通过认证方法认证合法用户；其具体实现步骤如下：A lightweight user authentication method based on device fingerprint is proposed. It is necessary to collect static random access memory (SRAM) trace samples of each IoT node in the new power grid acquisition layer as device fingerprints, establish a lightweight user authentication method based on device fingerprints, and authenticate legitimate users through the authentication method. The specific implementation steps are as follows:

步骤1：获得静态随机存取存储器SRAM的迹线数据集D，初始化相关参数n,δ；Step 1: Obtain the trace data set D of the static random access memory SRAM and initialize the relevant parameters n,δ;

步骤2：获得高斯混合算法聚簇的簇数目以及相应的聚簇，其获取方法包括以下内容：Step 2: Obtain the number of clusters and the corresponding clusters of the Gaussian mixture algorithm clustering, and the acquisition method includes the following:

将获得的物联网节点的设备指纹(迹线数据集D)，分成k个聚类分组，也就是分成k个高斯分布即聚簇，把k个高斯分布混合叠加，形成高斯混合分布(聚簇)，每个高斯分布具有方差、均值以及外部混合系数；The obtained device fingerprints of IoT nodes (trace data set D) are divided into k cluster groups, that is, into k Gaussian distributions, i.e. clusters. The k Gaussian distributions are mixed and superimposed to form a Gaussian mixture distribution (cluster). Each Gaussian distribution has a variance, a mean, and an external mixing coefficient.

步骤3：计算高斯模型(聚簇)的数目；步骤4：计算每个迹线样本属于每个簇的概率，具体方法如下：Step 3: Calculate the number of Gaussian models (clusters); Step 4: Calculate the probability that each trace sample belongs to each cluster. The specific method is as follows:

利用期望最大化算法求出3k个参数，利用贝叶斯公式求出每个迹线样本属于某个高斯分布(簇)的后验概率；The expectation maximization algorithm is used to find 3k parameters, and the Bayesian formula is used to find the posterior probability that each trace sample belongs to a Gaussian distribution (cluster);

步骤5：最大化迹线样本属于某个簇概率，具体方法如下：Step 5: Maximize the probability that the trace sample belongs to a certain cluster. The specific method is as follows:

利用贝叶斯公式计算每个节点数据(迹线样本)属于第1个，第2个…一直到第k个高斯分布的后验概率，哪一个后验概率最大就将该节点数据划分到那个对应的簇上。The Bayesian formula is used to calculate the posterior probability that each node data (trace sample) belongs to the first, second, ..., up to the kth Gaussian distribution. The node data is divided into the corresponding cluster with the largest posterior probability.

步骤6：迭代步骤3、4直到收敛；Step 6: Iterate steps 3 and 4 until convergence;

步骤7：对于任意簇，计算簇中心，计算簇中各个对象到各自簇中心的距离；Step 7: For any cluster, calculate the cluster center and the distance from each object in the cluster to its own cluster center;

步骤8：获得偏离中心的对象构成的异常数据候选集A；Step 8: Obtain an abnormal data candidate set A consisting of objects that deviate from the center;

步骤9：对所有簇计算异常数据候选集；Step 9: Calculate the abnormal data candidate set for all clusters;

步骤10：计算局部异常值因子LOF；Step 10: Calculate the local outlier factor LOF;

步骤11：根据LOF获得异常数据候选集的排名；Step 11: Obtain the ranking of abnormal data candidate sets according to LOF;

步骤12：剔除平均排名高的用户，获得授权用户认证结果，所述授权用户指的是接入电网的被电网认可的合法物联网节点。Step 12: Eliminate users with high average rankings and obtain the authentication result of authorized users, where the authorized users refer to legitimate IoT nodes connected to the power grid and recognized by the power grid.

本发明还提供了基于物联网设备上电静态随机存取存储器SRAM迹线样本，利用聚类耦合模型分簇及局部异常值因子度量的轻量级合法用户认证的新型电网系统，系统主要包括采集层，采集层部署了物联网节点(智能设备、智能电表等)采集分布式能源接入、输网、配网以及终端用户的运行、用能等数据。在接入层，采集的数据经过4G、5G基站接入应用层新型电网业务云。The present invention also provides a novel power grid system for lightweight legitimate user authentication based on the power-on static random access memory (SRAM) trace samples of IoT devices, clustering using cluster coupling models and local outlier factor measurement. The system mainly includes a collection layer, which deploys IoT nodes (smart devices, smart meters, etc.) to collect data on distributed energy access, transmission and distribution networks, and operation and energy consumption of end users. At the access layer, the collected data is accessed through 4G and 5G base stations to the new power grid service cloud at the application layer.

本实施例中，计算LOF的具体实现步骤如下(如图4)：In this embodiment, the specific implementation steps of calculating LOF are as follows (as shown in FIG4 ):

S1：节点与基站建立通信连接；S1: The node establishes a communication connection with the base station;

S2：物联网节点利用高斯模型获得聚簇；S2: IoT nodes use Gaussian model to obtain clusters;

S3：对于任意簇，计算簇中心x^j，以及各个对象到各自分簇中心x^j的距离计算偏离第j个簇的三重标准差 S3: For any cluster, calculate the cluster center ^xj and the distance from each object to its own sub-cluster center ^xj Calculate the triple standard deviation of the jth cluster

S4：对满足的对象列入异常数据集A；S4: Satisfaction The objects are included in the abnormal data set A;

其中，|Dj|是第j个簇的大小，|D|是迹线数据集，δ是根据LOF中的n取的值；Among them, |Dj| is the size of the jth cluster, |D| is the trace data set, and δ is the value taken according to n in LOF;

S5：对所有簇计算A；S5: Calculate A for all clusters;

S6：对数据集D中的对象x，计算D中最接近x的n个最近邻N_n(x)，以及D中对象到y之间的第n个最近距离dist_n(y)；S6: For an object x in a dataset D, calculate the n nearest neighbors N _n (x) closest to x in D, and the nth nearest distance dist _n (y) between the object in D and y;

S7：计算数据集D中两个对象x,y的可达距离Rd(x,y)，其计算公式如下：S7: Calculate the reachable distance Rd(x,y) between two objects x and y in the data set D. The calculation formula is as follows:

Rd(x,y)＝max{dist(x,y),dist_n(y)}；Rd(x,y)=max{dist(x,y),dist _n (y)};

其中，dist(x,y)表示两个对象x,y的欧式距离。Among them, dist(x,y) represents the Euclidean distance between two objects x and y.

S8：计算x的局部可达密度ρ_n(x)，其计算公式如下：S8: Calculate the local reachability density ρ _n (x) of x, which is calculated as follows:

其中，n为x的第n个最近邻，表示的是当从x的最近邻中选择一个对象y，x与y可达距离平均值的倒数。Where n is the nth nearest neighbor of x, It represents the reciprocal of the average reachable distance between x and y when selecting an object y from the nearest neighbors of x.

S9：计算x与其最近邻中对象y对应特定n的局部可达密度之比LOF_n(x)，用于衡量x与其最近邻的离群度，其计算公式如下：S9: Calculate the ratio of the local reachability density of x to the object y in its nearest neighbor corresponding to a specific n, LOF _n (x), which is used to measure the outlier degree of x and its nearest neighbor. The calculation formula is as follows:

其中，ρ_n(y)表示的是y与其最近邻中选定的一个对象的局部可达密度。Among them, ρ _n (y) represents the local reachability density between y and an object selected from its nearest neighbors.

本发明基于设备指纹的轻量级用户认证系统的第一种具体实施例：The first specific embodiment of the lightweight user authentication system based on device fingerprint of the present invention:

本发明基于设备指纹的轻量级用户认证系统的第二种具体实施例：The second specific embodiment of the lightweight user authentication system based on device fingerprint of the present invention:

一种基于设备指纹的轻量级用户认证系统，主要包括静态随机存取存储器SRAM迹线提取模块、基于聚类耦合模型与异常值检测的异常计算模块，以及剔除异常用户的用户认证模块3个部分。A lightweight user authentication system based on device fingerprint mainly includes three parts: static random access memory (SRAM) trace extraction module, anomaly calculation module based on cluster coupling model and outlier detection, and user authentication module for eliminating abnormal users.

静态随机存取存储器SRAM迹线提取模块：完成对采集层所有用户设备的静态随机存取存储器SRAM迹线提取，通过打开和关闭电源，从每个器件手动收集上电静态随机存取存储器SRAM迹线样本。Static Random Access Memory SRAM trace extraction module: Completes the static random access memory SRAM trace extraction of all user devices in the acquisition layer, and manually collects power-on static random access memory SRAM trace samples from each device by turning the power on and off.

基于聚类耦合模型与异常值检测的异常计算模块：完成利用聚类耦合模型对数据进行聚类，选择偏离其聚类中心的对象作为异常候选集A，利用局部异常值因子度量A中的异常值。Anomaly calculation module based on cluster coupling model and outlier detection: completes clustering of data using cluster coupling model, selects objects that deviate from their cluster centers as anomaly candidate set A, and measures outliers in A using local outlier factors.

用户认证模块：利用上述异常值检测获得检测时刻的排名，若检测的平均排名总是位于前面，剔除该异常值，获得用户认证。User authentication module: Use the above-mentioned outlier detection to obtain the ranking at the detection time. If the average ranking of the detection is always at the front, remove the outlier and obtain user authentication.

应用本发明方法的一种设备实施例：An embodiment of a device applying the method of the present invention:

一种电子设备，其包括：An electronic device comprising:

一个或多个处理器；one or more processors;

应用本发明方法的一种计算机介质实施例：A computer medium embodiment using the method of the present invention:

本领域内的技术人员应明白，本申请的实施例可提供为方法、系统、计算机程序产品。因此，本申请可采用完全硬件实施例、完全软件实施例、结合软件和硬件方面的实施例的形式。而且，本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems, and computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.

本申请是根据本申请实施例的方法、设备(系统)、计算机程序产品的流程图或/和方框图来描述的。应理解可由计算机程序指令实现流程图或/和方框图中的每一流程或/和方框以及流程图或/和方框图中的流程或/和方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程或/和方框图一个方框或多个方框中指定的功能的装置。The present application is described by flowcharts or/and block diagrams of the methods, devices (systems), and computer program products of the embodiments of the present application. It should be understood that each process or/and box in the flowchart or/and block diagram and the combination of the processes or/and boxes in the flowchart or/and block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing device to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing device generate a device for implementing the functions specified in one process or multiple processes in the flowchart or/and one box or multiple boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程或/和方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程或/和方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

最后应当说明的是：以上实施例仅用以说明本发明的技术方案而非对其限制，尽管参照上述实施例对本发明进行了详细的说明，所属领域的普通技术人员应当理解：依然可以对本发明的具体实施方式进行修改或者等同替换，而未脱离本发明精神和范围的任何修改或者等同替换，其均应涵盖在本发明的权利要求保护范围之内。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention rather than to limit it. Although the present invention has been described in detail with reference to the above embodiments, ordinary technicians in the relevant field should understand that the specific implementation methods of the present invention can still be modified or replaced by equivalents. Any modification or equivalent replacement that does not depart from the spirit and scope of the present invention should be covered within the scope of protection of the claims of the present invention.

Claims

1. A lightweight user authentication method based on device fingerprint, characterized in that:

The following steps are involved:

In the first step, the trace generation model built in advance is used to collect trace samples of static random access memory (SRAM) and construct a trace data set to characterize device fingerprints.

The second step is to cluster the trace data set using the cluster coupling model constructed in advance to obtain one or more trace objects that deviate from their cluster center;

The third step is to use the anomaly calculation model constructed in advance to measure the anomaly information of one or more trace objects based on the local outlier factor;

The fourth step is to complete the authentication of lightweight users based on abnormal information through the user authentication model built in advance.

2. A lightweight user authentication method based on device fingerprint as claimed in claim 1, characterized in that:

In the first step, the method of constructing the trace data set through the trace generation model is as follows:

Step 11: Determine the static random access memory SRAM of all user devices of the collection layer to be authenticated;

Step 12: Collect power-on SRAM trace samples from each SRAM by turning the power on and off;

Step 13: Assemble the trace samples to obtain a trace data set.

3. A lightweight user authentication method based on device fingerprint as claimed in claim 1, characterized in that:

In the second step, the method of clustering the trace data set using the cluster coupling model is as follows:

Step 21: Obtain the trace data set and initialize the clustering parameters;

Step 22: Use the Gaussian mixture algorithm to process the trace data set to obtain corresponding trace clusters;

Step 23: Based on the trace clustering, the number of trace clusters of the trace data set is calculated;

Step 24: Calculate the probability that each trace sample belongs to each trace cluster;

Step 25: Maximize the probability that the trace sample belongs to a certain trace cluster, and divide the trace sample into a certain trace cluster;

Step 26: Iterate steps 3, 4, and 5 until all trace samples are clustered.

4. A lightweight user authentication method based on device fingerprint as claimed in claim 1, characterized in that:

In the second step, the method of obtaining the trace object deviating from its cluster center by using the cluster coupling model is as follows:

S21: After clustering is completed, for any trace cluster, the cluster center is calculated;

S22: Calculate the distance between each trace sample in the trace cluster and the center of each cluster to obtain deviation data;

S23: based on the deviation data, obtaining one or more trace objects deviating from the cluster center;

S24: Aggregate one or more trace samples that deviate from the cluster center to form a candidate set of trace anomaly data.

5. A lightweight user authentication method based on device fingerprint as claimed in claim 4, characterized in that:

The formula for calculating the distance of a trace sample to the center of its respective cluster is as follows:

Among them, ^xj is the cluster center corresponding to the trace sample, is the trace sample, is the distance from the trace sample to the center of each cluster;

Or/and, the method to obtain the trace object that deviates from its cluster center is as follows:

The trace anomaly dataset A is calculated for all trace clusters as follows:

To satisfy The trace samples of are regarded as trace objects that deviate from their cluster centers and are included in the trace anomaly dataset A;

Where |D ^j | is the size of the jth cluster, |D| is the trace dataset, and δ is the value of n in the local outlier factor. is the triple standard deviation from the jth cluster.

6. A lightweight user authentication method based on device fingerprint as claimed in claim 1, characterized in that:

In the third step, the method of using the abnormal calculation model to measure abnormal information is as follows:

Step 31: for the trace sample x in the trace data set, calculate the n nearest neighbors N _n (x) closest to the trace sample x in the trace data set, and the nth nearest distance dist _n (y) between the trace sample in the trace data set and the trace sample y;

Step 32: According to the nth nearest distance dist _n (y), calculate the reachable distance Rd(x, y) between two trace samples x and y in the trace data set. The calculation formula is as follows:

Rd(x,y)=max{dist(x,y),dist _n (y)};

Where dist(x,y) represents the Euclidean distance between two trace samples x and y;

Step 33: According to the reachable distance Rd(x,y), calculate the local reachable density _ρn (x) of the trace sample x, and the calculation formula is as follows:

Where n is the nth nearest neighbor of x, It represents the reciprocal of the average distance between trace sample x and trace sample y when selecting a trace sample y from the nearest neighbors of trace sample x;

Step 34: Based on the local reachability density _ρn (x), calculate the ratio of the local reachability density of the trace sample x to the trace sample y in its nearest neighbor corresponding to a specific n, _LOFn (x), which is used to measure the outlier degree of x and its nearest neighbor. The calculation formula is as follows:

Among them, ρ _n (y) represents the local reachability density between the trace sample y and a trace sample selected from its nearest neighbors;

Step 35: The local reachable density ratio _LOFn (x) is used as the outlier of the trace sample x, and multiple outliers are arranged in order to obtain outlier information.

7. A lightweight user authentication method based on device fingerprint as claimed in claim 1, characterized in that:

In the fourth step, the method for completing the authentication of lightweight users through the user authentication model is as follows:

Step 41: sorting the trace samples in the trace anomaly data set according to the size of the anomaly value in the anomaly information to obtain user ranking data;

Step 42: Based on the user ranking data, users with high average rankings are eliminated to obtain the authorized user authentication result.

8. A lightweight user authentication method based on device fingerprint, characterized in that:

Includes the following:

Collect trace samples of static random access memory (SRAM) and construct a trace data set to characterize device fingerprints. Perform clustering on the trace data set and select trace objects that deviate from their cluster centers as trace anomaly candidate sets.

Based on the local outlier factor, measure the outliers in the trace anomaly candidate set;

Based on outliers, lightweight user authentication is completed.

9. A lightweight user authentication system based on device fingerprint, characterized in that:

A lightweight user authentication method based on device fingerprint as described in any one of claims 1 to 8 is adopted, which includes a collection layer, an access layer and an application layer;

The collection layer is used to collect node data of distributed energy, transmission network equipment, distribution network equipment and end users. It deploys IoT nodes and trace extraction modules.

The access layer is equipped with 4G and/or 5G base stations for transmitting node data;

The application layer is the power grid business cloud, which is used to process node data. It deploys an abnormal calculation module based on cluster coupling model and outlier detection, as well as a user authentication module that can eliminate abnormal users.

The node data collected by the IoT nodes is connected to the power grid business cloud through 4G and/or 5G base stations to perform outlier detection and eliminate abnormal users, thereby achieving lightweight user authentication.

10. A lightweight user authentication system based on device fingerprint as claimed in claim 9, characterized in that:

The trace extraction module is used to extract the static random access memory SRAM traces of all user devices in the acquisition layer, and collect the trace samples of the power-on static random access memory SRAM from each static random access memory SRAM by turning the power on and off;

or/and, an anomaly calculation module, used for clustering all trace samples using a cluster coupling model, selecting trace objects deviating from their cluster centers as trace anomaly candidate sets, and measuring the outliers in the trace anomaly candidate sets using a local outlier factor;

or/and, a user authentication module, which is used to obtain the user ranking at the detection time by using outlier detection. If the average ranking of the detection is always at the front, the user corresponding to the outlier is eliminated to complete the user authentication;

Or/and, the node data at least includes operation data and energy consumption data;

Or/and, the IoT nodes include smart devices and/or smart meters.