A battlefield information processing method based on multi-modal data fusion

By employing a multimodal data fusion method, battlefield intelligence is standardized, spatiotemporally aligned, feature-completed, layered encrypted, and distributed stored. Combined with real-time detection and protection mechanisms, this approach solves the problems of data integration and security in battlefield intelligence processing, achieving efficient and reliable intelligence analysis.

CN121389000BActive Publication Date: 2026-06-09BEIJING FANGYUAN QIZHENG TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING FANGYUAN QIZHENG TECHNOLOGY CO LTD
Filing Date
2025-10-27
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing battlefield intelligence processing methods struggle to effectively integrate and ensure data security when faced with the heterogeneity of multiple data sources, making it difficult to fully explore information correlations and posing risks of data leakage or tampering.

Method used

By employing multimodal data fusion methods, battlefield intelligence is standardized, spatiotemporally aligned, feature-completed, layered encrypted, distributed stored, and isolated. Combined with real-time detection and protection mechanisms, reliable intelligence analysis results are generated.

Benefits of technology

It has achieved efficient integration of multi-source battlefield data and full-process security protection, significantly improving the accuracy, reliability and security of battlefield intelligence processing.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121389000B_ABST
    Figure CN121389000B_ABST
Patent Text Reader

Abstract

The application discloses a battlefield information processing method based on multi-modal data fusion, comprising the following steps: acquiring multi-modal original data of battlefield information, standardizing different original data to obtain a structured data set; performing time and space alignment on the structured data set to obtain a space-time reference data set; performing feature completion on the space-time reference data set to obtain a complete analysis data set; performing hierarchical encryption on the complete analysis data set to obtain an encrypted transmission data set; performing distributed storage on the encrypted transmission data set to obtain a secure storage data set; performing isolation processing on the secure storage data set to obtain an intermediate result data set; performing real-time detection and protection on the intermediate result data set to obtain a final protection data set; and performing processing detection and credibility judgment on the final protection data set to obtain a final credible information analysis result.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information processing technology, and in particular relates to a battlefield intelligence processing method based on multimodal data fusion. Background Technology

[0002] Battlefield intelligence processing, as a core pillar of modern military operations, directly relates to the accuracy of operational decision-making and the efficiency of actions; its importance is self-evident. In the complex and ever-changing battlefield environment, the comprehensiveness and reliability of intelligence information become key factors in determining victory or defeat. How to extract and integrate effective information from data from multiple sources is a pressing issue that needs to be addressed in this field. Currently, although some methods have attempted to process battlefield intelligence, most have deep-seated limitations. These methods often struggle with the heterogeneity of data from different sources, especially when dealing with the matching and coordination of multiple data formats, lacking effective integration mechanisms, making it difficult to fully explore the correlations between information. Furthermore, existing solutions are insufficient in terms of data security, failing to address potential threats in complex environments, thus affecting the usability and credibility of intelligence. Against this backdrop, this field faces significant technical challenges. The primary issue is how to achieve effective integration of multiple data formats, ensuring that information from different sources can accurately correspond in time and space, forming a unified analytical foundation. The complexity of this integration raises another closely related issue: how to ensure the security of information at each stage of data integration, preventing data leakage or tampering due to external interference or internal vulnerabilities. These two issues are intertwined; the former determines the integrity of intelligence information, while the latter directly affects its credibility and application value. Therefore, how to build a comprehensive security protection mechanism based on the efficient integration of multiple data formats to ensure the security of intelligence information during collection, transmission, storage, and processing has become a key problem that this research urgently needs to solve. Summary of the Invention

[0003] To address the aforementioned technical problems, this invention proposes a battlefield intelligence processing method based on multimodal data fusion, thereby resolving the issues present in the existing technologies.

[0004] To achieve the above objectives, the present invention provides a battlefield intelligence processing method based on multimodal data fusion, comprising:

[0005] The process involves acquiring multimodal raw battlefield intelligence data, standardizing the different raw data to obtain a structured data set, aligning the structured data set temporally and spatially to obtain a spatiotemporal benchmark dataset, performing feature completion on the spatiotemporal benchmark dataset to obtain a complete analysis dataset, performing layered encryption on the complete analysis dataset to obtain an encrypted transmission dataset, distributing the encrypted transmission dataset for distributed storage to obtain a secure storage dataset, isolating the secure storage dataset to obtain an intermediate result dataset, performing real-time detection and protection on the intermediate result dataset to obtain a final protected dataset, and finally processing, detecting, and judging the credibility of the final protected dataset to obtain the final credible intelligence analysis result.

[0006] Optionally, the process of obtaining the structured data set includes:

[0007] The original data is initially identified and classified to obtain classified data groups. The classified data groups are then format-standardized, and the format-standardized data undergoes secondary correction to unify the resolution. The corrected data is then sampled at a uniform rate, and the uniformized data is mapped to the relationships between data to obtain a structured data set.

[0008] Optionally, the process of acquiring the spatiotemporal reference dataset includes:

[0009] Time and location are extracted from the structured dataset to obtain an initial dataset corresponding to a given time and location. The initial dataset is then populated with time and location data to obtain a data record set. The data record set is then sorted by timestamp to obtain a first dataset. The first dataset is then clustered based on location to obtain a second dataset. The second dataset is then subjected to deviation judgment in the time or spatial dimension. The deviation judgment is then corrected to obtain a third dataset. Finally, the third dataset is subjected to spatiotemporal benchmark unification to obtain a spatiotemporal benchmark dataset.

[0010] Optionally, the process of obtaining the complete analysis dataset includes:

[0011] The spatiotemporal benchmark dataset is layered to obtain multidimensional information representation results. Potential associations are mined from the multidimensional information representation results. Based on the mined data, a set of potential association features is obtained. The set of potential association features is judged and processed for missing and redundant cases to obtain an optimized feature dataset. Feature completion is performed on the optimized feature dataset to obtain feature-complete data. The feature-complete data is verified to obtain a complete analysis dataset.

[0012] Optionally, the process of obtaining the encrypted transmission dataset includes:

[0013] The complete analysis dataset is initially processed using a hierarchical encryption framework, and data sensitivity is hierarchically layered to obtain hierarchical data. The hierarchical data is dynamically encrypted using a one-time key to obtain encrypted stream data. Anomaly detection is performed on the encrypted stream data. Based on the anomaly detection results, a temporary key set and encryption strategy are regenerated. The hierarchical data is then subjected to secondary encryption adjustment based on the temporary key set to obtain the encrypted transmission dataset.

[0014] Optionally, the process of obtaining the securely stored dataset includes:

[0015] The encrypted transmission dataset is segmented using sharding technology to obtain multiple fragments. These fragments are then distributed to different independent storage nodes according to distributed storage, resulting in a preliminary sharded dataset. For this preliminary sharded dataset, a storage protection mechanism is deployed on each independent node. When an anomaly occurs in the storage environment of an independent node, the location of the stored data on that node is adjusted to obtain a secure storage status for different data. Based on the secure storage status, access control rules for each independent node are obtained and access permissions are set, resulting in a permission-controlled dataset. A consistency check is performed on the permission-controlled dataset to obtain a complete dataset. Access behavior identification is performed on the complete dataset, followed by secondary encryption, to obtain the secure storage dataset.

[0016] Optionally, the process of obtaining the intermediate result dataset includes:

[0017] During the processing of the secure storage dataset, an isolated computing container is deployed in the data processing isolation environment to restrict external interference from accessing the processing process and obtain the isolated intermediate result dataset.

[0018] Optionally, the process of obtaining the final protection dataset includes:

[0019] Feature extraction is performed on key nodes in the processing of intermediate result datasets to obtain a preliminary data feature set. Based on the preliminary data feature set, a real-time monitoring framework is constructed to track access behavior within the real-time monitoring framework and obtain potential patterns of abnormal access. Based on the potential patterns, abnormal process features are obtained, and abnormal process features are isolated through a protection mechanism. The isolated process data is then identified to determine the category of interference source. Based on the category of interference source, a corresponding protection strategy is generated. Subsequent data is filtered according to the protection strategy to obtain the final protected dataset.

[0020] Optional, the process for obtaining ultimately credible intelligence analysis results includes:

[0021] Based on the final protection dataset, internal vulnerability remediation methods are used to scan for potential security risks in the data processing flow, automatically patch vulnerabilities, and obtain the final reliable intelligence analysis results.

[0022] On the other hand, the present invention provides a battlefield intelligence processing system based on multimodal data fusion for performing the above-described method.

[0023] Compared with the prior art, the present invention has the following advantages and technical effects:

[0024] This invention discloses a method for processing multi-source battlefield intelligence data. By standardizing and aligning heterogeneous data spatiotemporally, a complete analytical model is constructed to extract correlated features, achieving secure data transmission, storage, and processing. This invention employs a layered encryption mechanism and a dynamic key generation protocol to ensure data transmission security, utilizes distributed storage and access control strategies to ensure data storage security, performs data processing in an isolated computing environment, and monitors abnormal access behavior in real time. Furthermore, this invention applies an internal vulnerability repair algorithm to automatically scan for and patch potential security vulnerabilities, ultimately generating reliable intelligence analysis results. This method effectively solves the problems of fusion analysis and end-to-end security protection of multi-source heterogeneous battlefield data, significantly improving the accuracy, reliability, and security of battlefield intelligence processing. Attached Figure Description

[0025] The accompanying drawings, which form part of this application, are used to provide a further understanding of this application. The illustrative embodiments and descriptions of this application are used to explain this application and do not constitute an undue limitation of this application. In the drawings:

[0026] Figure 1 This is a flowchart of a battlefield intelligence processing method based on multimodal data fusion according to an embodiment of the present invention;

[0027] Figure 2 This is an architecture diagram of a battlefield intelligence processing system based on multimodal data fusion, according to an embodiment of the present invention. Detailed Implementation

[0028] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other. This application will now be described in detail with reference to the accompanying drawings and embodiments.

[0029] It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be executed in a different order than that shown here.

[0030] like Figure 1As shown, a battlefield intelligence processing method based on multimodal data fusion in this embodiment may specifically include:

[0031] Step S101: Obtain raw data streams from multi-source battlefield intelligence systems, and perform preliminary format conversion on heterogeneous data formats from different sources using pre-established standardized mapping rules to obtain a unified structured data set.

[0032] By gathering intelligence from multiple sources, raw data streams are acquired from the battlefield system. Preliminary identification of data content from different sources is performed, resulting in categorized data groups. Based on these categorized data groups, and considering the heterogeneous formats, pre-established standardization rules are applied to perform format mapping and transformation, establishing a unified format framework. If the format framework does not match the preset structured data template, a secondary format correction is performed on the data groups through the mapping and transformation adjustment mechanism to determine the consistency of the corrected data. The consistency results of the corrected data are obtained. For data groups with insufficient consistency, supplementary clauses of the standardization rules are used for local adjustments, resulting in a unified intermediate dataset. Through the structuring processing of the intermediate dataset, based on predefined field mapping relationships, the data groups are integrated into structured data, determining the final structured data set.

[0033] For example, in battlefield intelligence data processing, multi-source intelligence gathering is the primary step. Assuming data streams are acquired from three channels—UAV reconnaissance, ground sensors, and communications interception—the raw data includes images, audio, and text signals. During initial identification, these data can be categorized into image groups, audio groups, and text groups based on data type, facilitating subsequent processing. This classification effectively improves the targeting of data processing and reduces confusion.

[0034] For example, in standardizing heterogeneous data formats, assuming image data comes in JPEG and PNG formats, and audio data comes in WAV and MP3 formats, preset rules need to be applied to convert them to a unified format, such as converting images to JPEG and audio to WAV. This format mapping conversion ensures data consistency within the framework. If some image resolutions are found to be inconsistent with the preset template, such as being below 1080p, a secondary correction mechanism is initiated to adjust the resolution to the standard value. This method ensures the standardization of data before it enters the next stage, reducing subsequent errors.

[0035] For example, in data consistency checks, if an audio group is found to have inconsistent sampling rates (e.g., some at 44.1kHz and others at 48kHz), the sampling rate is adjusted to a uniform rate according to supplementary clauses. This localized adjustment creates a standardized intermediate dataset. This process significantly improves data integration efficiency and lays the foundation for structured processing.

[0036] For example, in the structured processing of intermediate datasets, based on field mapping relationships, fields such as the shooting time and location of image data, and the duration and source of audio data are integrated into a standard tabular format, ultimately forming a structured data set. This method makes the data more readable and analyzable, and facilitates system access.

[0037] For example, from an overall process perspective, the classification, standardization, and structuring of multi-source data form a closed loop, ensuring seamless data transfer from collection to application. Detailed processing at each stage effectively reduces data error rates, improves intelligence accuracy, and provides reliable support for battlefield decision-making.

[0038] Step S102: To address the heterogeneous data matching problem in the structured data set, an association algorithm based on timestamps and geographic locations is adopted to align the data in terms of time correspondence and spatial correspondence, thereby determining a unified spatiotemporal benchmark dataset.

[0039] An initial dataset is obtained by extracting records containing timestamps and geographic locations from a structured dataset. If any timestamps or geographic locations are missing in the extracted records, a pre-defined interpolation method is used to fill in the missing parts, resulting in a complete dataset. Based on the complete dataset, the timestamps are sorted along the time dimension to determine the first time-series aligned dataset. For the first dataset, cluster analysis is performed based on geographic locations, using the K-means clustering algorithm to divide the spatial regions, resulting in a spatially aligned second dataset. If some records in the second dataset deviate from the time or spatial dimensions by a preset threshold, the record categories are adjusted to obtain a bias-corrected third dataset. Based on the third dataset, a spatiotemporal benchmark with dual alignment in both time and spatial dimensions is constructed to determine a unified benchmark dataset. By formatting the benchmark dataset, the final unified dataset is generated, confirming the complete matching results of the structured data in the spatiotemporal dimensions.

[0040] For example, when processing battlefield intelligence data, extracting records containing timestamps and geographic locations from a structured dataset is a crucial first step. Suppose 1000 records are obtained from a multi-source battlefield system, some of which are missing timestamps or geographic location information. For missing values, a pre-defined interpolation method can be used to fill in the gaps, such as averaging the timestamps of adjacent records or inferring the possible range of geographic locations from historical data. In this way, the initial dataset is completed into a complete set of records, ensuring that the foundational data for subsequent analysis is not significantly lacking.

[0041] For example, when sorting timestamp values ​​along the time dimension, all records can be arranged in ascending order of timestamp, forming a first dataset aligned with the time series. Assuming the time range of the records is from 08:00 on October 1, 2023 to 08:00 on October 2, 2023, sorting ensures the data is organized chronologically, facilitating subsequent analysis of the temporal logic of event development. This time alignment helps to quickly locate the event distribution of key time nodes in a battlefield environment.

[0042] For example, when processing spatial dimensions and performing cluster analysis based on geographic location, the K-means clustering algorithm can be used to divide the battlefield area into several spatial clusters. Assuming the battlefield covers 100 square kilometers and K is set to 5, the data records are clustered into 5 regions, each representing a battlefield hotspot. In this way, the resulting second dataset clearly reflects the spatial distribution characteristics, facilitating the identification of key monitoring areas.

[0043] For example, if some records in the second dataset deviate from preset thresholds in terms of time or space—such as a time deviation exceeding 30 minutes or a spatial deviation exceeding 2 kilometers—the deviation can be corrected by adjusting the record's classification. Suppose a record's timestamp deviates significantly from its corresponding time series; it can be reclassified into an adjacent time period, thus forming a third dataset after deviation correction. This correction ensures the accuracy of the data in both time and space.

[0044] For example, when constructing a spatiotemporal benchmark, a unified benchmark dataset can be formed by combining a third-party dataset with both temporal and spatial alignment. Assuming an hourly time unit and one square kilometer as the spatial unit, a spatiotemporal grid can be constructed, mapping all records to the corresponding grid. This benchmark dataset provides a unified standard for subsequent data integration.

[0045] For example, when formatting the baseline dataset, the data can be reorganized according to preset fields, such as standardizing timestamps to "year-month-day hour:minute" format and geographic locations to latitude and longitude coordinates. Assume the final unified dataset contains 500 complete records, each meeting the spatiotemporal matching requirements. This formatting ensures data consistency and usability, laying a solid foundation for further analysis of battlefield intelligence.

[0046] Step S103: Based on the spatiotemporal benchmark dataset, construct a multi-dimensional information complete analysis model, extract potential correlation features between data, determine whether there are missing or redundant fields, and obtain a complete analysis dataset after feature completion.

[0047] Based on the spatiotemporal benchmark dataset, a multidimensional information framework is constructed. Information analysis methods are used to perform hierarchical processing of the data, extracting key dimensions from the multidimensional information and determining the multidimensional information representation results. For the multidimensional information representation results, an analytical model is applied to mine potential correlations. Feature mining techniques are used to identify hidden relationships between data, obtaining a set of potential correlation features. From the potential correlation feature set, field missing and redundancy are detected. If the proportion of missing fields exceeds a preset threshold, data is filled using interpolation. If redundancy exists, duplicate fields are deleted, resulting in an optimized feature dataset. Based on the optimized feature dataset, a feature completion process is implemented, incorporating data correlation characteristics to supplement missing parts, generating an intermediate dataset with feature completion. For the intermediate dataset with feature completion, the structural consistency of the complete dataset is verified. Data validation tools are used to check field completeness to determine if it meets the analytical requirements, and the final complete analysis dataset is output.

[0048] For example, when constructing a multidimensional information framework, time, space, and business metrics can be used as the main dimensions to process data in layers. Assuming a spatiotemporal benchmark dataset, the time dimension is divided by hour, the spatial dimension by region, and the business metrics include the scenarios of regional content. This allows for the identification of target quantity and location. By extracting key dimensions, such as the quantity of target regions and time, a foundation is laid for subsequent analysis.

[0049] For example, when uncovering potential associations, feature mining techniques can identify hidden relationships between data. Suppose that in traffic data, analysis reveals that the location of a target area is related to buildings or scenes within that area, or that buildings within a scene are continuous. This hidden relationship can be used as a latent feature to predict the likelihood of target clustering and scene continuity. The analytical model can then further verify the stability of this association.

[0050] For example, regarding the handling of missing and redundant fields, if the missing rate for a certain time period exceeds 20%, it can be filled by interpolation using the average of historical data, such as using the average of the previous hour and the next hour to fill in the missing points. Redundant fields, such as duplicated geographical location information, are directly deleted to reduce data redundancy.

[0051] For example, in the feature completion process, integrating data correlation characteristics can effectively fill in missing parts. Suppose a region lacks scene data, it can be inferred and completed by combining scene correlation data from adjacent regions and historical scene data, forming an intermediate dataset. This approach improves data completeness and provides a more reliable foundation for subsequent analysis.

[0052] For example, when verifying the structural consistency of a complete dataset, data validation tools can check field completeness. For instance, they might check if all records contain timestamps and geographic location fields. If a record is found to be missing a key field, it is marked as unqualified and requires further processing until it meets the analytical requirements.

[0053] For example, when performing confirmatory calculations using analytical models, the validity of potential correlation features can be confirmed by comparing historical data with the current dataset. This includes verifying whether the correlation between the target's location and the scenario holds true at different times, thus ensuring that data resources are usable for decision-making. This type of verification significantly improves data credibility and provides strong support for business operations.

[0054] Step S104: For the complete analysis dataset, implement a layered encryption mechanism, embed a dynamic key generation protocol in the information transmission process to ensure the security of data when it flows across nodes, and generate an encrypted transmission dataset.

[0055] For complete datasets and analysis processing, a layered encryption and dynamic key technology is employed, combined with the characteristics of information transmission and cross-node flow, to construct a security solution for data flow. The following steps revolve around the business objective of encrypting the transmitted dataset, integrating attributes such as complete dataset, analysis processing, layered encryption, encryption mechanism, dynamic key, key generation, information transmission, cross-node flow, data flow, security assurance, transmitted dataset, and encrypted transmission to generate a detailed technical process. Attributes without logical connection are not integrated. For the complete dataset, a pre-established layered encryption framework is used to initially classify the data, layering it according to data sensitivity to obtain a classified layered dataset. Based on the classified layered datasets, an encryption mechanism is applied, with corresponding encryption algorithms applied to each layer of data to generate a layered encrypted protected dataset. For the layered encrypted protected dataset, real-time parameters of the dynamic key generation protocol are obtained, and a one-time key is generated before information transmission to determine the temporary key set for the transmission stage. Using the temporary key set, the protected dataset is dynamically encrypted during cross-node flow, resulting in encrypted stream data transmitted across nodes. For encrypted streaming data transmitted across nodes, if abnormal fluctuations are detected in the data flow, a security mechanism is triggered to regenerate a new temporary key set and determine whether to update the encryption strategy. Based on the updated encryption strategy, the encrypted streaming data undergoes secondary encryption adjustments to generate the final encrypted transmission dataset. Using this final encrypted transmission dataset, data decryption and verification are performed at the target node. A preset threshold is used to compare the verification results and determine data integrity and security.

[0056] For example, when processing a complete dataset, we can first categorize it from the perspective of data sensitivity. Suppose the complete analysis dataset contains three categories of data: scene information, target information, and location information. Target information has the highest sensitivity, followed by location records, and scene information has the lowest. After categorization, high-strength encryption algorithms can be used for target information, while lightweight encryption methods can be used for scene information to balance security and efficiency. This layered encryption framework can effectively protect core data while avoiding resource waste.

[0057] For example, in the specific implementation of layered encryption, different encryption mechanisms can be assigned to each layer of data to protect the generated dataset. Assuming the target information layer uses symmetric encryption to ensure fast processing, while the location recording layer combines asymmetric encryption to increase security, this approach allows for flexible adjustment of encryption strategies based on data characteristics, thereby enhancing overall protection capabilities.

[0058] For example, for dynamic key generation protocols, key uniqueness can be ensured through real-time parameter acquisition. Suppose that before information transmission, the system generates a 256-bit temporary key set based on the current timestamp and node identifier, and uses a one-time key for each transmission. This method reduces the risk of key cracking and ensures data security across node streams.

[0059] For example, in the processing of encrypted streaming data transmitted across nodes, if an anomaly in data flow is detected, such as a sudden drop in transmission rate or a packet loss rate exceeding 5%, the system will trigger a security mechanism to regenerate a new temporary key set and determine whether to adjust the encryption strategy based on the severity of the anomaly. This dynamic adjustment can promptly address potential threats and ensure that data is not tampered with.

[0060] For example, secondary encryption adjustments can add an extra layer of encryption to encrypted data streams under abnormal conditions. Assuming the original encryption uses a single algorithm, the secondary adjustment can overlay another encryption method, creating multiple layers of protection and ultimately generating an encrypted transmission dataset. This approach can further enhance data security in complex network environments.

[0061] For example, in the decryption and verification process at the target node, a preset threshold can be set to verify data integrity. Assuming the system requires data packet integrity to be above 99%, if the verification result is lower than this value, the data is considered potentially corrupted and needs to be retransmitted. This verification mechanism ensures that the ultimately received data is reliable, providing a solid foundation for subsequent analysis and processing.

[0062] For example, security measures for data flow can be implemented through cross-node flow monitoring mechanisms to track data status in real time. Assuming a multi-node transmission scenario, the system records a transmission log every 10 seconds; if abnormal fluctuations are detected, an emergency response plan is immediately activated. This continuous monitoring effectively reduces the risk of data leakage and provides security support for decision-making.

[0063] Step S105: Based on the encrypted transmission dataset, design a distributed storage architecture, store the data in shards on multiple independent nodes, and apply access control policies in the information storage protection process to obtain a secure storage dataset.

[0064] The encrypted dataset undergoes initial processing, employing sharding technology to divide the data into multiple fragments. These fragments are then distributed across different independent nodes according to distributed storage principles, resulting in a preliminary sharded dataset. For each independent node, a storage protection mechanism is deployed. If an anomaly is detected in the storage environment of a data fragment, the protection policy is triggered to adjust the storage location and determine the secure storage status of the data fragment. Based on this secure storage status, access control rules for each independent node are obtained, and data fragments are bound to permissions using pre-defined access permission policies, resulting in a permission-controlled dataset. For this permission-controlled dataset, a consistency check method is used to periodically check the data integrity between independent nodes. If inconsistencies are found in data fragments, a synchronization mechanism is used to repair them, determining whether data integrity meets the standards. Based on the integrity-compliant dataset, an information security monitoring module is constructed to analyze the data access logs of each independent node in real time. If abnormal access behavior is recorded in the logs, relevant access permissions are restricted, confirming that the abnormal behavior has been contained. Finally, the dataset after anomaly containment is processed using encryption algorithms such as Advanced Encryption Standards (AES) to perform secondary encryption on the data fragments, resulting in the final secure storage dataset. Based on the final secure storage dataset, a record of the operating status of the distributed storage architecture is generated, and the storage and protection policies of each independent node are updated regularly to determine whether the overall architecture is stable.

[0065] For example, when performing initial processing on encrypted datasets, a 10GB dataset can be divided into 100 100MB segments using sharding techniques. This sharding method facilitates distributed storage and reduces the storage pressure on a single node. Assuming these segments are distributed across 10 independent nodes, with each node storing 10 segments, the initial sharded dataset is thus formed. The principle of sharding is to break down large blocks of data into smaller units, facilitating parallel processing and risk diversification.

[0066] For example, regarding the storage protection mechanism for the initial sharded dataset on independent nodes, environmental monitoring tools can be deployed on each node to detect parameters such as temperature and humidity of the storage devices in real time. If the temperature of a node exceeds 50 degrees Celsius, a protection strategy is triggered, migrating the data fragments to a backup node to ensure safe storage. The core of this mechanism lies in preventative protection, reducing the risk of data damage caused by abnormal environments.

[0067] For example, access control rules for secure storage can be configured with tiered permission policies for each node. Assuming ordinary users can only access low-sensitivity segments, while administrators can access all segments, permission binding creates a controlled dataset. This approach, by refining access permissions, ensures that data segments are not accessed by unauthorized users.

[0068] For example, in consistency verification methods, the hash values ​​of data segments on each node can be compared every 24 hours. If a hash value of a segment is found to be inconsistent with the original record, the data is restored from the backup node through a synchronization mechanism to ensure that integrity standards are met. The principle behind this periodic detection is to promptly detect and repair potential data tampering or loss issues.

[0069] For example, when building an information security monitoring module, abnormal behavior can be identified by analyzing access logs. If a node shows frequent access records outside of working hours, the system will automatically restrict that access until manual review confirms its security. The core of this real-time monitoring is to quickly respond to potential threats and protect data from unauthorized access.

[0070] For example, when performing secondary encryption on data segments, an Advanced Encryption Standard (AES) algorithm can be used to generate a unique encryption key for each segment. Assuming the encryption process is executed separately for 100 segments, this ensures that even if one segment is compromised, the others remain secure, ultimately forming a securely stored dataset. The benefit of this multi-layered encryption is that it enhances the depth of data protection.

[0071] For example, to generate operational status records for the distributed storage architecture based on the final secure storage dataset, the storage policies of each node can be updated every 7 days. If the storage space utilization of a certain node exceeds 80%, the data distribution is adjusted to ensure the overall stability of the architecture. This regular update approach helps maintain the long-term efficient operation of the system.

[0072] Step S106: For the secure storage dataset, deploy an isolated computing container in the data processing isolation environment to restrict external interference from accessing the processing process and obtain the isolated intermediate result dataset.

[0073] For the securely stored dataset, a computing container is initialized in an isolated environment. External access is strictly restricted through preset permission configurations, resulting in a preliminary isolated processing environment. Based on this environment, an access control mechanism is used to monitor external interference in real time during data processing. If an unauthorized access request is detected, the relevant operation is immediately terminated, establishing a secure boundary for data processing. Intermediate results from the original dataset are obtained through data processing within this secure boundary. These intermediate results are protected using an encrypted transmission protocol, and their compliance with preset integrity verification standards is checked. If the integrity verification passes, the intermediate results are stored in a temporary data area within the isolated environment, providing an intermediate dataset for subsequent analysis. For this intermediate dataset, preset cleaning rules are run within the computing container. Noise reduction and format standardization are performed to obtain a structured processed dataset. Based on this structured dataset, a support vector machine algorithm is used to classify and extract data features, and the classification results are checked to ensure they meet preset feature distribution conditions. If the feature distribution conditions are met, the processed dataset is transferred to a secure storage area, determining the final isolated processed dataset.

[0074] For example, in the secure storage and processing of datasets, initializing the isolated environment of the computing container is a crucial step. The isolated environment, built using virtualization technology, creates an independent runtime space completely isolated from external systems, ensuring data processing is free from external interference. Assuming a distributed storage architecture where the dataset is stored across multiple nodes, each node is allocated an independent computing container during initialization. This container is pre-installed with permission configuration policies, restricting external access ports to only specific whitelisted IPs, such as allowing only internal management addresses to access it. This approach effectively isolates potential threats and ensures the security of the data processing environment.

[0075] For example, real-time monitoring of access control mechanisms can be achieved by continuously tracking external access requests using log analysis tools. If an access attempt from an unauthorized address is detected, the system will immediately record the request source, time, and operation type, and trigger an automatic termination mechanism to cut off the connection. This monitoring mechanism is particularly important in distributed storage scenarios because data is sharded and stored across multiple nodes, and abnormal access on any one node can affect overall security. Through real-time monitoring and rapid response, the security boundaries of data processing are clearly defined.

[0076] For example, in the encrypted transmission protection of intermediate results, the TLS protocol can be used to encrypt the data during transmission. Suppose that when processing a dataset containing the discovery target, the intermediate results are transmitted from the computing container to the temporary storage area via an encrypted channel established by the TLS protocol, ensuring that the data is not intercepted or tampered with during transmission. Integrity verification can be achieved through hash value comparison; if the hash value of the original data matches the hash value after transmission, the data is considered to have not been tampered with. This dual protection mechanism provides a reliable data foundation for subsequent analysis.

[0077] For example, cleaning rules for intermediate datasets can use pre-defined scripts to remove noise from the data, such as duplicate records or fields with inconsistent formats. Suppose a dataset contains target movement trajectories; the cleaning rules would standardize the time format to YYYY-MM-DD and delete invalid records. This standardization process makes the data easier to analyze later, improving the efficiency and accuracy of data processing.

[0078] For example, when using the Support Vector Machine (SVM) algorithm for feature classification, features can be extracted from key fields in the dataset. Suppose the dataset involves user behavior analysis; the algorithm might categorize user behavior into normal and abnormal categories based on fields such as access frequency and operation type. If the classification results show that 90% of user behavior conforms to a normal distribution, then the feature distribution condition is considered met. This classification method helps to accurately identify data features, providing support for subsequent storage and analysis.

[0079] For example, when the processed dataset is finally transmitted to a secure storage area, multiple authentication mechanisms can be used to ensure secure transmission. Assume that identity authentication and key verification are required before data transmission; only nodes that pass the verification can receive the data. This approach ensures the security of the data in the final storage stage and also guarantees the overall stability of the distributed storage architecture.

[0080] Step S107: Based on the intermediate result dataset, construct an external interference defense module to monitor abnormal access behavior in the data processing stage in real time. If abnormal traffic is detected, trigger the protection mechanism and generate the final protection dataset.

[0081] An initial dataset is obtained from intermediate results. Features are extracted from key nodes in the data processing stage to obtain a preliminary data feature set. Based on this preliminary feature set, a real-time monitoring framework is constructed to continuously track access behavior in the processing flow and identify potential abnormal access patterns. If an abnormal access pattern is detected in the processing flow, it is compared against a preset threshold to determine if abnormal traffic characteristics exist. If abnormal traffic characteristics are identified, a protection mechanism is activated to isolate the abnormal traffic source, resulting in isolated traffic data. Based on the isolated traffic data, a feature library of external interference is used for matching analysis to determine the specific category of the interference source. Based on the determined interference source category, targeted protection strategies are generated and integrated into the defense module to obtain updated protection rules. These updated protection rules are then used to filter subsequent data in the processing flow, generating the final protection dataset.

[0082] For example, in the process of obtaining the initial dataset from intermediate results, a preliminary set of data features can be constructed by extracting features from key nodes in the data processing stage. Assuming an initial dataset contains 1000 user access records in a secure storage environment, key nodes might include access time, access frequency, and access source. By extracting these features, a preliminary feature set containing multi-dimensional attributes can be formed, laying the foundation for subsequent analysis.

[0083] For example, to build a real-time monitoring framework, a system that continuously tracks access behavior can be designed.

[0084] In one possible implementation, the monitoring framework records the source address and timestamp of each data processing request and compares it with historical access behavior. If an address initiates more than 50 requests within a short period, the system marks it as a potentially abnormal pattern. This approach can promptly detect abnormal access behavior, providing data support for subsequent protection.

[0085] For example, when identifying abnormal traffic characteristics, a preset threshold can be used for comparison. Suppose the average request interval for normal traffic is 2 seconds, while the request interval from a certain source is only 0.5 seconds, and the duration exceeds 10 minutes, then this can be identified as abnormal traffic. The system will automatically activate the protection mechanism to isolate the traffic from that source, ensuring the security of the data processing environment.

[0086] For example, isolated traffic data can be analyzed using an external interference signature database. This database may store known malicious access patterns, such as frequent short-duration requests or concentrated access from specific regions. By comparing the data, if isolated traffic matches the characteristics of a certain malicious pattern, it can be identified as a specific source of interference. This method helps to accurately pinpoint the source of the problem.

[0087] For example, when generating targeted protection strategies, rules can be designed based on the categories of interference sources. If the interference originates from concentrated access in a certain region, the protection strategy might include limiting the access frequency of that region or requiring additional authentication. These strategies will be integrated into the defense module to form updated protection rules, improving the system's adaptability.

[0088] For example, when filtering subsequent data using updated protection rules, rule priorities can be set to ensure that high-risk traffic is blocked first. Assuming a daily data processing volume of 100,000 records, the updated rules can reduce potentially risky data from 500 records to less than 50. This filtering mechanism significantly improves the security of data processing.

[0089] For example, the resulting protected dataset can serve as crucial input to a secure storage area, providing a reliable data foundation for subsequent analysis. Through these measures, potential threats in the data processing workflow are effectively reduced, ensuring the integrity and availability of the dataset within the isolated environment.

[0090] Step S108: For the final protection dataset, apply the internal vulnerability repair algorithm to scan for potential security risks in the data processing flow, automatically patch the vulnerabilities, and determine the final credible intelligence analysis results.

[0091] By initially analyzing the protection dataset, characteristic information of the data processing steps is obtained, and the scope of potential process vulnerabilities is determined. Based on the scope of process vulnerabilities obtained from the initial analysis, a pre-established scanning model is used to perform deep detection on each step in the data processing, resulting in a list of potential security vulnerabilities. If the detected security vulnerabilities list contains high-risk items, an internal algorithm is applied to patch the vulnerabilities, automatically repairing the corresponding process vulnerabilities and determining the repaired data processing path. A second scan is performed on the repaired data processing path to obtain residual security vulnerabilities and determine whether they meet the preset threshold standard. If the residual security vulnerabilities do not meet the preset threshold standard, the vulnerability repair function is invoked again to supplement and repair the residual vulnerabilities, resulting in an optimized data processing flow. Based on the optimized data processing flow, key intelligence data is extracted and classified using a random forest algorithm to determine a preliminary set of credible intelligence. The preliminary set of credible intelligence is verified in multiple dimensions to obtain the final analysis results, determine whether it meets the expected goals of the protection dataset, and derive the final determined intelligence content.

[0092] For example, during the initial analysis of the protection dataset, characteristic information can be obtained by statistically analyzing the input and output data volume of each node in the data processing stage. Suppose that the amount of data processed by a certain node suddenly drops from an average of 1000 records / second to 200 records / second per unit time, it may indicate a process blockage or potential hidden danger. This method can quickly pinpoint the scope of the anomaly, laying the foundation for subsequent analysis.

[0093] For example, in-depth detection of potential vulnerabilities in a process can utilize a pre-established scanning model to examine the permission allocation in each data processing step. If unauthorized access records are found in a certain step, the scanning model will add it to the security vulnerability list. This detection method helps to comprehensively understand the weaknesses in the process.

[0094] For example, when dealing with high-risk security vulnerabilities, internal algorithms can automatically adjust access permissions for relevant processes, such as temporarily blacklisting IP addresses that access the system abnormally, restricting their further operations. This automatic repair mechanism can promptly block potential threats and ensure the security of data processing paths.

[0095] For example, when performing a secondary scan on the repaired data processing path, the focus can be on the data flow speed of the repaired area. Suppose the data flow speed recovers to 900 records per second after repair, close to normal levels, but slight delays still exist, there may be residual problems. This secondary scan helps to identify issues that have not been fully resolved.

[0096] For example, if the remaining vulnerability does not reach the preset threshold, such as if the delay exceeds the preset 5 seconds, the vulnerability repair function will be invoked again to optimize the data caching mechanism and reduce latency. This supplementary patching method can further improve the stability of the process.

[0097] For example, when extracting key intelligence data in an optimized data processing workflow, suspicious data with high-frequency interactions can be filtered out by analyzing the source and destination addresses of data packets. For instance, if an address has more than 5,000 interactions per day, far exceeding the average, it can be marked as a key monitoring target. This extraction method helps to pinpoint core information.

[0098] For example, when using the random forest algorithm to classify critical intelligence data, it can be divided into two categories based on data characteristics: reliable and unreliable. If a data packet's characteristics match more than 90% of historical reliable samples, it is classified as part of the initial reliable intelligence set. This classification method can effectively distinguish data reliability.

[0099] For example, when conducting multi-dimensional verification of the initial set of credible intelligence, a comprehensive analysis can be performed combining time, location, and behavioral patterns. If a piece of data frequently exhibits anomalous behavior within a specific time period, it may be removed from the final set. This verification method can improve the accuracy of the intelligence and ensure that the final analysis results meet the expected goals of the protection dataset.

[0100] like Figure 2 As shown, this invention provides a battlefield intelligence processing system based on multimodal data fusion, mainly comprising:

[0101] The data format standardization module is used to obtain raw data streams from multi-source battlefield intelligence systems. For heterogeneous data formats from different sources, it performs preliminary format conversion through pre-established standardized mapping rules to obtain a unified structured data set.

[0102] The spatiotemporal alignment module is used to address the problem of matching heterogeneous data in structured datasets. It employs a timestamp and geographic location-based association algorithm to align data in terms of temporal and spatial correspondence, thereby establishing a unified spatiotemporal benchmark dataset.

[0103] The feature completion module is used to construct a multi-dimensional information complete analysis model based on the spatiotemporal benchmark dataset, extract potential correlation features between data, determine whether there are missing or redundant fields, and obtain a complete analysis dataset after feature completion.

[0104] The layered encryption module is used to implement a layered encryption mechanism for the complete analysis dataset. It embeds a dynamic key generation protocol in the information transmission process to ensure the security of data when it flows across nodes and to generate encrypted transmission datasets.

[0105] The distributed storage module is used to design a distributed storage architecture based on the encrypted transmission dataset, to divide the data into fragments and store them on multiple independent nodes, and to apply access control policies in the information storage protection process to obtain a securely stored dataset.

[0106] The isolated computing module is used to deploy isolated computing containers in a data processing isolation environment for securely stored datasets, restricting external interference from accessing the processing process and obtaining isolated intermediate result datasets.

[0107] The anomaly defense module is used to build an external interference defense module based on the intermediate result dataset, monitor abnormal access behavior in the data processing stage in real time, and trigger the protection mechanism to generate the final protection dataset if abnormal traffic is detected.

[0108] The vulnerability remediation module is used to apply internal vulnerability remediation algorithms to the final protection dataset, scan for potential security risks in the data processing flow, automatically patch vulnerabilities, and determine the final credible intelligence analysis results.

[0109] The above are merely preferred embodiments of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A battlefield intelligence processing method based on multimodal data fusion, characterized in that, include: Acquire multimodal raw data of battlefield intelligence, standardize different raw data, and obtain a structured data set; The structured dataset is aligned in time and space to obtain a spatiotemporal reference dataset; feature completion is performed on the spatiotemporal reference dataset to obtain a complete analysis dataset. The complete analysis dataset is then subjected to layered encryption to obtain an encrypted transmission dataset; The encrypted transmission dataset is distributed and stored to obtain a secure storage dataset; The securely stored dataset is isolated to obtain an intermediate result dataset; The intermediate result dataset is subjected to real-time detection and protection to obtain the final protected dataset; The final protection dataset is processed, tested, and its credibility is judged to obtain the final credible intelligence analysis results; The process of obtaining the encrypted transmission dataset includes: performing preliminary processing on the complete analysis dataset through a layered encryption framework and performing data sensitivity layering to obtain layered data; dynamically encrypting the layered data using a one-time key to obtain encrypted stream data; performing anomaly detection on the encrypted stream data; regenerating a temporary key set and encryption strategy based on the anomaly detection results; and performing secondary encryption adjustment on the layered data based on the temporary key set to obtain the encrypted transmission dataset. The process of obtaining the secure storage dataset includes: dividing the encrypted transmission dataset into multiple fragments using sharding technology; allocating the fragments to different independent storage nodes according to distributed storage to obtain a preliminary sharded dataset; deploying a storage protection mechanism on each independent node for the preliminary sharded dataset; adjusting the location of the stored data on the independent node when there is an anomaly in the storage environment on the independent node to obtain the secure storage status of different data; obtaining the access control rules for each independent node and setting access permissions according to the secure storage status to obtain a permission-controlled dataset; performing a consistency check on the permission-controlled dataset to obtain a complete dataset; and performing access behavior identification and secondary encryption processing on the complete dataset to obtain the secure storage dataset. The process of obtaining the intermediate result dataset includes: during the processing of the secure storage dataset, deploying an isolated computing container in a data processing isolation environment to restrict external interference from accessing the processing process, and obtaining the isolated intermediate result dataset; The process of obtaining the final protection dataset includes: extracting features from key nodes in the processing of intermediate result datasets to obtain a preliminary data feature set; constructing a real-time monitoring framework based on the preliminary data feature set; tracking access behavior within the real-time monitoring framework to obtain potential patterns of abnormal access; obtaining abnormal process features based on the potential patterns; isolating abnormal process features through a protection mechanism; identifying the isolated process data to obtain the category of interference source; generating corresponding protection strategies based on the category of interference source; and filtering subsequent processed data according to the protection strategies to obtain the final protection dataset.

2. The method according to claim 1, characterized in that, The process of obtaining the structured data set includes: The original data is initially identified and classified to obtain classified data groups. The classified data groups are then format-standardized, and the format-standardized data undergoes secondary correction to unify the resolution. The corrected data is then sampled at a uniform rate, and the uniformized data is mapped to the relationships between data to obtain a structured data set.

3. The method according to claim 1, characterized in that, The process of acquiring the spatiotemporal reference dataset includes: Time and location are extracted from the structured data set to obtain an initial dataset corresponding to a given time and location. The initial dataset is then populated with time and location data to obtain a data record set. The data record set is then sorted by timestamp to obtain a first dataset. The first dataset is then clustered based on location to obtain a second dataset. The second dataset is then subjected to deviation judgment in the time or spatial dimension. The deviation judgment is then corrected to obtain a third dataset. Finally, the third dataset is subjected to spatiotemporal benchmark unification to obtain a spatiotemporal benchmark dataset.

4. The method according to claim 1, characterized in that, The process of obtaining the complete analysis dataset includes: The spatiotemporal benchmark dataset is layered to obtain multidimensional information representation results. Potential associations are mined from the multidimensional information representation results. Based on the mined data, a set of potential association features is obtained. The set of potential association features is judged and processed for missing and redundant cases to obtain an optimized feature dataset. Feature completion is performed on the optimized feature dataset to obtain feature-complete data. The feature-complete data is verified to obtain a complete analysis dataset.

5. The method according to claim 1, characterized in that, The process of obtaining the final, credible intelligence analysis results includes: Based on the final protection dataset, internal vulnerability remediation methods are used to scan for potential security risks in the data processing flow, automatically patch vulnerabilities, and obtain the final reliable intelligence analysis results.

6. A battlefield intelligence processing system based on multimodal data fusion, characterized in that, Used to perform the method described in any one of claims 1-5.