Internet of things hardware hidden danger risk analysis system adaptive to artificial intelligence equipment

By using an IoT hardware hazard risk analysis system based on artificial intelligence devices, and comprehensively considering various abnormal data, personalized risk assessment and optimization analysis sequences are generated. This solves the problem that existing technologies cannot predict safety hazards and maintenance priorities in advance, and achieves more accurate early warning and efficient equipment maintenance.

CN121563248BActive Publication Date: 2026-06-16GUANGZHOU SIYUN DATA TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
GUANGZHOU SIYUN DATA TECH CO LTD
Filing Date
2026-01-23
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Existing technologies cannot predict security risks of AIoT devices in advance or analyze maintenance priorities, resulting in security risks that cannot be avoided in advance and disordered equipment maintenance.

Method used

Design an IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices, including a risk analysis platform, an anomaly detection module, a deep analysis module, and a maintenance optimization module. Through multi-dimensional data collection and personalized weighted evaluation, generate risk assessment coefficients and optimization analysis sequences to provide accurate early warnings and maintenance priorities.

Benefits of technology

It significantly improves the ability to identify anomalies, reduces false alarms and false negatives, provides timely and reliable early warning information, and improves the efficiency of maintenance work and the stability of equipment operation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121563248B_ABST
    Figure CN121563248B_ABST
Patent Text Reader

Abstract

The application belongs to the field of Internet of Things security, and relates to hidden danger risk analysis technology, and is used for solving the problem that the prior art cannot predict safety hidden dangers in advance, and specifically is an Internet of Things hardware hidden danger risk analysis system adapted to artificial intelligence equipment, comprising a risk analysis platform, wherein the risk analysis platform is communicatively connected with an anomaly detection module, a deep analysis module, a maintenance optimization module and a database; the application can comprehensively consider various abnormal data of Internet of Things hardware, and perform personalized weighting according to the characteristics of different equipment types, so as to generate more accurate and reliable risk evaluation coefficients; this effectively solves the problem of inaccurate evaluation that may occur when a single or general evaluation standard faces diversified Internet of Things hardware, significantly improves the identification ability of the anomaly detection module to potential hidden dangers, reduces the risk of false positives and false negatives, and enables the Internet of Things hardware hidden danger risk analysis system to more effectively guarantee the stable operation of equipment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of Internet of Things (IoT) security and relates to risk analysis technology, specifically an IoT hardware risk analysis system adapted to artificial intelligence devices. Background Technology

[0002] The AIoT Hardware Vulnerability Risk Analysis System is a hardware-layer security and reliability assurance platform specifically designed for AIoT devices. Through multi-dimensional data collection, intelligent analysis, and risk quantification, the system enables early warning and assessment of hardware vulnerabilities throughout the entire lifecycle of AIoT devices, from design to operation and maintenance.

[0003] The invention patent with publication number CN119135436A discloses a security risk assessment system and method based on the Internet of Things. This assessment system can effectively warn and reduce the occurrence of security incidents, and can comprehensively understand the vulnerability, resilience and data security of the platform, thereby providing enterprises with a scientific risk level assessment. However, the assessment coefficient cannot predict security risks in advance, nor can it analyze the maintenance priority of equipment, resulting in the inability to avoid security risks in advance and the disorder of equipment maintenance.

[0004] To address the aforementioned technical problems, this application proposes a solution. Summary of the Invention

[0005] The purpose of this invention is to provide an IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices, in order to solve the problem that existing technologies cannot predict security risks in advance;

[0006] The technical problem to be solved by this invention is: how to provide an IoT hardware hazard risk analysis system adapted to artificial intelligence devices that can predict security risks in advance.

[0007] The objective of this invention can be achieved through the following technical solutions:

[0008] An IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices includes a risk analysis platform, which is communicatively connected to an anomaly detection module, a deep analysis module, a maintenance and optimization module, and a database.

[0009] The anomaly detection module is used to perform anomaly state detection and analysis on IoT hardware: marking IoT hardware as a detection object, generating a detection period, setting a time sliding window with a duration of L1 minutes within the detection period, obtaining the risk assessment coefficient of the detection object within the time sliding window, and marking the time sliding window as a normal window or an abnormal window based on the risk assessment coefficient.

[0010] The deep analysis module is used to perform in-depth analysis of potential risks of IoT hardware: the time sliding window corresponding to L1 minutes before the start time of the anomaly window is marked as the analysis window, the environmental data of the abnormal objects within the analysis window is obtained, and at the end of the detection cycle, the environmental data of all abnormal objects corresponding to the same device type constitute an environmental impact set. The environmental impact set is cleaned to obtain the environmental threshold. If the environmental data of the detected object is not less than the corresponding environmental threshold in the next detection cycle, an environmental hazard signal is generated and sent to the mobile terminal of the operation and maintenance personnel.

[0011] The maintenance and optimization module is used to perform maintenance and optimization analysis on IoT hardware.

[0012] Furthermore, the process of obtaining the risk assessment coefficient of the detected object within the time sliding window includes: obtaining the temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY of the detected object within the time sliding window; constructing the abnormal data row vector YC of the detected object from the temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY, YC=[WY, DY, CY]; and generating a weighted column vector LK for the detected object according to its equipment type, LK=[a1, a2, a3]. t Where a1, a2, and a3 are all proportional coefficients, and a1+a2+a3=1; the risk assessment coefficient of the detected object is obtained by performing a dot product calculation on the abnormal data row vector YC of all detected objects under the same equipment type and the corresponding weight column vector LK.

[0013] Furthermore, the temperature variation data WY is the maximum value of the circuit board temperature of the detected object within the time sliding window, the electrical variation data DY is the difference between the maximum and minimum values ​​of the voltage of the detected object within the time sliding window, and the transmission variation data CY is the maximum value of the communication delay of the detected object within the time sliding window.

[0014] Furthermore, the specific process of marking the time sliding window as a normal window or an abnormal window includes: retrieving the risk assessment threshold corresponding to the device type from the database, and comparing the risk assessment coefficient with the risk assessment threshold: if the risk assessment coefficient is less than the risk assessment threshold, it is determined that the abnormal state detection result of the detected object within the time sliding window meets the requirements, and the corresponding detected object is marked as a normal object; if the risk assessment coefficient is greater than or equal to the risk assessment threshold, it is determined that the abnormal state detection result of the detected object within the time sliding window does not meet the requirements, and the corresponding detected object is marked as an abnormal object; if all detected objects within the time sliding window are marked as normal objects, the current time sliding window is marked as a normal window; otherwise, the current time sliding window is marked as an abnormal window.

[0015] Furthermore, the process of acquiring environmental data for abnormal objects within the analysis window includes: acquiring the environmental parameters of the environment in which the abnormal object is located and the corresponding environmental standard range; marking the average of the maximum and minimum values ​​within the environmental standard range as the environmental standard value; marking the absolute value of the difference between the environmental parameter and the environmental standard value as the environmental deviation value; marking the maximum value of the environmental deviation value within the analysis window as the environmental assessment value; marking the difference between the maximum and minimum values ​​within the environmental standard range as the environmental balance value; marking the ratio of the environmental assessment value to the environmental balance value as the environmental impact coefficient of the environmental parameter; and marking the sum of the environmental impact coefficients of all environmental parameters as environmental data.

[0016] Furthermore, the specific process of data cleaning for the environmental impact set includes: calculating the variance of all elements in the environmental impact set to obtain the distribution coefficient; obtaining the distribution threshold from the database; comparing the distribution coefficient with the distribution threshold; if the distribution coefficient is greater than or equal to the distribution threshold, then the largest and smallest elements in the environmental impact set are removed, and the distribution coefficient is recalculated, and so on, until the distribution coefficient is less than the distribution threshold; if the distribution coefficient is less than the distribution threshold, then the smallest element retained in the environmental impact set is marked as the environmental threshold for the equipment type.

[0017] Furthermore, the specific process of the maintenance optimization module performing maintenance optimization analysis on IoT hardware includes: at the end of the detection cycle, a new optimization time window with a duration of L2 minutes is set and slides from the beginning of the detection cycle, where L2 and L1 are both numerical constants, and L2 > L1; if the number of marked abnormal windows within the optimization time window is not less than L3, then the corresponding optimization time window is marked as an optimization analysis window, and an optimization analysis sequence is generated based on the marking order of abnormal windows within the optimization analysis window; the priority coefficient of the detected objects is obtained by analyzing the distribution of the detected objects in the optimization analysis window and the optimization analysis sequence; when performing anomaly detection in the next detection cycle, if multiple detected objects are marked as abnormal objects within an abnormal window, a maintenance priority sequence is generated for the abnormal objects in descending order of priority coefficient, and the maintenance priority sequence is sent to the mobile terminal of the maintenance personnel.

[0018] Furthermore, the process of obtaining the priority coefficient of the detection object includes: marking the total number of times the detection object is marked as an abnormal object in all optimization analysis windows as the abnormal value, marking the sum of the sequence numbers of the detection object in all optimization analysis sequences as the diffusion value, and marking the ratio of the abnormal value to the diffusion value of the detection object as the priority coefficient of the detection object.

[0019] The present invention has the following beneficial effects:

[0020] This application can comprehensively consider various abnormal data of IoT hardware and perform personalized weighting according to the characteristics of different device types, thereby generating more accurate and reliable risk assessment coefficients. This effectively solves the problem of inaccurate assessment that may occur when a single or general assessment standard is faced with diverse IoT hardware, significantly improves the ability of the anomaly detection module to identify potential hidden dangers, reduces the risk of false alarms and false alarms, and enables the IoT hardware hidden danger risk analysis system to more effectively ensure the stable operation of the equipment.

[0021] This application effectively cleanses the environmental impact dataset collected by the deep analysis module, removing potential outliers and noise. This iterative cleaning mechanism ensures higher accuracy and robustness of the environmental thresholds for the final determined device types, avoiding threshold deviations caused by fluctuations or extreme values ​​in the original data. Therefore, in subsequent detection cycles, when the environmental data of the detected object is compared with the cleaned and optimized environmental thresholds, the true environmental hazards can be identified more accurately, significantly reducing false alarm and false negative rates. This not only improves the accuracy and reliability of the IoT hardware hazard risk analysis system in identifying potential environmental risks, but also provides maintenance personnel with more accurate and reliable early warning information, enabling more timely and effective maintenance and optimization, and ensuring the stable operation of IoT hardware.

[0022] This application effectively addresses the challenge of prioritizing maintenance when multiple anomalies occur concurrently in IoT hardware. By introducing optimized time windows and optimized analysis windows, the system can analyze the accumulation and evolution patterns of anomalies from a longer time perspective and at a deeper level, rather than simply focusing on the discovery of instantaneous anomalies. The generation of optimized analysis sequences provides a temporal context for the occurrence of anomalies, helping to reveal the correlation between them. More importantly, by calculating the priority coefficient of the detected objects, this solution can quantitatively assess the potential risks and maintenance urgency of different anomaly objects, thereby intelligently generating a maintenance priority sequence when multiple anomalies occur simultaneously. This allows maintenance personnel to prioritize and address the most critical and urgent IoT hardware vulnerabilities, significantly improving the efficiency and accuracy of maintenance work, avoiding resource waste, and ultimately enhancing the overall operational stability and reliability of the IoT hardware system. Attached Figure Description

[0023] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0024] Figure 1 This is a system block diagram of Embodiment 1 of the present invention;

[0025] Figure 2 This is a flowchart of the method in Embodiment 2 of the present invention. Detailed Implementation

[0026] The technical solution of the present invention will be clearly and completely described below with reference to the embodiments. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0027] Example 1: As Figure 1 As shown, an IoT hardware vulnerability risk analysis system adapted for AI devices includes a risk analysis platform. This platform communicates with an anomaly detection module, a deep analysis module, a maintenance and optimization module, and a database. Specifically, the risk analysis platform can be configured as a central server with multiple service processes deployed on it, corresponding to the anomaly detection module, deep analysis module, and maintenance and optimization module, respectively. These modules exchange data via internal message queues or Remote Procedure Calls (RPC). The database can be an independent storage service, such as a relational database or a time-series database, connected to the risk analysis platform through a standard interface. Alternatively, the risk analysis platform can be a distributed system based on a cloud computing architecture, with each module deployed as a microservice on different computing nodes, providing services externally through a load balancer and API gateway.

[0028] For ease of understanding, the following explains some key terms in this embodiment:

[0029] The risk analysis platform is an integrated software system whose main function is to monitor, analyze, and assess the potential risks of IoT hardware. As the core hub, this platform is responsible for coordinating data interaction and task scheduling among various functional modules.

[0030] The database stores all data generated during system operation, including operational data from IoT hardware, environmental data, risk assessment results, historical anomaly records, and configuration information. This database provides support for data querying, storage, and management across various modules.

[0031] Internet of Things (IoT) hardware refers to various physical devices connected to the Internet of Things, such as sensors, actuators, and smart terminals. This hardware is the foundation for data acquisition and operation.

[0032] The detection target refers to the specific IoT hardware selected by the system for abnormal state detection and analysis. The system will continuously monitor and collect data from these targets.

[0033] The detection cycle refers to the time span during which the system performs a complete abnormal state detection and analysis on the object being detected. Within this cycle, the system executes a series of detection and analysis tasks.

[0034] A time sliding window refers to a data acquisition and analysis interval that moves continuously along the time axis within a fixed duration of L1 minutes during the detection period. This window is used to perform local evaluation of the behavior of the detected object within a short period of time.

[0035] The risk assessment coefficient is a quantitative indicator that measures the degree of abnormality of a detected object within a specific time sliding window; this coefficient is derived through comprehensive calculation of various abnormal data.

[0036] A normal window refers to a window in which the risk assessment coefficient of the detected object is within the normal range and does not show any obvious abnormalities within the time sliding window.

[0037] An abnormal window refers to a window in which the risk assessment coefficient of the detected object exceeds the normal range within a time sliding window, exhibiting an abnormal state.

[0038] The analysis window refers to a sliding time window (L1 minutes prior to the start time of the anomaly window) that the system traces back to after an anomaly window is detected. This window is used to collect environmental data prior to the anomaly for in-depth analysis.

[0039] Environmental data refers to various parameters of the physical environment in which the object being monitored exists, such as temperature, humidity, air pressure, and vibration. This data helps in analyzing the external causes of anomalies or potential hazards.

[0040] The environmental impact set is a dataset consisting of environmental data of all abnormal objects corresponding to the same equipment type; this set is used to statistically analyze the common environmental characteristics of a specific equipment type when an abnormality occurs.

[0041] The environmental threshold is a reference value extracted from the environmental impact set after data cleaning, used to determine whether the environment may cause potential hazards; if the environmental data exceeds the threshold, there may be potential hazards.

[0042] The anomaly detection module is used to detect and analyze abnormal states of IoT hardware. It marks the IoT hardware as the detection object, generates a detection period, and sets a time sliding window of duration L1 minutes within the detection period. It acquires the temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY of the detection object within the time sliding window. Temperature anomaly data WY is the maximum value of the circuit board temperature of the detection object within the time sliding window; electrical anomaly data DY is the difference between the maximum and minimum values ​​of the voltage value of the detection object within the time sliding window; and transmission anomaly data CY is the maximum value of the communication delay of the detection object within the time sliding window. The temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY constitute the anomaly data row vector YC of the detection object, YC = [WY, DY, CY]. A weighted column vector LK is generated for the detection object based on its device type, LK = [a1, a2, a3]. t Where a1, a2, and a3 are proportional coefficients, and a1+a2+a3=1; the risk assessment coefficient of the detected object is obtained by performing a dot product calculation on the abnormal data row vector YC of all detected objects under the same equipment type and the corresponding weight column vector LK. The risk assessment threshold corresponding to the equipment type is retrieved from the database, and the risk assessment coefficient is compared with the risk assessment threshold: if the risk assessment coefficient is less than the risk assessment threshold, it is determined that the abnormal state detection result of the detected object within the time sliding window meets the requirements, and the corresponding detected object is marked as a normal object; if the risk assessment coefficient is greater than or equal to the risk assessment threshold, it is determined that the abnormal state detection result of the detected object within the time sliding window does not meet the requirements, and the corresponding detected object is marked as an abnormal object; if all detected objects within the time sliding window are marked as normal objects, the current time sliding window is marked as a normal window; otherwise, the current time sliding window is marked as an abnormal window.

[0043] An anomaly detection module is used to detect and analyze abnormal states of IoT hardware. In one implementation, this module can periodically collect data from the IoT hardware, such as taking data snapshots at regular intervals. This data can include hardware operation logs, sensor readings, etc. The module can use a simple rule-based matching method to determine whether an anomaly exists; for example, if a sensor reading exceeds a preset fixed upper limit, it is considered an anomaly.

[0044] Furthermore, in the anomaly detection module, IoT hardware is marked as detection objects, and a detection cycle is generated. For example, the system can automatically identify IoT hardware as detection objects based on its registration information. The detection cycle can be set to a fixed time period, such as daily or weekly. Within this detection cycle, the system can continuously collect and analyze data from these detection objects.

[0045] Based on this, a time sliding window of duration L1 minutes is set within the detection cycle, and the risk assessment coefficient of the detected object within the time sliding window is obtained. For example, L1 can be set to 60 minutes. The system can collect data every L1 minutes and perform simple statistical analysis on this data, such as calculating the average or maximum value, as the risk assessment coefficient. This risk assessment coefficient can be a single value; for example, if the maximum value of the temperature sensor within L1 minutes exceeds a certain fixed threshold, then that maximum value is used as the risk assessment coefficient.

[0046] Therefore, the time-sliding window is marked as a normal window or an abnormal window based on the risk assessment coefficient. For example, the system can preset a fixed risk assessment threshold. If the risk assessment coefficient of the detected object within the time-sliding window is less than the threshold, the time-sliding window is marked as a normal window; otherwise, it is marked as an abnormal window. This marking method can help the system initially identify potentially problematic time periods.

[0047] This application's solution acquires temperature anomaly data (WY), electrical anomaly data (DY), and transmission anomaly data (CY) of the detected object within a time sliding window through an anomaly detection module. These data reflect the operational status of IoT hardware from three key dimensions: temperature, power, and communication. Subsequently, these heterogeneous anomaly data are integrated into an anomaly data row vector (YC). To more accurately assess risk, the system generates a specific weighted column vector (LK) based on the device type of the detected object. The proportional coefficients a1, a2, and a3 in this weighted column vector LK can flexibly adjust the contribution of different anomaly data to the overall risk assessment. For example, for a device type highly sensitive to temperature changes, the weight a1 of the temperature anomaly data WY can be set to a relatively high value to highlight its importance in the risk assessment. Finally, a comprehensive risk assessment coefficient is obtained by performing a dot product calculation on the anomaly data row vector YC and the corresponding weighted column vector LK. This calculation method ensures that the risk assessment coefficient not only considers multiple anomaly factors but also fully takes into account the differences in sensitivity of different device types to these anomaly factors, thereby enabling a more accurate and refined quantification of the potential risks of IoT hardware. Compared to assessment methods that rely on a single indicator or general threshold, this solution can more comprehensively capture abnormal equipment states and perform personalized risk quantification based on equipment characteristics, providing a more reliable basis for subsequent abnormal window marking.

[0048] The deep analysis module is used to perform in-depth analysis of potential risks in IoT hardware: It marks the L1-minute time sliding window preceding the start time of the anomaly window as the analysis window, and acquires environmental data of the anomaly object within the analysis window: It obtains the environmental parameters and corresponding environmental standard ranges of the environment in which the anomaly object is located; it marks the average of the maximum and minimum values ​​within the environmental standard range as the environmental standard value; it marks the absolute value of the difference between the environmental parameter and the environmental standard value as the environmental deviation value; it marks the maximum value of the environmental deviation value within the analysis window as the environmental assessment value; it marks the difference between the maximum and minimum values ​​within the environmental standard range as the environmental balance value; it marks the ratio of the environmental assessment value to the environmental balance value as the environmental impact coefficient of the environmental parameter; and it marks the sum of the environmental impact coefficients of all environmental parameters as environmental data. This data is then processed within the detection cycle. At the end of the detection cycle, the environmental data of all abnormal objects corresponding to the same equipment type constitute an environmental impact set. Data cleaning is performed on the environmental impact set: the variance of all elements in the environmental impact set is calculated to obtain the distribution coefficient, and the distribution threshold is obtained from the database. The distribution coefficient is compared with the distribution threshold: if the distribution coefficient is greater than or equal to the distribution threshold, the largest and smallest elements in the environmental impact set are removed, and the distribution coefficient is recalculated, and so on, until the distribution coefficient is less than the distribution threshold; if the distribution coefficient is less than the distribution threshold, the smallest element retained in the environmental impact set is marked as the environmental threshold for the equipment type; if, in the next detection cycle, the environmental data of a detected object is not less than the corresponding environmental threshold, an environmental hazard signal is generated and sent to the mobile terminal of the maintenance personnel.

[0049] Specifically, acquiring the environmental parameters and corresponding environmental standard ranges of the environment in which the abnormal object is located refers to the system collecting external physical quantities affecting the operation of IoT hardware, such as temperature, humidity, air pressure, and vibration, through sensors or other data interfaces, and obtaining the allowable value ranges of these parameters under normal operating conditions from a preset database or configuration. Environmental parameters can be directly reported by sensors built into the IoT hardware or provided by independent environmental monitoring devices deployed in the environment. Environmental standard ranges can be set based on the equipment manufacturer's specifications, industry standards, or the results of historical operating data analysis.

[0050] As a specific implementation, suppose a smart camera is flagged as an anomalous object, and the temperature parameter of its surrounding environment is detected within an analysis window. First, the system acquires the smart camera's environmental parameters (e.g., temperature) and its corresponding environmental standard range. For example, the smart camera's normal operating temperature range is 0°C to 40°C. Next, the system calculates the environmental standard value as the average of the maximum value (40°C) and the minimum value (0°C) within the environmental standard range, i.e., (0+40) / 2 = 20°C. Within the analysis window, suppose the monitored temperature parameter values ​​are 25°C, 30°C, 35°C, and 28°C, respectively. The system calculates the absolute value of the difference between each temperature value and the environmental standard value of 20°C to obtain an environmental deviation value, for example: |25-20|=5°C, |30-20|=10°C, |35-20|=15°C, |28-20|=8°C. Then, the maximum value of these environmental deviation values, 15°C, is marked as the environmental assessment value. Simultaneously, the system calculates the difference between the maximum value of 40℃ and the minimum value of 0℃ within the environmental standard range to obtain the environmental balance value, i.e., 40-0=40℃. Then, it calculates the ratio of the environmental assessment value of 15℃ to the environmental balance value of 40℃ to obtain the environmental impact coefficient of the temperature parameter, i.e., 15 / 40=0.375. If the smart camera is also affected by other environmental parameters such as humidity and vibration, the system will calculate the environmental impact coefficients of these parameters in a similar manner. Finally, the environmental impact coefficients of all these environmental parameters are summed to obtain comprehensive environmental data. This environmental data will be used for subsequent in-depth analysis to determine whether environmental factors pose a potential risk of equipment malfunction.

[0051] The maintenance and optimization module is used to perform maintenance and optimization analysis on IoT hardware: At the end of the detection cycle, a new optimization time window of duration L2 minutes is set and slides from the beginning of the detection cycle. L2 and L1 are both numerical constants, and L2 > L1. If the number of marked abnormal windows within the optimization time window is not less than L3, the corresponding optimization time window is marked as an optimization analysis window, and an optimization analysis sequence is generated based on the marking order of abnormal windows within the optimization analysis window. The total number of times the detected object is marked as an abnormal object in all optimization analysis windows is marked as the anomaly value, the sum of the sequence numbers of the detected object in all optimization analysis sequences is marked as the diffusion value, and the ratio of the anomaly value to the diffusion value of the detected object is marked as the priority coefficient of the detected object. When performing anomaly detection in the next detection cycle, if multiple detected objects are marked as abnormal objects within an abnormal window, the abnormal objects are generated into a maintenance priority sequence according to the priority coefficient from largest to smallest, and the maintenance priority sequence is sent to the mobile terminal of the maintenance personnel.

[0052] The outlier value refers to the total number of times a specific detected object is marked as an anomalous object by the system across all identified optimization analysis windows. This value directly reflects the frequency with which the detected object exhibits anomalous behavior over a longer time span. For example, it can be calculated by accumulating the events marked as anomalous for each detected object in each optimization analysis window using a counter, or by querying anomaly marking records stored in a database. A higher outlier value usually indicates that the detected object is more unstable or has a more serious potential problem. The diffusion value refers to the sum of the sequence numbers of a specific detected object across all optimization analysis sequences. The optimization analysis sequences are generated based on the marking order of the anomaly windows, which includes information about the order in which anomalous objects appear. The diffusion value reflects the position and scope of influence of the detected object in the chain of anomalous events. For example, if a detected object frequently appears early in the sequence, its sequence number is small, and the accumulated diffusion value may be low, indicating that it may be an early trigger or core influencing factor of an anomalous event; if it frequently appears later in the sequence, its sequence number is large, and the accumulated diffusion value may be high, indicating that it may be a subsequent manifestation or a victim of an anomalous event. The diffusion value is obtained by traversing all optimization analysis sequences, finding the position number of a specific detection object in each sequence, and accumulating them. The priority coefficient is the ratio of the anomaly value to the diffusion value of a detection object. This ratio comprehensively considers both the frequency of the anomaly behavior of the detection object (anomaly value) and its position in the anomaly event chain (diffusion value). The priority coefficient is calculated as: Priority Coefficient = Anomaly Value / Diffusion Value. Using this ratio, the system can more comprehensively and precisely evaluate the maintenance priority of each anomaly object. For example, a detection object with a high anomaly value (frequent anomalies) and a low diffusion value (often appearing in the early stages of anomalies) will have a higher priority coefficient, indicating a higher maintenance priority. Conversely, a detection object with a low anomaly value (infrequent anomalies) and a high diffusion value (often appearing in the later stages of anomalies) will have a lower priority coefficient.

[0053] As a specific implementation, assume that at the end of a certain detection cycle, the maintenance optimization module has identified three optimization analysis windows and generated corresponding optimization analysis sequences. For example: the sequence corresponding to optimization analysis window 1 is: [Detection object A, Detection object B, Detection object C]; the sequence corresponding to optimization analysis window 2 is: [Detection object A, Detection object D]; and the sequence corresponding to optimization analysis window 3 is: [Detection object B, Detection object A, Detection object E]. At this time, the system needs to calculate the priority coefficient of each detection object. For detection object A, its out-of-target value is marked as an abnormal object in optimization analysis windows 1, 2, and 3, so the out-of-target value can be 3. Its diffusion value has an index of 1 in sequence 1, an index of 1 in sequence 2, and an index of 2 in sequence 3, so the diffusion value can be 1+1+2=4. Its priority coefficient can be out-of-target value / diffusion value = 3 / 4 = 0.75. For detection object B, its out-of-target value is marked as an abnormal object in optimization analysis windows 1 and 3, so the out-of-target value can be 2. For object C, its out-of-standard value is 2 in sequence 1 and 1 in sequence 3, so the total out-of-standard value can be 2 + 1 = 3. Its priority coefficient can be out-of-standard value / out-of-standard value = 2 / 3 ≈ 0.67. For object C, its out-of-standard value is marked as an anomalous object in optimization analysis window 1, so the out-of-standard value can be 1. Its total out-of-standard value is 3 in sequence 1, so the total out-of-standard value can be 3. Its priority coefficient can be out-of-standard value / out-of-standard value = 1 / 3 ≈ 0.33. For object D, its out-of-standard value is marked as an anomalous object in optimization analysis window 2, so the out-of-standard value can be 1. Its total out-of-standard value is 2 in sequence 2, so the total out-of-standard value can be 2. Its priority coefficient can be out-of-standard value / total out-of-standard value = 1 / 2 = 0.5. For object E, its out-of-standard value is marked as an anomalous object in optimization analysis window 3, so the out-of-standard value can be 1. Its total out-of-standard value is 3 in sequence 3, so the total out-of-standard value can be 3. Its priority coefficient can be calculated as (anomaly value / diffusion value) = 1 / 3 ≈ 0.33. Based on the above calculation, object A has the highest priority coefficient (0.75), followed by object B (0.67), then object D (0.5), and finally objects C and E (0.33). In the next detection cycle, if objects A, B, and D appear simultaneously in an anomaly window, the system will generate a maintenance priority sequence based on these priority coefficients: [object A, object B, object D], and send it to the maintenance personnel's mobile terminal, guiding them to prioritize handling object A.

[0054] Example 2: Figure 2 As shown, the method for analyzing potential hardware vulnerabilities in IoT devices adapted to artificial intelligence devices includes the following steps:

[0055] Step 1: Perform abnormal state detection and analysis on IoT hardware: Mark the IoT hardware as the detection object, generate a detection period, set a time sliding window with a duration of L1 minutes within the detection period, and mark the time sliding window as a normal window or an abnormal window based on the risk assessment coefficient of the detection object.

[0056] Step 2: Conduct in-depth analysis of potential risks of IoT hardware: Mark the time sliding window corresponding to L1 minutes before the start time of the anomaly window as the analysis window, obtain the environmental data of the anomaly object within the analysis window, and perform data cleaning processing on the environmental data of all anomaly objects corresponding to the same device type to obtain the environmental threshold.

[0057] Step 3: Perform maintenance and optimization analysis on IoT hardware: At the end of the detection cycle, reset an optimization time window with a duration of L2 minutes and slide it from the beginning of the detection cycle. Mark the priority coefficient of the detection object and generate a maintenance priority sequence based on the priority coefficient.

[0058] This IoT hardware vulnerability risk analysis system, adapted for AI devices, marks IoT hardware as detection objects during operation, generates a detection cycle, and sets a time sliding window of duration L1 minutes within the detection cycle. The time sliding window is marked as a normal window or an abnormal window based on the risk assessment coefficient of the detection object. The time sliding window corresponding to the L1 minutes before the start time of the abnormal window is marked as an analysis window. Environmental data of abnormal objects within the analysis window is acquired, and the environmental data of all abnormal objects corresponding to the same device type is cleaned to obtain environmental thresholds. At the end of the detection cycle, a new optimization time window of duration L2 minutes is set and slides from the start time of the detection cycle, marking the priority coefficient of the detection objects and generating a maintenance priority sequence based on the priority coefficient.

[0059] The above description is merely an example and illustration of the structure of the present invention. Those skilled in the art can make various modifications or additions to the specific embodiments described, or use similar methods to replace them, as long as they do not deviate from the structure of the invention or exceed the scope defined in the claims, all of which should fall within the protection scope of the present invention.

[0060] In the description of this specification, references to terms such as "an embodiment," "example," "specific example," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the invention. In this specification, illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.

[0061] The preferred embodiments of the present invention disclosed above are merely illustrative of the invention. These preferred embodiments do not exhaustively describe all details, nor do they limit the invention to any specific implementation. Clearly, many modifications and variations can be made based on the content of this specification. This specification selects and specifically describes these embodiments to better explain the principles and practical applications of the invention, thereby enabling those skilled in the art to better understand and utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims

1. A hardware vulnerability risk analysis system for IoT devices adapted to artificial intelligence devices, characterized in that, It includes a risk analysis platform, which is communicatively connected to an anomaly detection module, a deep analysis module, a maintenance and optimization module, and a database; The anomaly detection module is used to perform anomaly state detection and analysis on IoT hardware: marking IoT hardware as a detection object, generating a detection period, setting a time sliding window with a duration of L1 minutes within the detection period, obtaining the risk assessment coefficient of the detection object within the time sliding window, and marking the time sliding window as a normal window or an abnormal window based on the risk assessment coefficient. The deep analysis module is used to perform in-depth analysis of potential risks of IoT hardware: the time sliding window corresponding to L1 minutes before the start time of the anomaly window is marked as the analysis window, the environmental data of the abnormal objects within the analysis window is obtained, and at the end of the detection cycle, the environmental data of all abnormal objects corresponding to the same device type constitute an environmental impact set. The environmental impact set is cleaned to obtain the environmental threshold. If the environmental data of the detected object is not less than the corresponding environmental threshold in the next detection cycle, an environmental hazard signal is generated and sent to the mobile terminal of the operation and maintenance personnel. The maintenance and optimization module is used for maintenance and optimization analysis of IoT hardware; The specific process of the maintenance and optimization module for maintaining and optimizing IoT hardware includes: at the end of the detection cycle, a new optimization time window of duration L2 minutes is set and slides from the beginning of the detection cycle, where L2 and L1 are both numerical constants, and L2 > L1; if the number of marked abnormal windows within the optimization time window is not less than L3, the corresponding optimization time window is marked as an optimization analysis window, and an optimization analysis sequence is generated based on the marking order of abnormal windows within the optimization analysis window; the priority coefficient of the detected objects is obtained by analyzing the distribution of the detected objects in the optimization analysis window and the optimization analysis sequence; when performing anomaly detection in the next detection cycle, if multiple detected objects are marked as abnormal objects within an abnormal window, a maintenance priority sequence is generated based on the abnormal objects in descending order of priority coefficient, and the maintenance priority sequence is sent to the mobile terminal of the maintenance personnel; The process of obtaining the priority coefficient of the detection object includes: marking the total number of times the detection object is marked as an abnormal object in all optimization analysis windows as the abnormal value, marking the sum of the sequence numbers of the detection object in all optimization analysis sequences as the diffusion value, and marking the ratio of the abnormal value to the diffusion value of the detection object as the priority coefficient of the detection object.

2. The IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices according to claim 1, characterized in that, The process of obtaining the risk assessment coefficient of the monitored object within a time sliding window includes: acquiring the temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY of the monitored object within the time sliding window; constructing the abnormal data row vector YC of the monitored object from the temperature anomaly data WY, electrical anomaly data DY, and transmission anomaly data CY, YC=[WY, DY, CY]; and generating a weighted column vector LK for the monitored object based on its equipment type, LK=[a1, a2, a3]. t Where a1, a2, and a3 are all proportional coefficients, and a1+a2+a3=1; the risk assessment coefficient of the detected object is obtained by performing a dot product calculation on the abnormal data row vector YC of all detected objects under the same equipment type and the corresponding weight column vector LK.

3. The IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices according to claim 2, characterized in that, Temperature anomaly data WY is the maximum value of the circuit board temperature of the detected object within the time sliding window; electrical anomaly data DY is the difference between the maximum and minimum values ​​of the voltage of the detected object within the time sliding window; and transmission anomaly data CY is the maximum value of the communication delay of the detected object within the time sliding window.

4. The IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices according to claim 3, characterized in that, The specific process of marking a time-sliding window as a normal or abnormal window includes: retrieving the risk assessment threshold corresponding to the device type from the database, and comparing the risk assessment coefficient with the risk assessment threshold; if the risk assessment coefficient is less than the risk assessment threshold, the abnormal state detection result of the detected object within the time-sliding window is determined to meet the requirements, and the corresponding detected object is marked as a normal object; if the risk assessment coefficient is greater than or equal to the risk assessment threshold, the abnormal state detection result of the detected object within the time-sliding window is determined to not meet the requirements, and the corresponding detected object is marked as an abnormal object; if all detected objects within the time-sliding window are marked as normal objects, the current time-sliding window is marked as a normal window; otherwise, the current time-sliding window is marked as an abnormal window.

5. The IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices according to claim 4, characterized in that, The process of acquiring environmental data for abnormal objects within the analysis window includes: acquiring the environmental parameters of the environment in which the abnormal object is located and the corresponding environmental standard range; marking the average of the maximum and minimum values ​​within the environmental standard range as the environmental standard value; marking the absolute value of the difference between the environmental parameter and the environmental standard value as the environmental deviation value; marking the maximum value of the environmental deviation value within the analysis window as the environmental assessment value; marking the difference between the maximum and minimum values ​​within the environmental standard range as the environmental balance value; marking the ratio of the environmental assessment value to the environmental balance value as the environmental impact coefficient of the environmental parameter; and marking the sum of the environmental impact coefficients of all environmental parameters as environmental data.

6. The IoT hardware vulnerability risk analysis system adapted to artificial intelligence devices according to claim 5, characterized in that, The specific process of data cleaning for the environmental impact set includes: calculating the variance of all elements in the environmental impact set to obtain the distribution coefficient; obtaining the distribution threshold from the database; comparing the distribution coefficient with the distribution threshold; if the distribution coefficient is greater than or equal to the distribution threshold, the largest and smallest elements in the environmental impact set are removed, and the distribution coefficient is recalculated, and so on, until the distribution coefficient is less than the distribution threshold; if the distribution coefficient is less than the distribution threshold, the smallest element retained in the environmental impact set is marked as the environmental threshold for the equipment type.