Multi-agent network security operation method and device, electronic equipment and storage medium
By constructing a layered architecture and improving information flow control methods, the problems of single scheduling granularity and insufficient security in multi-agent network security operations are solved. Multi-granularity collaborative decision-making is realized, improving system resource utilization and task execution efficiency. It is suitable for multi-agent collaboration and network security scenarios.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHENZHEN Y& D ELECTRONICS CO LTD
- Filing Date
- 2026-03-11
- Publication Date
- 2026-06-09
AI Technical Summary
Existing multi-agent network security operation methods suffer from problems such as single scheduling granularity, insufficient security and privacy protection, and lack of specialized design for the vertical domain of network security. This makes it difficult to optimize system resource utilization and task execution efficiency, and fails to meet the high security and high reliability requirements of the network security field.
Construct a layered architecture from physical hardware to upper-layer applications, receive global network security tasks and decompose them into structured task subsets, improve the non-interference information flow control method of operating system processes, perform real-time intent synchronization and collaborative adjustment between intelligent agents, and form a closed-loop learning and improvement mechanism to achieve multi-granularity collaborative decision-making.
It realizes the functions of a secure operating system for multi-agent collaborative operation, ensures the security of information flow in agent interactions, balances global planning and local response, improves system resource utilization and task execution efficiency, and is suitable for secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, and multi-agent software systems.
Smart Images

Figure CN121834846B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to multi-agent network security operation methods, devices, electronic devices, and storage media. Background Technology
[0002] Existing multi-agent network security operation methods (taking AIOS as an example) mainly have the following shortcomings:
[0003] The scheduling decision-making granularity is limited. Although AIOS enables concurrent execution of multiple agents, its scheduling mechanism is still mainly based on traditional first-in-first-out (FIFO) and round-robin scheduling algorithms, lacking multi-granularity collaborative scheduling capabilities. This single scheduling approach struggles to balance global planning and local response in complex tasks, and cannot flexibly coordinate at multiple levels such as task decomposition, alliance formation, and real-time collaboration. Consequently, when facing multi-layered and highly complex cybersecurity tasks, it is difficult to achieve an optimal balance between system resource utilization and task execution efficiency.
[0004] Insufficient consideration for security and privacy protection. General-purpose intelligent agent operating systems such as AIOS did not adequately address the secure isolation and information flow control between intelligent agents during their design, lacking protection mechanisms against security risks such as unauthorized access and data leakage. For example, an intelligent agent might access the memory or data of other intelligent agents without authorization, and the system does not employ technologies such as encrypted communication and interference-free isolation to ensure the confidentiality and integrity of interactions between intelligent agents. This makes it difficult for existing systems to meet the stringent requirements of high security and high reliability in the field of cybersecurity.
[0005] Existing technologies lack specific designs for the cybersecurity vertical. While general agent operation methods provide basic agent management and collaboration capabilities, they do not integrate the professional knowledge base, security toolset, and specific security policy support required in the cybersecurity field, and therefore cannot be directly applied to specific cybersecurity scenarios such as identity authentication, vulnerability scanning, and virus protection. Summary of the Invention
[0006] To address the aforementioned technical problems, this invention provides a multi-agent network security operation method, which employs the following technical solution, including the following steps:
[0007] Build a layered architecture from physical hardware to upper-layer applications;
[0008] Receive global cybersecurity tasks and decompose them into structured, assignable task subsets at a coarse-grained layer;
[0009] Based on coarse-grained task decomposition, atomic tasks are assigned to appropriate agents to form task alliances and formulate cooperative strategies.
[0010] By improving the reliable and interference-free information flow control method of operating system processes, we can adapt to interference-free information interaction between intelligent agents and ensure the security of information flow of interaction between simultaneously running intelligent agents.
[0011] Real-time intent synchronization and collaborative adjustment among intelligent agents are performed during task execution;
[0012] Collect feedback information during task execution, evaluate task completion, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results to form a closed-loop learning and improvement mechanism.
[0013] Preferably, the step of constructing a layered architecture from physical hardware to upper-layer applications specifically includes:
[0014] Abstracting the underlying physical hardware resources and managing them in a unified manner provides upper-layer software with unified physical computing resources that shield hardware differences;
[0015] Configure basic services at the operating system kernel layer;
[0016] Initialize the LLM kernel layer and load the knowledge base;
[0017] Load the SDK toolset and deploy the intelligent agent application layer.
[0018] Preferably, the step of receiving a global network security task and decomposing it into a structured, allocatable subset of tasks at a coarse-grained layer specifically includes:
[0019] Receive global network security tasks, and perform formal description and candidate agent selection for the global tasks;
[0020] Construct an AND / or task graph based on HTN and resource constraints;
[0021] Extract all atomic task nodes from the constructed AND / or task graph to form a structured set of atomic tasks, which serves as the final output of the coarse-grained layer.
[0022] Preferably, the step of assigning atomic tasks to suitable agents, forming task alliances, and formulating cooperative strategies based on coarse-grained task decomposition specifically includes:
[0023] Calculate the matching degree between the task and the agent, and construct a weighted bipartite graph;
[0024] Initial task allocation is performed based on the Hungarian algorithm.
[0025] Based on the improved contract network protocol, an agent alliance and role negotiation are formed.
[0026] Preferably, the steps of improving the reliable, interference-free information flow control method for operating system processes to adapt to interference-free information interaction between intelligent agents and ensure the security of the information flow of interaction between simultaneously running intelligent agents specifically include:
[0027] Create a trusted channel for information exchange among multiple intelligent agents and bind them with secure tags;
[0028] Based on security tags, perform access permission compliance checks;
[0029] Perform status monitoring and interference-free isolation verification on trusted pipelines.
[0030] Preferably, the step of real-time intent synchronization and collaborative adjustment among agents during task execution specifically includes:
[0031] Update the local intent model maintained by each agent during task execution;
[0032] The intent summary of each agent is periodically broadcast and received;
[0033] Based on the received intent digest, the agent calculates the intent with the alliance members. Figure 1 Consistency: When consistency falls below a preset threshold, intent negotiation is triggered. Intents are adjusted through a utility-based negotiation mechanism to ensure consistent actions.
[0034] Preferably, the steps of collecting feedback information during task execution, evaluating task completion, and dynamically optimizing the multi-granularity collaborative decision-making process based on the evaluation results to form a closed-loop learning and improvement mechanism specifically include:
[0035] Collect intermediate results and final outputs generated by each agent during task execution, and quantitatively evaluate the task completion status;
[0036] Based on the task execution results, we conduct performance analysis on the coarse-grained task decomposition strategy and the medium-grained task allocation strategy, identify the advantages and disadvantages of the strategies, and provide guidance for strategy optimization.
[0037] Based on the results of the performance analysis, the parameters in the multi-granularity collaborative decision-making process are adaptively adjusted.
[0038] To address the aforementioned technical problems, the present invention also provides a multi-agent network security operation device, which adopts the following technical solution, including:
[0039] Build modules are used to construct layered architectures from physical hardware to upper-layer applications;
[0040] The decomposition module receives global cybersecurity tasks and decomposes them into structured, assignable task subsets at a coarse-grained layer.
[0041] The allocation module is used to assign atomic tasks to appropriate agents based on coarse-grained task decomposition, forming task alliances and formulating cooperative strategies.
[0042] An improved module is used to adapt to non-interference information interaction between intelligent agents by improving the reliable and non-interference information flow control method of operating system processes, and to ensure the security of the information flow of interaction between intelligent agents running simultaneously.
[0043] The adjustment module is used to perform real-time intent synchronization and collaborative adjustment between agents during task execution;
[0044] The closed-loop module is used to collect feedback information during task execution, evaluate task completion, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results, forming a closed-loop learning and improvement mechanism.
[0045] To address the aforementioned technical problems, the present invention also provides an electronic device that employs the technical solution described below, comprising a memory and a processor. The memory stores computer-readable instructions, and the processor executes the computer-readable instructions to implement the steps of the aforementioned multi-agent network security operation method.
[0046] To address the aforementioned technical problems, the present invention also provides a computer-readable storage medium, which employs the technical solution described below. The computer-readable storage medium stores computer-readable instructions, which, when executed by a processor, implement the steps of the aforementioned multi-agent network security operation method.
[0047] Compared with the prior art, the present invention has the following main advantages:
[0048] (1) Based on LLM, by integrating relevant intelligent agent operation toolsets, merging the LLM kernel with the traditional operating system kernel, modifying the current AIOS, and making adaptive adjustments to related system interfaces and traditional operating systems, a multi-agent collaborative operation operating system framework is proposed, including hardware layer, operating system kernel layer, LLM kernel layer, SDK layer, intelligent agent application layer, etc., to realize the secure operating system functions and services of multi-agent collaboration, and meet the needs of intelligent cyberspace security protection system;
[0049] (2) Based on the non-interference information flow control method, improve the non-interference method of the operating system process to adapt to the non-interference information interaction between intelligent agents. It not only has the relevant functions of inter-process communication of the operating system, but also has the functions of secure communication and interaction in the planning and execution process of intelligent agents, so as to ensure the security of the interactive information flow of intelligent agents running at the same time.
[0050] (3) A multi-granularity collaborative scheduling decision-making process is adopted, taking into account both global planning and local response collaborative decision-making. The collaborative decision-making of multi-agents is divided into three levels of task granularity: the coarse-grained layer performs task decomposition and macro-planning, the medium-granularity layer performs alliance formation and strategy formulation, and the fine-grained layer performs intent interpretation and real-time collaboration. The coarse-grained layer realizes global task decomposition and macro-planning, ensuring global optimization; the medium-granularity layer realizes dynamic alliance formation and strategy formulation, balancing task allocation and collaboration efficiency; and the fine-grained layer realizes intent synchronization and real-time collaboration, improving local response and adaptability.
[0051] (4) It can be applied to secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, multi-agent software system, and multi-digital human collaboration. Attached Figure Description
[0052] To more clearly illustrate the solutions in this invention, the accompanying drawings used in the description of the embodiments of this invention will be briefly introduced below. Obviously, the drawings described below are some embodiments of this invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.
[0053] Figure 1 This is a flowchart of an embodiment of the multi-agent network security operation method of the present invention;
[0054] Figure 2 This is a schematic diagram of the five-layer vertical architecture constructed in the multi-agent network security operation method of the present invention;
[0055] Figure 3 This is a schematic diagram illustrating the trusted pipeline used in the multi-agent network security operation method of the present invention;
[0056] Figure 4 This is a schematic diagram of the trusted pipeline operation used in the multi-agent network security operation method of the present invention;
[0057] Figure 5 This is a schematic diagram of the trusted pipeline operation process used in the multi-agent network security operation method of the present invention;
[0058] Figure 6 This is a schematic diagram of the structure of one embodiment of the multi-agent network security operation device of the present invention;
[0059] Figure 7 This is a schematic diagram of the structure of an embodiment of the electronic device of the present invention. Detailed Implementation
[0060] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains; the terminology used herein in the specification is for the purpose of describing particular embodiments only and is not intended to limit the invention; the terms "comprising" and "having," and any variations thereof, in the specification, claims, and foregoing drawings are intended to cover non-exclusive inclusion. The terms "first," "second," etc., in the specification, claims, or foregoing drawings are used to distinguish different objects and not to describe a particular order.
[0061] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of the invention. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.
[0062] To enable those skilled in the art to better understand the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings.
[0063] It should be noted that the multi-agent network security operation method provided in the embodiments of the present invention is generally executed by a server / terminal device, and correspondingly, the multi-agent network security operation device is generally set in the server / terminal device.
[0064] It should be understood that the number of terminal devices, networks, and servers is merely illustrative. Depending on implementation needs, any number of terminal devices, networks, and servers can be used.
[0065] Example 1
[0066] Please refer to Figure 1 The flowchart illustrates an embodiment of the multi-agent network security operation method of the present invention. The multi-agent network security operation method includes the following steps:
[0067] Step S1: Construct a layered architecture from physical hardware to upper-layer applications.
[0068] In this embodiment, the electronic device (e.g., a server / terminal device) on which the multi-agent network security operation method runs can receive multi-agent network security operation requests via wired or wireless connection. It should be noted that the aforementioned wireless connection methods may include, but are not limited to, 3G / 4G / 5G connections, WiFi connections, Bluetooth connections, WiMAX connections, Zigbee connections, UWB (ultra-wideband) connections, and other currently known or future-developed wireless connection methods.
[0069] Figure 2 This is a schematic diagram of the five-layer vertical architecture constructed in the multi-agent network security operation method of the present invention. For example... Figure 2 As shown, the constructed five-layer vertical architecture includes: a hardware layer, an operating system kernel layer, an LLM kernel layer, an SDK layer, and an intelligent agent application layer. The hardware layer is the physical foundation of the system, providing computing, storage, and I / O resources. The operating system kernel layer, as the core resource manager, directly controls the hardware through hardware drivers and provides adaptively modified dedicated system call interfaces for the upper layers. The LLM kernel layer, as the AI enabling hub, indirectly uses the hardware by calling lower-layer interfaces and is specifically responsible for the lifecycle management, collaborative scheduling, and security isolation of multiple intelligent agents. The SDK layer, as the development enabling layer, provides rich software development kits for the development of upper-layer intelligent agents, reducing the development complexity of secure intelligent agents and improving development efficiency. The intelligent agent application layer, as the system's functional presentation layer, develops various specialized secure intelligent agents based on the SDK layer, directly addressing specific network security scenarios such as identity authentication and vulnerability scanning.
[0070] In this embodiment, step S1 may specifically include the following steps:
[0071] S11 abstracts the underlying physical hardware resources, manages them uniformly, and provides unified physical computing resource support for upper-layer software that shields hardware differences.
[0072] The operating system kernel layer directly uses and controls the underlying hardware by loading and invoking hardware drivers. The hardware layer, as the physical carrier of the system, mainly includes the CPU, GPU, memory, disk, input devices, output devices, and other peripherals. The operating system kernel layer manages these hardware resources uniformly. The LLM kernel interacts by calling the operating system's system call interface, and all hardware access must undergo unified control and security review by the operating system kernel. This indirect interaction ensures system abstraction and security, enabling the LLM kernel to utilize hardware functions without directly managing the hardware, thereby maintaining system integrity and high efficiency.
[0073] The purpose of step S11 is to abstract hardware layer resources, uniformly manage computing, storage and I / O resources such as CPU, GPU, memory, and disk, and provide unified physical computing resource support for upper-layer software that shields hardware differences.
[0074] S12 configures basic services at the operating system kernel layer.
[0075] The operating system kernel layer provides a dedicated system call interface and is tightly coupled with the LLM kernel layer. This layer mainly includes the following modules:
[0076] System call interface: Provides a set of extended call interfaces for responding to resource requests and scheduling instructions from the LLM kernel layer.
[0077] Process scheduler: Responsible for scheduling and managing underlying computing processes.
[0078] Memory Manager: Responsible for managing physical and virtual memory, allocating memory space for the LLM kernel and agents.
[0079] Storage Manager: Responsible for managing persistent storage devices such as disks.
[0080] File system: Provides storage, access, and management functions for files and directories. Through the configuration and modification of these modules, the operating system kernel layer provides optimized resource management capabilities to the upper layers.
[0081] The purpose of step S12 is to adapt the general-purpose operating system kernel so that it can be tightly coupled with the upper-level LLM kernel, providing stable and efficient underlying services for the LLM kernel, including basic functions such as process scheduling, memory allocation, storage management and file system access.
[0082] S13 initializes the LLM kernel layer and loads the knowledge base.
[0083] The LLM kernel layer indirectly uses hardware resources by calling interfaces of the underlying operating system kernel layer. This step focuses on initializing the following modules:
[0084] LLM Manager: Responsible for the generation, updating, and management of general-purpose LLM models, including pre-training, supervised fine-tuning, cue word engineering, retrieval enhancement generation, etc.; it also generates and manages large models in the field of cybersecurity.
[0085] Domain Knowledge Base: Loads structured cybersecurity domain knowledge, providing intelligent agents with professional background knowledge and reasoning basis. It mainly includes malware libraries, vulnerability libraries, threat intelligence, attack patterns, security baseline libraries, security management contingency plan libraries, and intelligent algorithm libraries. The intelligent algorithm library includes machine learning algorithm libraries (such as deep neural networks, reinforcement learning, AGI, etc.) and intelligent optimization algorithms (such as ant colony optimization algorithm, fish swarm optimization algorithm, etc.).
[0086] Context Manager: The data structure required to manage and maintain the session context for each agent's interaction.
[0087] Disruption-free isolator: A security isolation mechanism initialized based on a disruption-free information flow control method.
[0088] The role of step S13 is as follows: As the AI enabling hub, the LLM kernel layer is responsible for initializing the operating environment of multiple agents, loading the necessary cybersecurity domain knowledge base, and laying the foundation for the collaborative scheduling, lifecycle management and security isolation of agents.
[0089] S14 loads the SDK toolset and deploys the intelligent agent application layer.
[0090] The SDK layer loads and initializes the following toolkits:
[0091] Browser: Supports intelligent agents in crawling and interacting with web page information.
[0092] Search engines: provide the ability to retrieve information from internal domain knowledge bases and controllable external information sources.
[0093] Multimodal tools: Supports processing multi-source secure data such as text, images, videos, and log files.
[0094] Code executor: Provides a secure sandbox environment for agents to execute analysis scripts or verify code.
[0095] Document processing tools: used to parse and process various security reports, policy documents, etc.
[0096] Configuration management tool: Used for unified management and distribution of security configurations for systems and intelligent agents.
[0097] Cryptographic Support Tools: Provides basic cryptographic services such as national cryptographic algorithms, cryptographic operations, key management, and digital signatures, including PKI and CPK systems. The application layer deploys various security agents based on the SDK, including identity authentication agents, virus protection agents, vulnerability scanning agents, access control agents, host management agents, and network management agents. These agents complete registration and initialization in this step.
[0098] The purpose of step S14 is as follows: The SDK layer highly abstracts and encapsulates the system calls of the lower kernel layer, and provides a rich set of tool development packages to reduce the development complexity of security agents; the agent application layer deploys various specialized security agents based on the SDK, preparing to provide services for specific network security scenarios.
[0099] The purpose of step S1 is to establish a complete technology stack from physical hardware to upper-layer applications. Through a clear division of the five-layer vertical architecture, a stable resource foundation and functional support are provided for the subsequent operation, scheduling, isolation, and collaboration of intelligent agents, ensuring that the responsibilities of each part of the system are clear and the interfaces are well-defined.
[0100] Step S2: Receive the global network security task and decompose the global network security task into a structured, assignable subset of tasks at a coarse-grained layer.
[0101] In this embodiment, step S2 may specifically include the following steps:
[0102] S21 receives the global network security task, performs a formal description of the global task, and selects candidate agents.
[0103] Let the global task of formal description be The task description language uses the Planning Domain Definition Language (PDDL), which includes objectives. ,constraint and initial conditions Etc. Assume the intelligent agent operating system includes... A smart agent Each intelligent agent It possesses local perception, decision-making, and execution capabilities. The agent operating system maintains a global capability—an agent mapping table. Among them, ability Represented as a semantic label. In global tasks... During deployment, preliminary agent selection is performed based on the semantic tags of the task, generating a set of candidate participating agents. The filtering criteria are: ,in It is to perform tasks The required set of capability tags. This screening ensures that only agents with the relevant capabilities enter the subsequent task decomposition and allocation process.
[0104] The function of step S21 is to receive global network security tasks published by users or the system, formally describe the tasks, and select candidate intelligent agents with corresponding capabilities from the intelligent agent application layer according to the task requirements to form a set of candidate participating intelligent agents.
[0105] S22, construct an AND / or task graph based on HTN and resource constraints.
[0106] global task Modeled as a top-level composite task node Its initial state is The target state is The resource requirement vector associated with a task node is represented as follows: ,in Indicates the first The demand for this type of resource, the system's total resource limit is Based on predefined task decomposition rules, a recursive approach is used to decompose complex tasks. Each rule takes the form of... ,in For subtasks, the relation type is AND or OR. A heuristic evaluation can be used to select the optimal decomposition rule. The evaluation function for each candidate rule is expressed as:
[0107] ,in This represents the average depth after decomposing into subtasks. Indicates resource utilization rate assessment, Indicates semantic consistency score, These are the weighting coefficients. During the decomposition process, resource constraint propagation is performed synchronously to ensure that the decomposition scheme meets system resource constraints: for AND nodes, the resource requirement is the sum of the requirements of its child nodes. For OR nodes, the resource requirement is the maximum value of the child nodes. If resources are exceeded, an adjustment mechanism is triggered. For AND nodes, the decomposition rules are reselected or the resource allocation of subtasks is adjusted; for OR nodes, the subtask branch with the lowest resource requirements is selected. After decomposition and constraint processing, the final AND / OR task graph is generated. ,in It is a set of nodes, including AND nodes, OR nodes, and atomic task nodes; Let it be a set of directed edges, representing the relationships between tasks; For node type; This is a vector function for resource demand.
[0108] The purpose of step S22 is to: transfer the global task The decomposition is divided into structured AND / or task graphs, and the decomposition scheme is ensured to meet system resource constraints through a combination of hierarchical task network planning and resource constraint propagation.
[0109] S23, extract all atomic task nodes from the constructed AND / or task graph to form a structured set of atomic tasks, which serves as the final output of the coarse-grained layer.
[0110] The final output of the coarse-grained layer is a set of structured tasks. It is from the task graph The set of all extracted atomic task nodes, where each task Each atomic task corresponds to an atomic task node. These atomic tasks have clearly defined inputs, outputs, resource requirements, and execution goals, and serve as the basic unit for agent allocation at the medium-granularity layer. The extraction of the atomic task set follows the topological structure of the task graph, ensuring that the dependencies between tasks are respected in subsequent allocations.
[0111] The purpose of step S23 is to pass the data to the medium-grained layer for alliance formation and collaborative strategy formulation.
[0112] The purpose of step S2 is to ensure global optimization through task decomposition and macro-planning, and to provide a clear set of atomic tasks for subsequent agent allocation and collaboration.
[0113] Step S3: Based on the coarse-grained task decomposition, atomic tasks are assigned to suitable agents to form task alliances and formulate cooperative strategies.
[0114] In this embodiment, step S3 may specifically include the following steps:
[0115] S31, calculate the matching degree between the task and the agent, and construct a weighted bipartite graph.
[0116] For each input atomic task and candidate agents Computation task - agent matching degree:
[0117]
[0118] in The set of capability tags required for the task. The set of capabilities possessed by an intelligent agent. The semantic ability similarity function, calculated using Jaccard similarity, is expressed as:
[0119]
[0120] For intelligent agents When performing similar tasks Standardized historical performance score at that time. and Let be the weight coefficient, and satisfy... Construct a weighted bipartite graph based on matching degree. ,in A set of atomic tasks For the set of candidate agents, Let be the set of edges. This is the weight matrix. .
[0121] The purpose of step S31 is to calculate the matching degree between tasks and agents for each atomic task and candidate agent set output by the coarse-grained layer, construct a weighted bipartite graph, and provide a quantitative basis for subsequent task allocation.
[0122] S32, based on the Hungarian algorithm, performs initial task allocation.
[0123] Task assignment is a typical assignment problem, belonging to the maximum weight matching problem in a bipartite graph. The Hungarian algorithm can be used to solve for the maximum weight matching, yielding the initial task assignments:
[0124]
[0125] This function is for each task Assign a set of agents ,satisfy Furthermore, the sets of agents assigned to each task do not overlap (in the basic form of the Hungarian algorithm, it is a one-to-one matching, but in multi-agent collaboration, a task may require multiple agents; therefore, it is stated here that each task is assigned a set of agents. In actual implementation, this can be adjusted using an extended Hungarian algorithm or subsequent alliance formation steps, depending on the task complexity). The Hungarian algorithm maximizes the total weight by finding augmenting paths. This ensures optimal overall matching.
[0126] The purpose of step S32 is to assign multiple tasks to multiple candidate agents, maximize the overall task-agent matching degree, and form an initial task allocation scheme.
[0127] S33, based on the improved contract network protocol, forms an agent alliance and role negotiation.
[0128] For each task The assigned set of intelligent agents forms a temporary alliance. The alliance uses a modified Contract Net Protocol (CNP) for role negotiation.
[0129] Bidding Phase: Alliance Member Broadcast Capability Vector and available resources .
[0130] Bidding Phase: Calculate role suitability for each agent in the consortium.
[0131]
[0132] in Indicates the intelligent agents within the alliance For the task Professional matching degree Represents intelligent agents The current availability is calculated using the following formula:
[0133]
[0134] The number of tasks assigned to the agent. This represents the maximum task capacity of the intelligent agent. For the weighting coefficients, satisfying .
[0135] Role allocation: Select the agent with the highest fitness to serve as the leader, and assign the remaining agents to supporter or monitor roles based on their fitness, ultimately forming a coalition structure with roles. .
[0136] Develop collaborative execution strategies for each alliance, including communication protocol selection and resource coordination mechanisms:
[0137] Communication protocol selection: based on alliance size and task real-time requirements The protocol selection is represented as:
[0138] In practice, this means that small-scale and high-real-time tasks use centralized protocols (with the Leader as the coordination center), while large-scale and fault-tolerant tasks use distributed protocols (point-to-point communication, coordinated based on consensus mechanisms).
[0139] Resource coordination mechanism: This involves allocating the total resource requirements of a task according to a weighted ratio. Assigned to each agent, represented as: ,in Weighting factors are assigned to resources based on the agent's historical performance and current load.
[0140] The final output of the medium-granularity layer is a task allocation scheme with a coalition structure:
[0141] This approach will serve as input to the fine-grained layer for intent interpretation and real-time collaboration.
[0142] The purpose of step S33 is to: for each task, the set of agents assigned to it forms a temporary alliance, negotiate roles through an improved contract network protocol, determine the roles of leaders and supporters, formulate a collaborative execution strategy, and finally output a task allocation scheme with an alliance structure.
[0143] The purpose of step S3 is to balance task allocation and collaboration efficiency through task-agent matching, alliance formation, and role assignment, thereby laying the organizational foundation for fine-grained real-time collaboration.
[0144] Step S4: By improving the reliable and interference-free information flow control method of the operating system process, the system adapts to interference-free information interaction between intelligent agents and ensures the security of the information flow of interaction between simultaneously running intelligent agents.
[0145] In this embodiment, step S4 may specifically include the following steps:
[0146] S41 creates a trusted channel for multiple agents to interact and binds them with secure tags.
[0147] Figure 3 This is a schematic diagram illustrating the trusted pipeline used in the multi-agent network security operation method of the present invention. Figure 4 This is a schematic diagram of the trusted pipeline operation used in the multi-agent network security operation method of the present invention. Please refer to it. Figures 3-4 Information exchange between multiple intelligent agents is conducted using a trusted pipe approach. Trusted pipes are used to establish trusted connections between intelligent agents, possessing unidirectionality, atomicity, security, and controllability. A trusted pipe consists of 3-tuples. Representation. Function Indicates the security domain to which the object belongs. Representing the object This is the computing environment belonging to agent A1. The information flow within the pipes is unidirectional, and all trusted pipes in the system constitute a pipe whitelist. The pipeline creation process is as follows:
[0148] Pipe creation request submission: Agent A1 first calls the create_tp function to submit a pipe creation request to the pipe interface at the front end of the pipe.
[0149] Trusted Pipeline Creation: The pipeline interface queries whether the trusted pipeline whitelist exists. If a pipe exists, return the pipe identifier to the user. (Logically viewed as the front end of a pipeline), process based on Proceed to the next data transmission operation. If it does not exist, submit a request to the administrator for review. If approved, add the pipeline to the trusted pipeline whitelist. ,return Give the agent A1.
[0150] Pipeline Identification Acquisition: After a trusted pipeline is established, the pipeline interface binds corresponding security tags to its front-end and back-end. Here, the front-end is A1, and the back-end is the file in agent A2's environment. Users pre-register the resources to be shared; by default, the security tag of file is the same as A2's. A trusted pipeline includes a pipeline front-end, pipeline back-end, pipeline body, and access controller (ACM). Through encryption and decryption algorithms and functions, a unidirectional, seamless, and interference-free effective channel is established between multiple agents. The encryption and decryption algorithms and services provided by cryptographic support tools are used to implement the encryption and decryption functions for the interference-free trusted pipeline, thus realizing the trusted pipeline. The security of the interaction channels between intelligent agents is ensured by encryption and decryption, and the national cryptographic algorithms are supported.
[0151] Figure 5 This is a schematic diagram of the trusted pipeline operation process used in the multi-agent network security operation method of the present invention. For example... Figure 5 The diagram illustrates the process of resource access between two agents via a trusted pipeline. Assume there are two agents, A1 and A2, and A1 wants to access file 'file' in A2's computing environment. The specific process is as follows:
[0152] Pipeline creation request submission: Agent A1 first calls the create_tp function to submit a pipeline creation request to the pipeline interface at the pipeline front end;
[0153] Trusted Pipe Creation: The pipe interface queries the trusted pipe whitelist to see if the pipe (A1, file, Operation (write)) exists. If it exists, the pipe identifier tp (logically considered as the pipe front-end) is returned to the user, and the process uses tp to perform the next data transmission operation. If it does not exist, a request is submitted to the administrator for review. If the review is approved, the pipe is added to the trusted pipe whitelist, and tp is returned to the agent A1.
[0154] Pipeline Identifier Acquisition: After a trusted pipeline is established, the pipeline interface binds corresponding security tags to its front end and back end. Here, the front end is A1, and the back end is file in the intelligent agent A2 environment. Users will register the resources to be shared in advance. By default, the security tag of file is the same as the security tag of A2.
[0155] Permission compliance check: After obtaining the pipe identifier tp, agent A1 executes the send tp operation to send the data to the pipe controller. The pipe controller checks the current running status of tp. If it is normal, it hands it over to the access controller. The access controller performs permission compliance checks based on the security tags at both ends of tp.
[0156] Read and write operations: If the permission compliance check by the pipeline controller is passed, the corresponding operation is completed. At this point, agent A1's write operation on the file "file" in agent A2's computing environment is complete. The read operation on the file in agent A2's computing environment is similar.
[0157] The purpose of step S41 is to create a trusted pipeline as a secure communication channel when two or more intelligent agents need to interact, and to bind corresponding security tags to the front and back ends of the pipeline, laying the foundation for subsequent access control.
[0158] S42 performs access permission compliance checks based on security tags.
[0159] A security tagging method is used to mark access permissions between multiple interacting agents. Agents with matching tags are allowed to communicate and interact; otherwise, interaction is denied. The Access Controller (ACM) implements the corresponding access control functions. The ACM can support various policy models, such as the BLP access control model. The permission compliance check process begins with obtaining the pipe identifier. Then, agent A1 executes the `send tp` operation, sending the data to the pipeline controller. The pipeline controller will then check... If the current operating status is normal, the information is handed over to the access controller, which performs permission compliance checks based on the security tags at both ends. The main access control rules are simple security attribute rules and attribute rules, as detailed below:
[0160] Simple security attribute: A subject (intelligent agent) can only read objects whose security level is no higher than its own, that is: .
[0161] Attribute: A subject (intelligent agent) can only write to objects with a security level no lower than its own, that is:
[0162] .in Representing the object Security level, Represents the main intelligent agent Security level of the security domain This represents a type of partial order relation. When a trusted pipeline exists, agent A1 is in state... The ability to observe objects The conditions are: .
[0163] This condition indicates that: Existence in state The global active object table, agent A1 and object There is a trusted read pipe And in trusted pipelines The ACM access control policy includes READ permission.
[0164] The purpose of step S42 is to perform permission compliance checks on inter-agent access operations conducted through trusted channels, ensuring that only agents with consistent security labels are allowed to communicate and interact; otherwise, access is denied, thus guaranteeing the security of information flow.
[0165] S43 performs status monitoring and interference-free isolation verification of trusted pipelines.
[0166] Establish a trusted pipeline status observer A1 is the intelligent agent. The state of the agent is monitored in real time, tracking the interactions between agents within the pipeline. The state of the agent mainly consists of four elements:
[0167] Global Activity Object Table ;
[0168] Environmental isolation table between intelligent agents (The premise for an agent to be able to observe an object is that further access operations can only be performed between non-isolated agents.)
[0169] The object values that the agent has already read ;
[0170] Current actual stored object value Actions that can affect the state of an agent can be categorized into four types: (Modify the agent's active object table) ), (Modify the agent isolation table) ), (Add an object value to) ), (Write storage object value) The rule of interference-free isolation requires: intelligent agents Only through Operations to obtain the system state and In both states, the agent Able to observe equivalence relations An object is an observable equivalent object, and all observable equivalent objects have the same value. Equivalence relation The following rules must be met:
[0171] .
[0172] The aforementioned equivalence relation rules not only guarantee the consistency of global active object values, but also ensure the consistency of labeled active agents and agent isolation tables. Data consistency is ensured. If the operation of each agent satisfies the aforementioned access control rules and interference-free isolation rules, its operation can be reliably verified through the interference-free policy, and the operation of agents under this operating system is secure. Continuous monitoring and verification ensure the security of the interactive information flow between concurrently running agents.
[0173] The purpose of step S43 is to monitor the real-time status of the intelligent agents interacting within the pipeline, ensure that the operation of the intelligent agents meets the non-interference isolation rules, and verify the security of the information flow through equivalence relations.
[0174] The purpose of step S4 is to achieve secure isolation and controlled communication between intelligent agents based on a trusted pipeline approach, preventing unauthorized data access or interference.
[0175] Step S5: Real-time intent synchronization and collaborative adjustment between agents are performed during task execution.
[0176] In this embodiment, step S5 may specifically include the following steps:
[0177] S51 updates the local intent model maintained by each agent during task execution.
[0178] For each intelligent agent Maintain a local intent model, represented as triples. .in:
[0179] This represents the subset of the agent's understanding of the current task objective, that is, the part of the objective that the agent believes it needs to accomplish.
[0180] The planned sequence of actions is the set of operational steps that the agent plans to execute.
[0181] The belief (probability distribution or deterministic state) regarding the state of the environment and the states of other alliance members represents the agent's understanding of the current world state and the states of other agents. The intention model update interval is... The agent continuously updates itself during task execution. With each update, the agent adjusts its actions based on the latest environmental observations, messages from other agents, and the results of its own actions. , and The content.
[0182] The purpose of step S51 is that each agent maintains its own local intent model during task execution, representing its understanding of the current task objective, the planned sequence of actions, and its belief in the state of the environment, thus providing a basis for intent synchronization and collaboration.
[0183] S52 periodically broadcasts and receives the intent summary for each agent.
[0184] Employing a periodic broadcast mechanism, each agent broadcasts at a frequency... (i.e., each) (Time unit: once) Broadcast intent summary:
[0185]
[0186] in Lightweight hash functions (such as SHA-256) are used for quickly comparing the similarities and differences of target sets; The planned preview length is defined as broadcasting only the first part of the action sequence. One action to balance communication overhead and intent visibility; Use timestamps to ensure timeliness. Select based on the communication protocol defined at the medium-granularity layer:
[0187] Centralized protocol: All agents send intent summaries to the Leader agent, which then forwards them to other alliance members.
[0188] Distributed Protocol: Agents directly broadcast intent digests to all alliance members (via peer-to-peer communication or multicast). Each agent, upon receiving intent digests from other members, stores them in its local cache for subsequent use. Figure 1 Consistency calculation.
[0189] The function of step S52 is: each agent broadcasts its own intent summary at a certain frequency, enabling alliance members to understand each other's current intent, thus providing a basis for intent... Figure 1 Consistent computing provides data.
[0190] S53, the agent calculates the intent with the alliance members based on the received intent digest. Figure 1 Consistency: When consistency falls below a preset threshold, intent negotiation is triggered. Intents are adjusted through a utility-based negotiation mechanism to ensure consistent actions.
[0191] After receiving the intent summary from the alliance member agents, the agent Calculations and other members meaning Figure 1 Desire: .
[0192] in To indicate target consistency, Jaccard similarity is used for calculation. To prevent division by zero as a smoothing factor; To indicate plan consistency, a similarity based on edit distance (Levenshtein distance) is used, expressed as: .
[0193] For the weighting coefficients, satisfying When Figure 1 Desire Less than the preset consistency threshold When an inconsistency is detected, intent negotiation is triggered. Agents that detect inconsistency send negotiation requests; the negotiation mechanism employs utility-based negotiation. Each agent... Intent The utility calculation is as follows:
[0194] .
[0195] in This is an estimate of goal completion, representing the degree to which the goal is likely to be achieved under the current intent. Resource utilization rate represents the ratio of resources required to execute a plan to available resources. To perform risk scoring, we represent the risks that may be encountered in the execution of the plan (such as conflict, probability of failure). For the weighting coefficients, satisfying Agents exchange complete intents and The joint utility is calculated as follows:
[0196] .
[0197] in For intelligent agents State its current intention The effect, For intelligent agents State its current intention The effect, The consistency between intent and alliance plans is defined as: .
[0198] This refers to the set of common goals of the alliance for the current mission. It involves seeking compromises based on joint utility. Maximize joint utility After successful negotiation, both parties update their intentions and broadcast confirmation information within the alliance. Figure 1Building upon this foundation, real-time action coordination is achieved, ensuring that agents within the alliance initiate critical actions at a unified moment. The fine-grained layer, as a continuously running dynamic coordination process, operates in real-time during task execution, ensuring that the intentions of agents performing the task are synchronized.
[0199] Step S5 serves the purpose of enabling real-time intent synchronization and collaborative adjustment among agents during task execution. This is achieved through intent model maintenance, intent summary broadcasting, and other methods. Figure 1 Consistent computation and intent negotiation ensure that alliance members act in unison, improve local responsiveness and adaptability, and achieve dynamic coordination.
[0200] Step S6: Collect feedback information during task execution, evaluate task completion, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results to form a closed-loop learning and improvement mechanism.
[0201] In this embodiment, step S6 may specifically include the following steps:
[0202] S61 collects the intermediate results and final outputs generated by each agent during task execution, and performs a quantitative evaluation of task completion.
[0203] After completing a task or subtask, each agent reports the execution result to the multi-granularity agent scheduler in the LLM kernel layer. The execution result includes:
[0204] Task completion rate This indicates the degree to which the task objective has been achieved.
[0205] Actual resource consumption This indicates the actual amount of various resources consumed during the execution of the task.
[0206] Execution time This indicates the time elapsed from the start to the completion of the task.
[0207] Execution quality score The evaluation is based on the output quality and accuracy of the tasks. After collecting the execution results of all tasks, the scheduler generates a task execution report. This is used for subsequent evaluation and optimization.
[0208] The purpose of step S61 is to quantitatively evaluate the task completion status, including indicators such as completion rate, resource consumption, and time efficiency, so as to provide a data basis for subsequent optimization.
[0209] S62, based on the task execution results, performs performance analysis on the coarse-grained task decomposition strategy and the medium-grained task allocation strategy, identifies the advantages and disadvantages of the strategies, and provides guidance for strategy optimization.
[0210] The effectiveness analysis of the task decomposition strategy at the coarse-grained level is conducted, mainly to evaluate the rationality of the decomposition scheme:
[0211] Decompose complexity , representing the average depth of the task graph, reflects the degree of detail in the task decomposition.
[0212] Resource constraint satisfaction This reflects the degree to which the decomposition scheme meets the system resource constraints.
[0213] Decomposition rule selection accuracy The calculation formula is as follows: Based on the assessment of task completion quality, whether the selected decomposition rule is optimal is: .
[0214] The effectiveness of task allocation strategies at the medium-granularity level is analyzed, primarily evaluating the matching degree of allocation and the efficiency of alliance collaboration.
[0215] Average matching degree This reflects the overall matching degree between the task and the intelligent agent.
[0216] Alliance collaboration efficiency This reflects the ratio of the quality of the alliance's mission completion to time and resource consumption.
[0217] Rationality of role allocation The evaluation is based on the degree to which the agent's actual performance in the task matches its expected role.
[0218] S63, based on the results of performance analysis, adaptively adjust the parameters in the multi-granularity collaborative decision-making process.
[0219] Based on the performance analysis results, the parameters in the multi-granularity collaborative decision-making process are adaptively adjusted:
[0220] Task decomposition rule weight adjustment: Adjust the heuristic evaluation function Weighting coefficients in This allows for the selection of better decomposition rules in subsequent task decomposition. The adjustment strategy employs gradient descent or reinforcement learning methods to maximize task completion quality and collaborative efficiency.
[0221] Task-Agent Matching Weight Adjustment: Adjusting the matching calculation Weighting coefficients in and This optimizes task allocation. Based on actual execution feedback, if historical performance has a greater impact on task completion, then [the following is added / increased / increased]. Value; increase if capability matching is more important. value.
[0222] meaning Figure 1Consistency threshold adjustment: Dynamically adjust the consistency threshold based on the frequency and effectiveness of fine-grained layer intent negotiation. If excessive negotiation frequency leads to excessive communication overhead, the threshold should be appropriately lowered; if inconsistent intentions result in increased collaboration conflicts, the threshold should be appropriately raised. The adjustment formula is as follows:
[0223]
[0224] in To reduce the collaboration conflict rate, For the intentional negotiation rate, This is the learning rate.
[0225] Utility function weight adjustment: Adjusting the utility function weights in intent negotiation and joint utility weight This makes the negotiation behavior of the agents more conducive to the overall task completion. Through the above adaptive adjustment, the multi-granularity collaborative decision-making process can learn from experience, continuously optimize its own decision parameters, improve the collaborative efficiency and completion quality of subsequent tasks, and form a closed loop of continuous improvement.
[0226] The purpose of step S63 is to adaptively adjust various parameters in the multi-granularity collaborative decision-making process based on the results of the performance analysis, including the selection weights of task decomposition rules, the weight coefficients of task-agent matching, and the intention... Figure 1 Thresholds for consistency calculations, etc., enable dynamic optimization and learning improvement of the system.
[0227] The purpose of step S6 is to continuously improve the system's collaboration efficiency and task completion quality.
[0228] The beneficial effects of implementing this embodiment are:
[0229] (1) Based on LLM, by integrating relevant intelligent agent operation toolsets, merging the LLM kernel with the traditional operating system kernel, modifying the current AIOS, and making adaptive adjustments to related system interfaces and traditional operating systems, a multi-agent collaborative operation operating system framework is proposed, including hardware layer, operating system kernel layer, LLM kernel layer, SDK layer, intelligent agent application layer, etc., to realize the secure operating system functions and services of multi-agent collaboration, and meet the needs of intelligent cyberspace security protection system;
[0230] (2) Based on the non-interference information flow control method, improve the non-interference method of the operating system process to adapt to the non-interference information interaction between intelligent agents. It not only has the relevant functions of inter-process communication of the operating system, but also has the functions of secure communication and interaction in the planning and execution process of intelligent agents, so as to ensure the security of the interactive information flow of intelligent agents running at the same time.
[0231] (3) A multi-granularity collaborative scheduling decision-making process is adopted, taking into account both global planning and local response collaborative decision-making. The collaborative decision-making of multi-agents is divided into three levels of task granularity: the coarse-grained layer performs task decomposition and macro-planning, the medium-granularity layer performs alliance formation and strategy formulation, and the fine-grained layer performs intent interpretation and real-time collaboration. The coarse-grained layer realizes global task decomposition and macro-planning, ensuring global optimization; the medium-granularity layer realizes dynamic alliance formation and strategy formulation, balancing task allocation and collaboration efficiency; and the fine-grained layer realizes intent synchronization and real-time collaboration, improving local response and adaptability.
[0232] (4) It can be applied to secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, multi-agent software system, and multi-digital human collaboration.
[0233] This invention can be used in a wide variety of general-purpose or special-purpose computer system environments or configurations. Examples include: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, and distributed computing environments including any of the above systems or devices. This invention can be described in the general context of computer-executable instructions, such as program modules, that are executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform specific tasks or implement specific abstract data types. This invention can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.
[0234] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing related hardware through computer-readable instructions. These computer-readable instructions can be stored in a computer-readable storage medium. When the program is executed, it can include the processes of the embodiments of the above methods. The aforementioned storage medium can be a non-volatile storage medium such as a magnetic disk, optical disk, or read-only memory (ROM), or random access memory (RAM).
[0235] It should be understood that although the steps in the flowcharts of the accompanying figures are shown sequentially as indicated by the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the accompanying figures may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times, and their execution order is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.
[0236] Example 2
[0237] Further reference Figure 6 As a response to the above Figure 1 The present invention provides an embodiment of a multi-agent network security operation device, which implements the method shown. Figure 1 Corresponding to the method embodiments shown, this device can be specifically applied to various electronic devices.
[0238] like Figure 6 As shown, the multi-agent network security operation device 70 described in this embodiment includes: a construction module 71, a decomposition module 72, an allocation module 73, an improvement module 74, an adjustment module 75, and a closed-loop module 76. Wherein:
[0239] Module 71 is used to build a layered architecture from physical hardware to upper-layer applications;
[0240] Decomposition module 72 is used to receive global network security tasks and decompose global network security tasks into structured, allocable task subsets at a coarse-grained layer;
[0241] The allocation module 73 is used to allocate atomic tasks to suitable agents based on coarse-grained task decomposition, form task alliances and formulate cooperative strategies.
[0242] Improved module 74 is used to adapt to non-interference information interaction between intelligent agents by improving the reliable non-interference information flow control method of operating system processes, and to ensure the security of the information flow of interaction between intelligent agents running simultaneously.
[0243] Adjustment module 75 is used for real-time intent synchronization and collaborative adjustment between intelligent agents during task execution;
[0244] The closed-loop module 76 is used to collect feedback information during the task execution process, evaluate the task completion status, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results, forming a closed-loop learning and improvement mechanism.
[0245] The beneficial effects of implementing this embodiment are: it realizes the functions and services of a secure operating system for multi-agent collaboration, meeting the needs of an intelligent cyberspace security protection system; it not only has the relevant functions of inter-process communication in the operating system, but also has secure communication and interaction functions in the planning and execution process of agents, ensuring the security of the interactive information flow of agents running simultaneously; it balances task allocation and collaboration efficiency; it achieves intent synchronization and real-time collaboration through a fine-grained layer, improving local response and adaptability; and it can be applied to secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, multi-agent software systems, and multi-digital human collaboration.
[0246] Example 3
[0247] To address the aforementioned technical problems, embodiments of the present invention also provide an electronic device. Please refer to [link / reference needed]. Figure 7 , Figure 7 This is a basic structural block diagram of the electronic device in this embodiment.
[0248] The aforementioned electronic device 8 includes a memory 81, a processor 82, and a network interface 83 that are interconnected via a system bus. It should be noted that only the electronic device 8 with components 81, 82, and 83 is shown in the figure; however, it should be understood that it is not required to implement all the shown components, and more or fewer components can be implemented alternatively. Those skilled in the art will understand that the electronic device described here is a device capable of automatically performing numerical calculations and / or information processing according to pre-set or stored instructions, and its hardware includes, but is not limited to, microprocessors, application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), digital signal processors (DSPs), embedded devices, etc.
[0249] The aforementioned electronic devices can be computing devices such as desktop computers, laptops, handheld computers, and cloud servers. These electronic devices can interact with users via keyboards, mice, remote controls, touchpads, or voice-activated devices.
[0250] The aforementioned memory 81 includes at least one type of readable storage medium, including flash memory, hard disk, multimedia card, card-type memory (e.g., SD or DX memory), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the aforementioned memory 81 may be an internal storage unit of the aforementioned electronic device 8, such as the hard disk or memory of the electronic device 8. In other embodiments, the aforementioned memory 81 may also be an external storage device of the aforementioned electronic device 8, such as a plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, etc., equipped on the electronic device 8. Of course, the aforementioned memory 81 may also include both internal storage units and external storage devices of the aforementioned electronic device 8. In this embodiment, the aforementioned memory 81 is typically used to store the operating system and various application software installed on the aforementioned electronic device 8, such as computer-readable instructions for multi-agent network security operation methods. In addition, the aforementioned memory 81 can also be used to temporarily store various types of data that have been output or will be output.
[0251] In some embodiments, the processor 82 may be a central processing unit (CPU), controller, microcontroller, microprocessor, or other data processing chip. The processor 82 is typically used to control the overall operation of the electronic device 8. In this embodiment, the processor 82 is used to execute computer-readable instructions stored in the memory 81 or to process data, such as executing computer-readable instructions for the multi-agent network security operation method described above.
[0252] The aforementioned network interface 83 may include a wireless network interface or a wired network interface, which is typically used to establish communication connections between the aforementioned electronic device 8 and other electronic devices.
[0253] The beneficial effects of implementing this embodiment are: it realizes the functions and services of a secure operating system for multi-agent collaboration, meeting the needs of an intelligent cyberspace security protection system; it not only has the relevant functions of inter-process communication in the operating system, but also has secure communication and interaction functions in the planning and execution process of agents, ensuring the security of the interactive information flow of agents running simultaneously; it balances task allocation and collaboration efficiency; it achieves intent synchronization and real-time collaboration through a fine-grained layer, improving local response and adaptability; and it can be applied to secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, multi-agent software systems, and multi-digital human collaboration.
[0254] Example 4
[0255] The present invention also provides another embodiment, namely, providing a computer-readable storage medium storing computer-readable instructions that can be executed by at least one processor to cause the at least one processor to perform the steps of the multi-agent network security operation method described above.
[0256] The beneficial effects of implementing this embodiment are: it realizes the functions and services of a secure operating system for multi-agent collaboration, meeting the needs of an intelligent cyberspace security protection system; it not only has the relevant functions of inter-process communication in the operating system, but also has secure communication and interaction functions in the planning and execution process of agents, ensuring the security of the interactive information flow of agents running simultaneously; it balances task allocation and collaboration efficiency; it achieves intent synchronization and real-time collaboration through a fine-grained layer, improving local response and adaptability; and it can be applied to secure operating system platform scenarios such as multi-agent collaboration, multi-robot collaboration, multi-agent software systems, and multi-digital human collaboration.
[0257] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods of the various embodiments of the present invention.
[0258] Obviously, the embodiments described above are merely some embodiments of the present invention, not all embodiments. The accompanying drawings show preferred embodiments of the present invention, but do not limit the patent scope of the present invention. The present invention can be implemented in many different forms; rather, these embodiments are provided to provide a more thorough and complete understanding of the disclosure of the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing specific embodiments, or make equivalent substitutions for some of the technical features. Any equivalent structures made using the content of this specification and drawings, directly or indirectly applied to other related technical fields, are similarly within the patent protection scope of this invention.
Claims
1. A multi-agent network security operation method, characterized by, Includes the following steps: Build a layered architecture from physical hardware to upper-layer applications; Receive global cybersecurity tasks and decompose them into structured, assignable task subsets at a coarse-grained layer; Based on coarse-grained task decomposition, atomic tasks are assigned to appropriate agents to form task alliances and formulate cooperative strategies. By improving the reliable and interference-free information flow control method of operating system processes, we can adapt to interference-free information interaction between intelligent agents and ensure the security of information flow of interaction between simultaneously running intelligent agents. Real-time intent synchronization and collaborative adjustment among intelligent agents are performed during task execution; Collect feedback information during task execution, evaluate task completion, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results to form a closed-loop learning and improvement mechanism. The steps of assigning atomic tasks to suitable agents, forming task alliances, and formulating cooperative strategies based on coarse-grained task decomposition specifically include: Calculate the matching degree between the task and the agent, and construct a weighted bipartite graph; Initial task allocation is performed based on the Hungarian algorithm. Based on the improved contract network protocol, an agent alliance and role negotiation are formed; The formation of an agent alliance and role negotiation based on the improved contract network protocol further includes: for each task whose assigned set of agents forms an ad hoc coalition Within the coalition, a modified Contract Net Protocol (CNP) is used for role negotiation: Bidding Phase: Alliance Member Broadcast Capability Vector and available resources , Bidding Phase: Calculate role suitability for each agent in the consortium. ,in Indicates the intelligent agents within the alliance For the task Professional matching degree Represents intelligent agents The current availability is calculated using the following formula: , The number of tasks assigned to the agent. This represents the maximum task capacity of the intelligent agent. Let be the weighting coefficient, satisfying ; Role allocation: Select the agent with the highest suitability to serve as the leader, and assign the remaining agents to supporter or monitor roles based on their suitability, ultimately forming a role-based alliance structure. .
2. The multi-agent network security operation method according to claim 1, characterized in that, The steps for building a layered architecture from physical hardware to upper-layer applications specifically include: Abstracting the underlying physical hardware resources and managing them in a unified manner provides upper-layer software with unified physical computing resources that shield hardware differences; Configure basic services at the operating system kernel layer; Initialize the LLM kernel layer and load the knowledge base; Load the SDK toolset and deploy the intelligent agent application layer.
3. The multi-agent network security operation method according to claim 1, characterized in that, The step of receiving a global network security task and decomposing it into a structured, allocatable subset of tasks at a coarse-grained layer specifically includes: Receive global network security tasks, and perform formal description and candidate agent selection for the global tasks; Construct an AND / or task graph based on HTN and resource constraints; Extract all atomic task nodes from the constructed AND / or task graph to form a structured set of atomic tasks, which serves as the final output of the coarse-grained layer.
4. The multi-agent network security operation method according to claim 1, characterized in that, The steps of improving the reliable and interference-free information flow control method for operating system processes to adapt to interference-free information interaction between intelligent agents and ensure the security of information flow interaction between simultaneously running intelligent agents specifically include: Create a trusted channel for information exchange among multiple intelligent agents and bind them with secure tags; Based on security tags, perform access permission compliance checks; Perform status monitoring and interference-free isolation verification on trusted pipelines.
5. The multi-agent network security operation method according to claim 1, characterized in that, The steps for real-time intent synchronization and collaborative adjustment among agents during task execution specifically include: Update the local intent model maintained by each agent during task execution; The intent summary of each agent is periodically broadcast and received; The agent calculates the consistency of intent with alliance members based on the received intent digest. When the consistency is lower than a preset threshold, intent negotiation is triggered. The intent is adjusted through a utility-based negotiation mechanism to ensure consistent actions.
6. The multi-agent network security operation method according to any one of claims 1 to 5, characterized in that, The steps of collecting feedback information during task execution, evaluating task completion, and dynamically optimizing the multi-granularity collaborative decision-making process based on the evaluation results to form a closed-loop learning and improvement mechanism specifically include: Collect intermediate results and final outputs generated by each agent during task execution, and quantitatively evaluate the task completion status; Based on the task execution results, we conduct performance analysis on the coarse-grained task decomposition strategy and the medium-grained task allocation strategy, identify the advantages and disadvantages of the strategies, and provide guidance for strategy optimization. Based on the results of the performance analysis, the parameters in the multi-granularity collaborative decision-making process are adaptively adjusted.
7. A multi-agent network security operating device, characterized in that, include: Build modules are used to construct layered architectures from physical hardware to upper-layer applications; The decomposition module receives global cybersecurity tasks and decomposes them into structured, assignable task subsets at a coarse-grained layer. The allocation module is used to assign atomic tasks to appropriate agents based on coarse-grained task decomposition, forming task alliances and formulating cooperative strategies. An improved module is used to adapt to non-interference information interaction between intelligent agents by improving the reliable and non-interference information flow control method of operating system processes, and to ensure the security of the information flow of interaction between intelligent agents running simultaneously. The adjustment module is used to perform real-time intent synchronization and collaborative adjustment between agents during task execution; The closed-loop module is used to collect feedback information during task execution, evaluate task completion, and dynamically optimize the multi-granularity collaborative decision-making process based on the evaluation results, forming a closed-loop learning and improvement mechanism. The allocation module is further used for: Calculate the matching degree between the task and the agent, and construct a weighted bipartite graph; Initial task allocation is performed based on the Hungarian algorithm. Based on the improved contract network protocol, an agent alliance and role negotiation are formed; The improved contract network protocol-based formation of an agent alliance and role negotiation is further used for: For each task The assigned set of intelligent agents forms a temporary alliance. The alliance uses an improved Contract Net Protocol (CNP) for role negotiation: Bidding Phase: Alliance Member Broadcast Capability Vector and available resources , Bidding Phase: Calculate role suitability for each agent in the consortium. ,in Indicates the intelligent agents within the alliance For the task Professional matching degree Represents intelligent agents The current availability is calculated using the following formula: , The number of tasks assigned to the agent. This represents the maximum task capacity of the intelligent agent. Let be the weighting coefficient, satisfying ; Role allocation: Select the agent with the highest suitability to serve as the leader, and assign the remaining agents to supporter or monitor roles based on their suitability, ultimately forming a role-based alliance structure. .
8. An electronic device, characterized in that, The system includes a memory and a processor, wherein the memory stores computer-readable instructions, and the processor executes the computer-readable instructions to implement the steps of the multi-agent network security operation method as described in any one of claims 1 to 6.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-readable instructions, which, when executed by a processor, implement the steps of the multi-agent network security operation method as described in any one of claims 1 to 6.