Security auditing and forensics method and system for robot remote control system
By deploying independent audit nodes in the robot remote control system and constructing a unique instruction identifier and a time-series evidence chain, the problems of missing full-process audits and unreliable evidence results in robot remote control scenarios are solved. This enables non-intrusive full-process traceability and abnormal path identification, improving the security and traceability of the robot remote control link.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SICHUAN UNIV
- Filing Date
- 2026-02-10
- Publication Date
- 2026-06-09
AI Technical Summary
Existing robot remote control scenarios suffer from problems such as lack of full-process auditing, difficulty in identifying implicit control paths, unreliable evidence results, and poor deployment compatibility. Existing solutions are unable to achieve non-intrusive auditing, unified command identification, full-process information association, and standardized evidence chain generation.
Deploy independent audit nodes, bind control sessions through unique instruction identifiers to achieve full-process audit information association, monitor robot proactive pull behavior, generate standardized evidence chains, support independent tracing of multiple control sessions, be compatible with different pull trigger modes, and adopt time-series evidence chain construction and integrity verification.
It enables full-process traceability of control behavior, accurate identification of abnormal paths, and credible evidence collection results, improving the security and traceability of the robot's remote control link, adapting to various intelligent robots, and meeting the requirements of judicial evidence collection and liability determination.
Smart Images

Figure CN122179150A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of robot safety and network auditing technology, specifically to a method and system for security auditing and evidence collection for robot remote control systems. Background Technology
[0002] With the widespread application of intelligent robots in security, industry, public services, and other fields, remote control has become a core operating mode for robots. Efficient transmission and execution of control commands between the control unit and the robot require a network, and the security and traceability of this control link determine the continuity and security of business operations. However, because robots are typically deployed in complex environments, and the original control logic needs to maintain stable operation, strict requirements are placed on the non-intrusive deployment and compatibility of auditing solutions. Auditing functions cannot be achieved by modifying robot firmware or intruding into the original control logic.
[0003] In remote robot control scenarios, control commands need to go through a process of "generation-transmission-acquisition-execution," involving multiple key stages such as controller authentication, command transmission integrity, and robot execution feedback. However, control commands are characterized by diverse types, complex transmission paths, and the need for real-time feedback on execution status, which poses multiple challenges to the auditing of control behavior: On the one hand, the control chain lacks an independent core audit component, and data such as the generating entity, transmission path, retrieval behavior, and execution results of control commands are stored in a scattered manner, making it difficult to form a complete process-related record; on the other hand, robots mostly adopt an active command retrieval mode, and existing solutions are mostly designed for passive command reception scenarios, which cannot effectively monitor the characteristics of retrieval behavior and are difficult to identify implicit control paths that forge retrieval requests through illegal intermediate nodes.
[0004] To address the auditing needs of remote robot control, existing technologies offer some solutions, such as logging control command data and adding simple monitoring functions to communication gateways. However, these solutions have significant shortcomings: First, they lack independent audit nodes, with auditing functions dependent on the control or robot end, resulting in incomplete data recording and susceptibility to existing system failures. Second, there is no unified command identification mechanism, making it difficult to effectively correlate audit information throughout the control command process and restore causal relationships during post-event tracing. Third, no specific audit logic is designed for robot-initiated pull behavior, resulting in a lack of implicit control path identification capabilities. Fourth, the generation of evidence chains lacks standardized encapsulation and integrity verification mechanisms, making it difficult to accept the authenticity and validity of evidence results in judicial evidence collection or liability determination scenarios. Fifth, some solutions employ intrusive deployment, requiring modification of robot firmware or adjustment of existing control logic, leading to poor compatibility and compromised operational stability.
[0005] Therefore, a security auditing and evidence collection method for robot remote control scenarios is needed. This method can achieve non-intrusive auditing by deploying independent audit nodes, establish a unified command identifier to associate information throughout the entire process, specifically monitor the robot's proactive pulling behavior, and generate a standardized and verifiable chain of evidence. This addresses the problems in existing technologies, such as the lack of full-process auditing, difficulty in identifying implicit paths, unreliable evidence results, and poor deployment compatibility. It can improve the security and traceability of the robot remote control link and provide reliable technical support for liability determination. Summary of the Invention
[0006] This invention addresses the problems existing in current robot remote control scenarios, such as the lack of full-process auditing, difficulty in identifying implicit control paths, unreliable evidence results, and poor deployment compatibility. It provides a non-intrusive method and system for security auditing and evidence collection in robot remote control systems, achieving full-process traceability of control behavior, accurate identification of abnormal paths, and standardized evidence collection without altering the robot's original control logic. The technical solution is as follows:
[0007] A method for security auditing and evidence collection for remote control systems of robots includes the following steps:
[0008] S1: Deploy a remote control audit node: Deploy an audit node in the control communication link between the control end and the robot end, configure functional endpoints, and enable the audit node to connect the control end and the robot end and audit the transmission and execution process of control commands;
[0009] S2: Initialize the control instruction audit structure and establish an instruction identification mechanism: Initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information;
[0010] S3: Audit log of control instruction generation behavior: The audit node receives control instruction requests, parses the content and identifies its type, records the generation time and control request characteristics, associates the generated audit information with the instruction identifier and stores it in the record table;
[0011] S4: Auditing of control command forwarding and acquisition behavior: The audit node receives command retrieval requests sent by the robot, retrieves unretrieved commands and provides feedback, updates the retrieval status and records the retrieval time, constructs the acquisition time sequence relationship, marks abnormal behavior and generates audit records;
[0012] S5: Audit record of control command execution behavior: The audit node receives the control command execution result returned by the robot, records the execution time and status, associates the execution audit information with the corresponding command identifier, and updates the control command record table;
[0013] S6: Generation of Evidence Chain for Remote Control Behavior and Output of Evidence Results: The audit node associates audit information of each stage associated with the same instruction identifier in chronological order to generate a time-series evidence chain for remote control behavior. The time-series evidence chain is encapsulated into a structured evidence unit, and the integrity of the structured evidence unit is verified. After the verification is passed, the evidence results are output.
[0014] A security auditing and evidence collection system for robot remote control systems includes an audit node deployed in the control communication link between the control end and the robot end, wherein the audit node includes:
[0015] Deployment and Configuration Module: Used to deploy audit nodes in the control communication link between the control end and the robot end, configure functional endpoints, and enable the audit nodes to connect the control end and the robot end, and audit the transmission and execution process of control commands.
[0016] Identifier Management Module: Used to initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information;
[0017] The audit generation module is used to receive control instruction requests, parse the content and identify the type, record the generation time and control request characteristics, associate the generated audit information with the instruction identifier and store it in the record table;
[0018] The audit module is used to receive robot instruction pull requests, retrieve unpulled instructions and provide feedback, update the pull status and record the pull time, build the acquisition time sequence relationship, mark abnormal behavior and generate audit records;
[0019] Execution Audit Module: Used to receive feedback on the robot's execution results, record execution time and status, associate instruction identifiers and update the record table, construct and store execution behavior records;
[0020] Evidence Chain and Evidence Collection Module: This module is used to associate audit information from each stage in chronological order, generate a time-series evidence chain and encapsulate it into structured evidence units. After performing integrity verification, it outputs evidence collection results that can be used for security analysis or liability determination.
[0021] Compared with the prior art, the present invention has at least the following beneficial effects:
[0022] This invention achieves non-intrusive deployment through independent audit nodes, requiring no modification to robot firmware, adapting to various intelligent robots, and exhibiting strong compatibility. It binds control sessions with unique instruction identifiers, linking audit information across the entire "generation-forward-acquisition-execution" process, enabling traceability of control behavior and restoration of causal relationships. Specialized monitoring of robot-initiated pull behavior characteristics and temporal relationships accurately identifies implicit control paths, enhancing the targeted nature of anomaly protection. Standardized structured evidence unit encapsulation and dual integrity verification ensure the authenticity and validity of evidence results, meeting the requirements of judicial evidence collection and liability determination scenarios. It supports independent tracing of multiple control sessions, is compatible with different pull trigger modes, covers all details of the process, and is highly practical, effectively improving the security and traceability of the robot's remote control link. Attached Figure Description
[0023] Figure 1 This is a schematic diagram of the overall process of the method of the present invention (corresponding to steps S1-S6).
[0024] Figure 2 A detailed flowchart for auditing the control instruction forwarding acquisition and execution behavior (corresponding to steps S4 and S5).
[0025] Figure 3 The flowchart for evidence chain generation and evidence collection (corresponding to step S6). Detailed Implementation
[0026] The technical method of the present invention will be further described below with reference to the embodiments and accompanying drawings.
[0027] An embodiment of the present invention: a security audit and evidence collection method for a robot remote control system, the flowchart of which is shown below. Figure 1 As shown, the specific steps include:
[0028] S1: Deploy a remote control audit node.
[0029] An audit node is deployed in the control communication link between the control end and the robot end, and a functional endpoint is configured so that the audit node has the conditions to connect the control end and the robot end and audit the transmission and execution process of control commands.
[0030] The audit node is deployed in the control communication link between the control end and the robot end. The audit node can be deployed as a standalone device or integrated into a communication gateway, edge computing device, or security audit device. The four functional endpoints of the audit node are configured.
[0031] The remote control audit node configuration includes at least the following functional endpoints: a control command receiving endpoint for receiving control commands sent by the remote control terminal; a control command acquisition endpoint for responding to the robot's pull request for control commands; a control execution feedback endpoint for receiving the control execution status returned by the robot; and an audit data storage endpoint for storing audit information on control behavior.
[0032] S2: Initialize the control instruction audit structure and establish an instruction identification mechanism.
[0033] Initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information.
[0034] Initialize audit-related data structures and identification mechanisms to lay the foundation for subsequent information association across all audit stages. Figure 1 The flow logic from deployment to initialization of this invention is illustrated as follows:
[0035] S21: Initialize the control instruction audit structure: The audit node initializes a data structure for recording control instruction audit information, including at least the instruction identifier, instruction type, instruction generation timestamp, instruction fetch status, and instruction execution status. The instruction fetch status indicates whether the control instruction has been acquired by the robot; the initial status is "not fetched".
[0036] S22: Establish a control command identifier generation mechanism: assign a unique control command identifier to each control command when the control command is generated.
[0037] S23: Bind control session and control command identifier.
[0038] The audit node binds the control command identifier to the current remote control session to distinguish control command audit information in different control sessions, thereby achieving the independence and traceability of control command audit information in multi-control session scenarios.
[0039] S3: Audit log of control instruction generation behavior.
[0040] The audit node receives control instruction requests, parses the content and identifies their type, records the generation time and control request characteristics, associates the generated audit information with the instruction identifier and stores it in the record table.
[0041] When the remote control terminal initiates a control command, the audit node comprehensively records the command generation process, providing initial data support for subsequent auditing procedures. Specifically:
[0042] S31: Record control command generating entity information: The audit node obtains the identity information of the control command generating entity and associates it with the corresponding control command identifier. The control command generating entity includes one or more of the following: a remote control terminal, a control application, or a control account.
[0043] S32: Record control instruction generation time information: The audit node records the generation time of the control instruction and stores it as part of the audit information of the control instruction generation behavior.
[0044] S33: Associated Control Instruction Generation Behavior with Subsequent Audit Process: The audit node associates the audit record of the control instruction generation behavior with the corresponding control instruction identifier for unified reference in the future.
[0045] S4: Auditing of control command forwarding and acquisition behavior.
[0046] The audit node receives the instruction pull request sent by the robot, retrieves the unretrieved instruction and provides feedback, updates the pull status and records the pull time, constructs the acquisition time sequence relationship, marks abnormal behavior and generates audit records.
[0047] When the robot actively pulls commands from the endpoint through control instructions, the audit node conducts a detailed audit of the process, including request listening, behavior recording, status updates, timing construction, and anomaly marking. Figure 2 The modular closed-loop process for auditing the instruction retrieval and execution behavior of this invention is shown below:
[0048] S41: Establish a control command acquisition request listening mechanism: Receive control command acquisition requests sent periodically or event-triggered by the robot, including at least robot identification information and request time information.
[0049] S42: Record control command acquisition request behavior characteristics: The audit node audits and records the acquisition requests, including at least the time the acquisition request was received, the corresponding robot identifier, the request sequence number, and the time interval between adjacent acquisition requests. Through the above records, control command acquisition behavior characteristic data is formed.
[0050] S43: Matching Control Commands to be Executed and Updating Pull Status: Retrieves control commands with a pull status of "Not Pulled" from the control command record table. If a control command to be executed exists, it is returned to the robot, the pull status is updated to "Pulled," the pull time of the control command is recorded, and it is associated with the corresponding command identifier. If no control command to be executed exists, a response message indicating no command to be executed is returned.
[0051] S44: Constructing the control command acquisition sequence and timing relationship: Based on the retrieval time and request sequence number of the control commands, construct the control command acquisition sequence and timing relationship to characterize the actual acquisition process of control commands in the remote control link. The acquisition sequence and timing relationship reflect whether the control commands are acquired by the robot according to the expected control mode.
[0052] S45: Mark abnormal control command acquisition behavior: When the characteristics of control command acquisition behavior are inconsistent with the preset control behavior mode, the audit node marks the corresponding control command acquisition behavior as abnormal and stores the abnormal mark in association with the control command identifier.
[0053] S46: Generate Control Command Forwarding and Acquisition Audit Records: The audit node summarizes the characteristics of the control command acquisition request behavior, the control command retrieval time, and the abnormal marker information, generates control command forwarding and acquisition audit records, and stores them in the audit data storage module.
[0054] S5: Audit log of control instruction execution behavior.
[0055] The audit node receives the control command execution results returned by the robot, records the execution time and status, associates the execution audit information with the corresponding command identifier, and updates the control command record table.
[0056] After the robot executes control commands, the audit node receives feedback information and conducts audits of the execution behavior, thus achieving a closed-loop data flow across the entire "command generation-execution" chain. Figure 2 This step demonstrates its connection to the process of auditing pull behavior. The specific steps are as follows:
[0057] S51: Establish a control command execution status feedback mechanism: receive execution status feedback information of the robot during the execution of control commands; wherein, the execution status feedback information includes at least the control command identifier and execution result information.
[0058] S52: Receive and parse control command execution feedback information: When the robot completes the execution of the control command or the execution status of the control command changes, the audit node receives and parses the execution feedback information, identifies the corresponding control command identifier, and extracts the execution time and execution status; wherein, the execution status includes at least the status of successful execution, failed execution, or in progress.
[0059] S53: Record the execution time and execution status of the control command: The audit node records the execution time and execution status of the control command as control command execution audit information, and associates and stores it with the corresponding control command identifier to realize the time recording and status identification of the control command execution behavior.
[0060] S54: Associated Control Command Execution Behavior with Robot Operating Status: The audit node further acquires the robot's operating status information before and after executing control commands, and associates and stores it with the corresponding control command identifier; wherein, the operating status information includes at least one or more of the robot's posture status, motion status, or working mode status.
[0061] S55: Construct a record of control instruction execution behavior: Based on the execution time, execution status and running status information, the audit node constructs a record of the execution behavior of the corresponding control instruction to characterize the actual execution of the control instruction on the robot side.
[0062] S56: Generate and store control instruction execution audit information: The audit node encapsulates the control instruction execution behavior record, generates control instruction execution audit information, and stores the execution audit information in the audit data storage module.
[0063] S6: Generation of evidence chain for remote control behavior and output of evidence collection results.
[0064] The audit node associates audit information associated with the same instruction identifier at each stage in chronological order to generate a time-series evidence chain of remote control behavior. The time-series evidence chain is then encapsulated into a structured evidence unit, and the integrity of the structured evidence unit is verified. After the verification is passed, the evidence collection result is output.
[0065] By aggregating audit data from all stages, and through time-series sorting, structured encapsulation, and integrity verification, it generates evidence results that can be used for judicial evidence collection or liability determination. Figure 3 The closed-loop process of evidence chain generation and anomaly handling in this invention is shown below, with specific steps as follows:
[0066] S61: Aggregating Multi-Source Audit Information: The audit node obtains multi-source audit information associated with the same control instruction identifier from the audit data storage module; wherein, the multi-source audit information includes at least: control instruction generation audit information, control instruction forwarding and acquisition audit information, and control instruction execution audit information; through the aggregation of the multi-source audit information, a unified association of the entire process of remote control behavior is achieved.
[0067] S62: Constructing a time-series evidence chain for remote control behavior: Based on the timestamp information recorded in multi-source audit information, the audit node sorts various types of audit information in time sequence to construct a time-series evidence chain for control instructions from generation, forwarding, acquisition to execution; the time-series evidence chain is used to characterize the continuity and causal relationship of remote control behavior in the time dimension.
[0068] S63: Generate structured evidence units for remote control behavior: The audit node encapsulates the time-series evidence chain according to a preset evidence structure to generate structured evidence units for remote control behavior; wherein, the structured evidence unit includes at least: control subject identification information, control instruction identification and content summary, control instruction execution timeline, and control instruction execution result.
[0069] S64: Perform integrity verification on evidence of remote control behavior: The audit node performs integrity verification on the structured evidence unit to confirm that the evidence unit has not been tampered with during the generation process; wherein, the integrity verification includes at least consistency verification and time continuity verification.
[0070] S65: Generate evidence results for remote control behavior: When the integrity verification passes, the audit node generates evidence results for remote control behavior; the evidence results are used to characterize at least one or more of the following conclusions: whether remote control behavior exists, the time range of the occurrence of remote control behavior, and the control subject corresponding to the remote control behavior.
[0071] S66: Output the evidence collection results and support subsequent calls: The audit node outputs the evidence collection results of the remote control behavior to the evidence collection result output module for use in judicial evidence collection, liability determination or security audit scenarios.
[0072] Another embodiment of the present invention: a security audit and evidence collection system for a robot remote control system, comprising an audit node deployed in the control communication link between the control end and the robot end, wherein the audit node includes:
[0073] Deployment and Configuration Module: Used to deploy audit nodes in the control communication link between the control end and the robot end, configure functional endpoints, and enable the audit nodes to connect the control end and the robot end, and audit the transmission and execution process of control commands.
[0074] Identifier Management Module: Used to initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information.
[0075] The audit generation module is used to receive control instruction requests, parse the content and identify the type, record the generation time and control request characteristics, associate the generated audit information with the instruction identifier and store it in the record table.
[0076] The audit module is used to receive robot instruction pull requests, retrieve unpulled instructions and provide feedback, update the pull status and record the pull time, build the acquisition time sequence relationship, mark abnormal behavior and generate audit records.
[0077] Execution Audit Module: This module receives feedback on the robot's execution results, records the execution time and status, associates instruction identifiers and updates the record table, and constructs and stores execution behavior records.
[0078] Evidence Chain and Evidence Collection Module: This module is used to associate audit information from each stage in chronological order, generate a time-series evidence chain and encapsulate it into structured evidence units. After performing integrity verification, it outputs evidence collection results that can be used for security analysis or liability determination.
[0079] The deployment and configuration module is specifically used for:
[0080] The audit node is deployed in the control communication link between the control end and the robot end. It can be deployed independently or integrated into the communication gateway, edge computing device, or security audit device.
[0081] Configure the four functional endpoints of the audit node: the control command receiving endpoint is used to receive control commands sent by the control terminal; the control command acquisition endpoint is used to respond to the robot's pull request; the control execution feedback endpoint is used to receive the robot's execution status; and the audit data storage endpoint is used to store audit information.
[0082] The identifier management module is specifically used for:
[0083] Initialize the control instruction audit structure. The data structure includes at least the instruction identifier, instruction type, instruction generation timestamp, instruction fetch status, and instruction execution status. The fetch status is initially set to "not fetched".
[0084] Establish a control command identifier generation mechanism to assign a unique command identifier when a control command is generated;
[0085] The instruction identifier is bound to the current remote control session to achieve the independence and traceability of audit information in multi-control session scenarios.
[0086] In summary, this invention addresses the core issues of untraceable control behavior throughout the entire process of robot remote control scenarios, difficulty in identifying implicit control paths, lack of standardized verification of evidence results leading to unreliable findings, and the need for non-intrusive deployment without altering the robot's original control logic. It provides a security auditing and evidence collection method based on independent audit node deployment, unique instruction identifier association, and full-process segmented auditing, combined with the construction of a time-series evidence chain, structured encapsulation, and integrity verification. Furthermore, it accurately identifies risky paths through behavioral feature monitoring and anomaly marking mechanisms, while relying on multi-source audit information aggregation and consistency verification to ensure the validity of the evidence results. Through these technical solutions, this invention achieves full-chain traceability of control behavior, accurate identification of abnormal paths, and reliable evidence results without intruding on the robot's control logic, effectively improving the security and traceability of the robot's remote control chain and providing reliable technical support for judicial evidence collection and liability determination.
Claims
1. A method for security auditing and evidence collection for remote control systems of robots, characterized in that, Includes the following steps: S1: Deploy a remote control audit node: Deploy an audit node in the control communication link between the control end and the robot end, configure functional endpoints, and enable the audit node to connect the control end and the robot end and audit the transmission and execution process of control commands; S2: Initialize the control instruction audit structure and establish an instruction identification mechanism: Initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information; S3: Audit log of control instruction generation behavior: The audit node receives control instruction requests, parses the content and identifies its type, records the generation time and control request characteristics, associates the generated audit information with the instruction identifier and stores it in the record table; S4: Auditing of control command forwarding and acquisition behavior: The audit node receives command retrieval requests sent by the robot, retrieves unretrieved commands and provides feedback, updates the retrieval status and records the retrieval time, constructs the acquisition time sequence relationship, marks abnormal behavior and generates audit records; S5: Audit record of control command execution behavior: The audit node receives the control command execution result returned by the robot, records the execution time and status, associates the execution audit information with the corresponding command identifier, and updates the control command record table; S6: Generation of Evidence Chain for Remote Control Behavior and Output of Evidence Results: The audit node associates audit information of each stage associated with the same instruction identifier in chronological order to generate a time-series evidence chain for remote control behavior. The time-series evidence chain is encapsulated into a structured evidence unit, and the integrity of the structured evidence unit is verified. After the verification is passed, the evidence results are output.
2. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S1 is as follows: S11: Deploy the audit node in the control communication link between the control end and the robot end. The audit node can be deployed as an independent device or integrated into a communication gateway, edge computing device or security audit device. S12: Configure the four functional endpoints of the audit node: Control command receiving endpoint: Used to receive control commands sent by the control terminal; Control command acquisition endpoint: used to respond to the robot's pull request for control commands; Control execution feedback endpoint: Used to receive the control command execution status returned by the robot; Audit data storage endpoint: Used to store audit information on control behavior.
3. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S2 is as follows: S21: Initialize the control instruction audit structure to record the data structure of control instruction audit information. The data structure includes instruction identifier, instruction type, instruction generation timestamp, instruction fetch status, and instruction execution status, wherein the fetch status is initially "not fetched". S22: Establish a control command identifier generation mechanism, and assign a unique command identifier to each control command when the control command is generated; S23: Bind the instruction identifier to the current remote control session.
4. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S3 is as follows: S31: Obtain the identity information of the control command generating entity, and associate the identity information with the corresponding command identifier and record it. The generating entity includes a remote control terminal, a control application, or a control account. S32: Record the generation time of the control command and store it as part of the generation behavior audit information; S33: Store the audit record of the generation behavior, which includes the generation time and the identity information of the generating entity, in association with the corresponding instruction identifier.
5. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S4 is as follows: S41: Establish a pull request listening mechanism to receive pull requests sent by the robot, wherein the pull request includes the robot identifier and request time information; S42: Record the time of receiving the instruction pull request, the corresponding robot identifier, the request sequence number, and the time interval between adjacent requests to form pull behavior feature data; S43: Retrieve instructions with a "not pulled" status. If there are instructions to be executed, return the instructions and update the status to "pulled", and record the pull time. If there are no instructions to be executed, return the corresponding response. S44: Based on the fetch time and request sequence number, construct the control command acquisition order and timing relationship; S45: When the pull behavior feature data is inconsistent with the preset control behavior mode, mark the corresponding pull behavior as abnormal and store the abnormal mark with the corresponding instruction identifier. S46: Summarize the pull behavior characteristic data, pull time and abnormal marker information to generate control command forwarding and acquisition audit records.
6. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S5 is as follows: S51: Establish an execution status feedback mechanism to receive feedback information from the robot during the execution of instructions. The feedback information includes the instruction identifier and the execution result. S52: Receive and parse the execution feedback information, identify the corresponding instruction identifier, and extract the execution time and execution status, wherein the execution status includes execution success, execution failure, or execution in progress; S53: Record the execution time and status as execution audit information and store it in association with the corresponding instruction identifier; S54: Obtain the robot's running status information before and after executing the control command, and store the corresponding command identifier. The running status information includes posture state, motion state, or working mode state. S55: Based on the execution time, execution status, and running status information, construct a record of the execution behavior of the control command.
7. The security auditing and evidence collection method for robot remote control systems according to claim 1, characterized in that, Step S6 is as follows: S61: Obtain multi-source audit information associated with the same instruction identifier from the storage module. The multi-source audit information includes control instruction generation audit information, control instruction forwarding and acquisition audit information, and control instruction execution audit information. S62: Based on the timestamps in each audit message, sort the multi-source audit information in chronological order to construct a chronological evidence chain of generation, forwarding, acquisition, and execution; S63: Encapsulate the time-series evidence chain according to a preset structure to generate a structured evidence unit, wherein the structured evidence unit includes a control subject identifier, an instruction identifier and a content summary, an execution timeline and an execution result; S64: Perform an integrity check on the structured evidence unit, the integrity check including a consistency check and a time continuity check; S65: After the verification is passed, the evidence collection result is generated. The result is used to characterize whether remote control behavior exists, the time range of the remote control behavior, and the corresponding control subject.
8. The security auditing and evidence collection method for robot remote control systems according to claim 5, characterized in that, The preset control behavior mode includes a normal fetch request interval threshold and fetch order rules, and the anomaly marker is used for subsequent security analysis and accountability tracing.
9. A security auditing and evidence collection system for robot remote control systems, characterized in that, This includes audit nodes deployed in the control communication link between the control terminal and the robot terminal, wherein the audit nodes include: Deployment and Configuration Module: Used to deploy audit nodes in the control communication link between the control end and the robot end, configure functional endpoints, and enable the audit nodes to connect the control end and the robot end, and audit the transmission and execution process of control commands. Identifier Management Module: Used to initialize the control instruction record table, define the control instruction data structure, and assign a unique instruction identifier to each newly generated control instruction for unified association of subsequent audit information; The audit generation module is used to receive control instruction requests, parse the content and identify the type, record the generation time and control request characteristics, associate the generated audit information with the instruction identifier and store it in the record table; The audit module is used to receive robot instruction pull requests, retrieve unpulled instructions and provide feedback, update the pull status and record the pull time, build the acquisition time sequence relationship, mark abnormal behavior and generate audit records; Execution Audit Module: Used to receive feedback on the robot's execution results, record execution time and status, associate instruction identifiers and update the record table, construct and store execution behavior records; Evidence Chain and Evidence Collection Module: This module is used to associate audit information from each stage in chronological order, generate a time-series evidence chain and encapsulate it into structured evidence units. After performing integrity verification, it outputs evidence collection results that can be used for security analysis or liability determination.
10. The security audit and evidence collection system for robot remote control systems according to claim 9, characterized in that, The deployment and configuration module is specifically used for: The audit node is deployed in the control communication link between the control end and the robot end. It can be deployed independently or integrated into the communication gateway, edge computing device, or security audit device. Configure the four functional endpoints of the audit node: the control command receiving endpoint is used to receive control commands sent by the control terminal; the control command acquisition endpoint is used to respond to the robot's pull request; the control execution feedback endpoint is used to receive the robot's execution status; and the audit data storage endpoint is used to store audit information. The identifier management module is specifically used for: Initialize the control instruction audit structure. The data structure includes at least the instruction identifier, instruction type, instruction generation timestamp, instruction fetch status, and instruction execution status. The fetch status is initially set to "not fetched". Establish a control command identifier generation mechanism to assign a unique command identifier when a control command is generated; The instruction identifier is bound to the current remote control session to achieve the independence and traceability of audit information in multi-control session scenarios.