A method for risk early warning and automatic response of a secret-involved carrier and related equipment

Abstract

The application provides a risk early warning and automatic response method for a secret-related carrier and related equipment, and the method comprises the following steps: collecting real-time coordinates, operation behaviors and permission call records of the secret-related carrier in real time, comparing the current behavior characteristic data with a preset reference behavior archive to generate a risk offset value, performing trend analysis to determine a current risk state, and determining a corresponding risk level according to a preset secret-related level weight of the secret-related carrier; and generating a corresponding response strategy according to the risk level to automatically control the secret-related carrier. The risk level is determined according to the preset secret-related level weight of the secret-related carrier, and the corresponding response strategy is generated according to the risk level, so that the hierarchical and automatic control measures are realized, the timeliness of the risk identification of the secret-related carrier and the pertinence of the response are improved, and the problem that the risk identification of the secret-related carrier lags behind and is difficult to respond in a timely manner in the prior art is overcome.

Description

Technical Field

[0001] This application relates to the technical field of classified carriers, and in particular to a risk warning and automatic response method and related equipment for classified carriers. Background Technology

[0002] As military research institutions, defense agencies, and high-security enterprises continue to increase their informatization levels, the number of classified documents, dedicated storage media, and classified terminal equipment is constantly increasing, and their usage frequency and circulation scope are also expanding. In classified environments, these carriers typically need to be stored, accessed, and operated within authorized areas. Any abnormal movement, unauthorized operation, or abuse of permissions could lead to information leakage or security incidents.

[0003] In existing methods, classified carriers are often managed by a combination of manual inspection and electronic monitoring. For example, the carrier's location is monitored by RFID tags or positioning devices, operational behavior is recorded by a log recording module, and abnormal situations are judged based on preset rules. When unauthorized movement or abnormal operation is detected, an alarm or manual intervention is triggered to reduce the risk of classified carriers getting out of control.

[0004] Although rule matching and abnormal triggering mechanisms can detect and alert on abnormal behavior of classified carriers, when the risks of classified carriers gradually accumulate or show progressive changes, existing methods usually only respond based on a single threshold judgment, which is difficult to reflect the changing trend of risks and can easily lead to delayed early warnings, making it impossible to take control measures before the risks further expand. Summary of the Invention

[0005] The technical problem to be solved by the present invention is the problem of delayed risk identification and difficulty in timely response of classified carriers in the prior art, thereby providing a risk warning and automatic response method and related equipment for classified carriers.

[0006] In view of this, a first aspect of the present invention provides a risk warning and automatic response method for classified carriers, comprising: real-time acquisition of the real-time coordinates, operation behaviors, and permission call records of the classified carrier by a sensing unit deployed in the classified carrier and its usage environment, generating current behavior feature data; comparing the current behavior feature data with a preset baseline behavior profile, calculating spatial offset, time offset, and operation offset respectively to generate a risk offset value; performing trend analysis on the risk offset value within a continuous time period to obtain the risk change rate, and determining the current risk status based on the risk offset value and the risk change rate; determining the corresponding risk level based on the current risk status and the preset classification level weight of the classified carrier; and generating a corresponding response strategy according to the risk level to automatically control the classified carrier.

[0007] Preferably, the step of collecting real-time coordinates, operational behaviors, and permission call records of the classified carrier in real time through sensing units deployed on the classified carrier and its usage environment to generate current behavioral feature data includes: obtaining the real-time coordinates of the classified carrier within the authorized usage area through a plurality of radio frequency tags preset on the classified carrier; capturing user operational behaviors on the classified carrier through a behavior acquisition module preset on the classified carrier at a preset sampling frequency; intercepting interface call requests within a preset permission range during the operation of the classified carrier through a permission monitoring device preset on the classified carrier, and extracting the call source identifier, call target resource identifier, and call time from the interface call requests to generate permission call records; and merging the real-time coordinates, the operational behaviors, and the permission call records after time alignment to generate current behavioral feature data.

[0008] Preferably, the step of obtaining the real-time coordinates of the classified carrier within the authorized use area by using a plurality of radio frequency tags preset on the classified carrier includes: deploying a radio frequency read / write base station array within the authorized use area of ​​the classified carrier at a preset grid spacing; continuously broadcasting query signals to the plurality of radio frequency tags preset on the classified carrier through the radio frequency read / write base station array; receiving the signal strength values ​​returned by each radio frequency tag, converting the signal strength values ​​into distance values ​​based on a preset path loss model, and using a trilateration positioning algorithm to measure and locate all distance values ​​to obtain the real-time coordinates.

[0009] Preferably, the baseline behavior profile stores a set of authorized spatial activity boundary coordinates, a set of standard operation time windows, and a set of compliant permission call features for the classified carrier; the step of comparing the current behavior feature data with the preset baseline behavior profile and calculating spatial offset, time offset, and operation offset to generate a risk offset value includes: comparing the real-time coordinates in the current behavior feature data with the set of spatial activity boundary coordinates, calculating the Euclidean distance from the real-time coordinates to the nearest authorized boundary, and performing a difference operation between the Euclidean distance and a preset spatial baseline threshold to obtain the spatial offset; the current behavior feature data... The occurrence time of the operation is compared with the standard operation time window set, and the duration of the operation occurrence time deviating from the boundary of the most recent authorized time window is calculated. The difference between the duration and a preset time benchmark threshold is calculated to obtain the time offset. The permission call records in the current behavior feature data are matched one by one with the compliant permission call feature set. The number of call entries that do not match or exceed the compliant permission call feature set within a unit of time is counted. The difference between the number and a preset operation benchmark threshold is calculated to obtain the operation offset. The spatial offset, time offset and operation offset are weighted and summed to obtain the risk offset value.

[0010] Preferably, the step of performing trend analysis on the risk offset values ​​within a continuous time period to obtain the risk change rate, and determining the current risk state based on the risk offset values ​​and the risk change rate, includes: caching the continuously collected risk offset values ​​with a preset sliding time window to obtain a sample sequence; performing linear regression fitting on the sample sequence, and using the slope of the fitted line as the risk change rate, extracting the risk offset value at the latest moment in the sample sequence as the current risk offset value; comparing the current risk offset value with a preset offset state classification threshold to determine the offset dimension state value, and comparing the risk change rate with a preset rate state classification threshold to determine the rate dimension state value; logically combining the offset dimension state value and the rate dimension state value, and when either the offset dimension state value or the rate dimension state value reaches a higher state level, taking the higher state level as the current risk state.

[0011] Preferably, the classification level weight coefficient is taken within a preset numerical range according to the classification level of the information stored on the classified carrier; the higher the classification level, the larger the classification level weight coefficient. The step of determining the corresponding risk level based on the current risk status and the preset classification level weight of the classified carrier includes: mapping the current risk status to a corresponding basic risk status score; multiplying the basic risk status score with the classification level weight coefficient to obtain a comprehensive risk score; comparing the comprehensive risk score with a preset risk level division interval; outputting a low-risk level when the comprehensive risk score falls into a preset low-risk interval; outputting a medium-risk level when the comprehensive risk score falls into a preset medium-risk interval; and outputting a high-risk level when the comprehensive risk score falls into a preset high-risk interval.

[0012] Preferably, the step of generating a corresponding response strategy based on the risk level to automatically control the classified carrier includes: when the risk level is low, generating a notification-type response strategy to send an alarm notification to the authorized management terminal bound to the classified carrier, the alarm notification carrying the carrier identifier, the current risk offset value, and the trigger time; when the risk level is medium, generating a restriction-type response strategy and issuing an access freeze command to the classified carrier; when the risk level is high, generating a mandatory response strategy and triggering the audible and visual alarm device deployed on the classified carrier to continuously output an alarm signal.

[0013] A second aspect of this invention provides a risk warning and automatic response system for classified carriers, comprising: a data acquisition module, used to collect real-time coordinates, operation behaviors, and permission call records of the classified carrier in real time through sensing units deployed on the classified carrier and its usage environment, and generate current behavior feature data; a data comparison module, used to compare the current behavior feature data with a preset benchmark behavior profile, and calculate spatial offset, time offset, and operation offset respectively to generate a risk offset value; a trend analysis module, used to perform trend analysis on the risk offset value within a continuous time period, obtain the risk change rate, and determine the current risk status based on the risk offset value and the risk change rate; a risk assessment module, used to determine the corresponding risk level based on the current risk status and the preset classification level weight of the classified carrier; and a strategy generation module, used to generate a corresponding response strategy based on the risk level to automatically control the classified carrier.

[0014] A third aspect of the present invention provides an electronic device, including a memory and a processor, wherein the memory stores a computer program that can run on the processor, and the processor executes the computer program to implement the risk warning and automatic response method for classified carriers described above.

[0015] A fourth aspect of the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is run by a processor, the processor performs the risk warning and automatic response method for classified carriers as described above.

[0016] The technical solution of this invention has the following advantages: by calculating the offset of the current behavioral feature data and generating risk offset values, the risk status is transformed from discrete judgment to continuous quantitative results. At the same time, by performing trend analysis on the risk offset values ​​within a continuous time period and obtaining the risk change rate, risk identification not only focuses on the current degree of anomaly but also on the trend of risk change, thereby enabling the early identification of potential anomalies during the gradual accumulation of risks. On this basis, the risk level is determined by combining the pre-set classification level weight of the classified carrier and generating corresponding response strategies according to the risk level, realizing hierarchical and automatic control measures. This improves the timeliness of risk identification and the pertinence of response for classified carriers, overcoming the problems of delayed risk identification and difficulty in timely response in the prior art. Attached Figure Description

[0017] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.

[0018] Figure 1 A flowchart illustrating the risk warning and automatic response method for classified carriers provided in this embodiment of the invention; Figure 2 A schematic block diagram illustrating the generation structure of current behavioral feature data provided in this embodiment of the invention; Figure 3 A schematic block diagram illustrating the structure for generating risk offset values ​​provided in an embodiment of the present invention; Figure 4 A schematic block diagram illustrating the structure for determining the current risk status provided in this embodiment of the invention; Figure 5 A linear graph of the sample sequence provided in the embodiments of the present invention; Figure 6 A schematic block diagram illustrating the structure of risk level assessment provided in this embodiment of the invention; Figure 7 A schematic block diagram of the risk warning and automatic response system for classified carriers provided in this embodiment of the invention; Figure 8 A schematic block diagram of the structure of an electronic device provided in an embodiment of the present invention. Detailed Implementation

[0019] The technical solution of the present invention will now be clearly and completely described with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0020] In the description of this invention, it should be noted that the terms "first," "second," and "third" are used for descriptive purposes only and should not be construed as indicating or implying relative importance.

[0021] Furthermore, the technical features involved in the different embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

[0022] like Figure 1As shown in the example, this application provides a risk warning and automatic response method for classified carriers. By quantitatively modeling and continuously analyzing the behavior of classified carriers at the physical and operational levels, it achieves graded risk assessment and automatic control. This includes: Step S1: By using sensing units deployed on classified carriers and their usage environment, the real-time coordinates, operation behaviors, and permission call records of the classified carriers are collected in real time to generate current behavior feature data.

[0023] like Figure 2 As shown, the sensing unit includes a positioning and acquisition unit, a behavior acquisition module, and an access control module. The positioning and acquisition unit outputs the real-time coordinates of the classified carrier at a sampling period of no more than 1 second. The real-time coordinates are represented by a three-dimensional coordinate structure, with fields including X-axis coordinates, Y-axis coordinates, Z-axis coordinates, and a timestamp. The behavior acquisition module records the input sequence, operation duration, and operation interval at the operation interface level. The input sequence is stored as a string array structure in chronological order, with each element including a button identifier or touch coordinate value. The access control module intercepts interface call requests within a preset access control range during the operation of the classified carrier and generates a structured record containing the call source identifier, the target resource identifier, and the call time. All types of data are accompanied by a timestamp field in a unified format, with the timestamp expressed in milliseconds since January 1, 1970, 00:00:00.

[0024] For example, the positioning acquisition unit outputs real-time coordinates (120.3567, 31.2456, 1.5) and timestamp 1710000000500 with a sampling period of 500 milliseconds; the behavior acquisition module records the input sequence "LOGIN-OPENFILE-EXPORT", the operation duration of 45 seconds, and the interval between adjacent operations of 2 seconds; the permission monitoring module records the interface call request with the call source identifier "Process_A", the call target resource identifier "Secret_File_01", and the call time of 1710000000520.

[0025] In another example, step S1 can also be preferably implemented as follows: The real-time coordinates of the classified carrier within the authorized use area are obtained by pre-setting several radio frequency tags on the classified carrier.

[0026] Several RFID tags are passive UHF RFID tags, each with a unique electronic code of 96 bits in length; the authorized use area is defined as a polygonal region containing several boundary vertices during the deployment phase, with the boundary vertices stored as a coordinate array in clockwise order; the RFID tags are fixedly installed at different locations on the outer shell of the classified carrier, and the location is inverted by reading the signal strength values ​​of different RFID tags.

[0027] For example, RFID tags with the electronic code E2000017221101441890XXXX are affixed to the four sides of the classified carrier, and four boundary vertices (120.3500, 31.2400), (120.3600, 31.2400), (120.3600, 31.2500), and (120.3500, 31.2500) are defined within the authorized use area.

[0028] Furthermore, the step of obtaining the real-time coordinates of the classified carrier within the authorized use area by pre-setting several RFID tags on the classified carrier can preferably be implemented as follows: Within the authorized use area of ​​classified carriers, deploy radio frequency read / write base station arrays according to the preset grid spacing.

[0029] The preset grid spacing is 5 meters × 5 meters. The RF read / write base station array is deployed in a two-dimensional matrix. Each RF read / write base station in the array has a fixed number and known installation coordinates. The installation coordinates are measured and recorded as high-precision coordinate values ​​by a total station during the deployment phase. The RF read / write base stations are synchronized in time through a wired network, and the synchronization error is controlled within 10 milliseconds.

[0030] For example, a 4×4 RF read / write base station array is deployed within a 20m×20m authorized use area, consisting of 16 RF read / write base stations, with a spacing of 5 meters between each base station, numbered R1 to R16.

[0031] The radio frequency read / write base station array continuously broadcasts query signals to several radio frequency tags preset on classified carriers.

[0032] The RFID base station polls and sends query frames in the 920MHz to 925MHz frequency band with a query period of 200 milliseconds. Each query frame contains a base station number and a timestamp field. After receiving the query frame, several RFID tags return a response frame containing their own electronic code. The RFID base station records the received signal strength value and the reception time of the response frame.

[0033] For example, the RFID base station numbered R3 sends a query frame at timestamp 1710000000600, and the RFID tag with electronic code E2000017221101441890XXXX returns a response frame within 5 milliseconds. The RFID base station records the signal strength value as -62dBm.

[0034] The system receives signal strength values ​​returned by each RFID tag, converts these values ​​into distance values ​​based on a preset path loss model, and uses a trilateration positioning algorithm to measure and locate all distance values ​​to obtain real-time coordinates.

[0035] The preset path loss model adopts the logarithmic distance path loss model, which is a publicly available logarithmic distance path loss model in the field of wireless communication. Its expression is Pr(d)=Pr(d0)-10nlog10(d / d0), where Pr(d) is the received power at distance d, and n is the path loss exponent, which is obtained through actual measurement and calibration during the deployment phase. The distance value is obtained by substituting the signal strength value into the model inverse solution. The trilateration positioning algorithm is the trilateration positioning algorithm in positioning technology. It obtains the real-time coordinates by solving a system of equations composed of three or more known base station coordinates and corresponding distance values, and then using the least squares method to solve for the coordinates of the unknown point.

[0036] When the distance values ​​measured by the three radio frequency read / write base stations R1, R2, and R3 are 4.2 meters, 5.1 meters, and 3.8 meters respectively, the installation coordinates and corresponding distance values ​​of the three base stations are substituted into the trilateration positioning algorithm, and the real-time coordinates (120.3550, 31.2450) are obtained by solving the least squares method.

[0037] The system captures the user's input sequence, operation duration, and operation interval on the operation interface of the classified carrier at a preset sampling frequency using a behavior acquisition module, which is then used as the operation behavior.

[0038] The preset sampling frequency is to collect input events once every 100 milliseconds. The behavior acquisition module registers an input listening callback function in the driver layer to record keyboard key scan codes, mouse click coordinates, or touch screen touch point coordinates. The operation duration is defined as the difference between the start and end timestamps of the same task identifier. The operation interval is defined as the difference between the timestamps of two adjacent input events.

[0039] For example, the input sequence "CTRL+L, FILE_OPEN, EXPORT" is recorded between timestamps 1710000000700 and 1710000001200, with an operation duration of 500 milliseconds and a timestamp difference of 120 milliseconds between adjacent input events.

[0040] By intercepting interface call requests within the preset permission range during the operation of the classified carrier through the preset permission monitoring, and extracting the call source identifier, call target resource identifier and call time from the interface call request, a permission call record sequence is generated as the permission call record.

[0041] The preset permission range is implemented by configuring a permission whitelist and a permission blacklist during the deployment phase. The permission whitelist contains a set of resource identifiers that are allowed to be accessed, and the permission blacklist contains a set of resource identifiers that are prohibited from being accessed. The permission monitoring module intercepts file read / write, network access, and peripheral access interface call requests by registering hook functions in the operating system kernel mode. For each interface call request, a record containing the call source identifier, the call target resource identifier, and the call time is generated and stored in chronological order as a permission call record sequence.

[0042] When an application with process ID Process_A requests access to a file with resource ID Secret_File_02 at timestamp 1710000001300, the permission monitoring module records the permission call record with the source ID Process_A, the target resource ID Secret_File_02, and the call time 1710000001300.

[0043] Real-time coordinates, operation behaviors, and permission call records are merged after being aligned with time using the carrier identifier as the association key to generate current behavior feature data.

[0044] The carrier identifier is a unique identifier string written by the classified carrier during the deployment phase; time alignment adopts a linear interpolation alignment method based on timestamps, and data with different sampling frequencies are resampled according to a unified time axis with a time granularity of 100 milliseconds; after alignment, a composite data structure containing real-time coordinate field, input sequence field, operation duration field, operation interval field and permission call record field is generated, which is defined as the current behavior feature data.

[0045] For example, on the unified timeline corresponding to timestamp 1710000001400, merge the real-time coordinates (120.3550, 31.2450), the input sequence "EXPORT", the operation duration of 300 milliseconds, the operation interval of 90 milliseconds, and the permission call records with the call source identifier "Process_A" and the call target resource identifier "Secret_File_02" to form a current behavior feature data record.

[0046] Step S2: Compare the current behavioral feature data with the preset baseline behavioral profile, and calculate the spatial offset, temporal offset and operational offset respectively to generate a risk offset value.

[0047] The baseline behavior profile is stored in the form of a structured data table on a local encrypted storage medium of a classified carrier. The data table fields include a set of spatial activity boundary coordinates, a set of standard operation time windows, and a set of compliant permission call features. The current behavior feature data is read one by one and matched with the corresponding fields in the baseline behavior profile. Spatial offset, time offset, and operation offset are all represented as non-negative floating-point numbers, and are uniformly set to 0 when the calculation result is less than 0. The risk offset value is defined as the weighted sum of the three types of offsets.

[0048] For example, in a current behavior feature data corresponding to timestamp 1710000001400, the real-time coordinates are (120.3650, 31.2550), the operation occurred at 22:35:10, and there is a record in the permission call record with the access resource identifier Secret_File_99; after comparing with the baseline behavior file, the spatial offset is 2.3, the time offset is 1.5, and the operation offset is 3. The weighted sum of the three results in a risk offset value of 6.8.

[0049] like Figure 3 As shown, in another example, step S2 can also be preferably implemented as follows: The baseline behavior file stores the set of authorized spatial activity boundary coordinates for classified carriers, the set of standard operating time windows, and the set of compliant permission call features.

[0050] The spatial activity boundary coordinate set is defined using a polygon vertex array structure, with each vertex containing latitude and longitude coordinates; the standard operation time window set is defined using a time interval array structure, with each time interval containing a start time and an end time, and the time expressed in seconds in 24-hour format; the compliant permission call feature set is defined using a triple set structure, with each triple including a call source identifier, a call target resource identifier, and a maximum allowed call frequency threshold; the baseline behavior profile is generated during the deployment phase by manually entering authorization rules and is verified for integrity using hash checksums.

[0051] For example, the set of spatial activity boundary coordinates is defined as a rectangular area formed by vertices (120.3500, 31.2400), (120.3600, 31.2400), (120.3600, 31.2500), and (120.3500, 31.2500); the set of standard operation time windows is defined as 08:00:00 to 18:00:00; and the set of compliant permission call features contains the triple (Process_A, Secret_File_01, no more than 5 times per minute).

[0052] The real-time coordinates in the current behavioral feature data are compared with the set of spatial activity boundary coordinates. The Euclidean distance from the real-time coordinates to the nearest authorized boundary is calculated, and the difference between the Euclidean distance and the preset spatial reference threshold is calculated to obtain the spatial offset.

[0053] The ray casting algorithm is used to determine whether the real-time coordinates are inside the polygon formed by the set of spatial activity boundary coordinates. This algorithm is a publicly available algorithm in the field of computer graphics for determining whether a point is inside a polygon. When the real-time coordinates are inside the polygon, the spatial offset is defined as 0. When the real-time coordinates are outside the polygon, the shortest Euclidean distance from the real-time coordinates to each boundary line segment of the polygon is calculated, and the minimum value is selected as the Euclidean distance. The preset spatial reference threshold is set to 1 meter during the deployment phase based on the maximum allowable offset distance of the classified carrier. The spatial offset is defined as the difference between the Euclidean distance and the spatial reference threshold. When the difference is less than 0, it is set to 0.

[0054] For example, if the real-time coordinates (120.3650, 31.2550) are outside the set of spatial activity boundary coordinates, the Euclidean distance from them to the nearest boundary line segment is calculated to be 3.3 meters. The spatial reference threshold is 1 meter, the difference is 2.3 meters, and the spatial offset is 2.3.

[0055] The occurrence time of the operation in the current behavioral feature data is compared with the standard operation time window set. The duration of the operation occurrence time deviating from the boundary of the most recent authorized time window is calculated. The duration is then compared with the preset time base threshold to obtain the time offset.

[0056] Convert the time of the operation into the number of seconds since 0:00 on the current day; determine whether the number of seconds falls within any time interval in the standard operation time window set; when it falls within the interval, define the time offset as 0; when it is outside the interval, calculate the absolute difference between the number of seconds and the nearest time interval boundary as the deviation duration; the preset time base threshold is set to 300 seconds; the time offset is defined as the difference between the deviation duration and the time base threshold, and is set to 0 when the difference is less than 0.

[0057] For example, if the operation occurs at 22:35:10, which corresponds to 81310 seconds, and the standard operation time window set is from 28800 seconds to 64800 seconds, the duration of deviation from the nearest boundary of 64800 seconds is 16510 seconds. Subtracting the time base threshold of 300 seconds, we get 16210 seconds, which is equivalent to 4.5 hours, resulting in a time offset of 16210.

[0058] The permission call records in the current behavior feature data are matched one by one with the set of compliant permission call features. The number of call entries that do not match or exceed the set of compliant permission call features within a unit of time is counted. The difference between the number and the preset operation benchmark threshold is calculated to obtain the operation offset.

[0059] The sequence of permission call records is segmented and statistically analyzed in 60-second time windows. For each permission call record, the system searches the set of compliant permission call features to see if there is a combination of the same call source identifier and the call target resource identifier. If no match is found, it is counted as one abnormal call. If a match is found but the number of calls per unit time exceeds the corresponding maximum allowed call frequency threshold, the excess is counted as the number of abnormal calls. The preset operation baseline threshold is set to 2. The operation offset is defined as the difference between the number of abnormal calls and the operation baseline threshold. When the difference is less than 0, it is set to 0.

[0060] For example, within a 60-second time window, there are 3 missed records and 4 calls to Secret_File_01 in the permission call record. The maximum allowed call frequency threshold is 5 times per minute. Therefore, the number of abnormal calls is 3. Subtracting the operation baseline threshold of 2 times gives 1, resulting in an operation offset of 1.

[0061] Based on the preset weight coefficients for each offset, the spatial offset, temporal offset, and operational offset are weighted and summed to obtain the risk offset value.

[0062] During the deployment phase, the weighting coefficients for each offset are set to fixed floating-point numbers based on the degree of risk emphasis, ensuring that the sum of the weighting coefficients is 1; the formula for calculating the risk offset value is: Risk offset = α × spatial offset + β × time offset + γ × operational offset; Wherein, α, β, and γ are the spatial offset weight coefficient, the time offset weight coefficient, and the operational offset weight coefficient, respectively.

[0063] For example, if the spatial offset weighting coefficient is 0.3, the time offset weighting coefficient is 0.4, and the operation offset weighting coefficient is 0.3, then when the spatial offset is 2.3, the time offset is 1.5, and the operation offset is 3, the risk offset value = 0.3 × 2.3 + 0.4 × 1.5 + 0.3 × 3 = 2.19.

[0064] Step S3: Perform trend analysis on the risk offset values ​​over a continuous time period to obtain the risk change rate, and determine the current risk status based on the risk offset values ​​and the risk change rate.

[0065] The risk offset values ​​generated in chronological order are stored as a time series array, with each element including a timestamp and the corresponding risk offset value; trend analysis obtains the risk change rate by fitting the time series array; the current risk status is determined by the current risk offset value and the risk change rate.

[0066] For example, the risk offset values ​​obtained per minute over a continuous 5-minute period are 1.2, 1.8, 2.5, 3.6, and 4.8, and the risk change rate obtained through trend analysis is 0.9 per minute.

[0067] like Figure 4 and Figure 5 As shown, in another example, step S3 can also preferably be implemented as follows: The continuously collected risk offset values ​​are cached using a preset sliding time window to obtain a sample sequence. The sliding time window scrolls forward with a preset step size, and all risk offset value samples within the window are taken after each scroll.

[0068] The preset sliding time window length is set to 300 seconds, and the preset step size is set to 60 seconds. A circular buffer queue with a length of 300 seconds is established, and the queue capacity is equal to the window length divided by the risk offset value sampling period. Every 60 seconds, the earliest sample that entered the queue is deleted and the latest risk offset value sample is added to form a new sample sequence.

[0069] When the risk offset value sampling period is 60 seconds, the sliding time window contains 5 sample values, and the sample sequence is updated every 60 seconds.

[0070] Linear regression is performed on the sample sequence, and the slope of the fitted line is used as the rate of risk change. The risk offset value at the latest moment in the sample sequence is extracted as the current risk offset value.

[0071] The linear regression fitting uses the least squares linear regression algorithm, which is a publicly available ordinary least squares algorithm in the field of statistics. The time index in the time series is used as the independent variable and the risk offset value is used as the dependent variable. The slope 'a' in the fitted line y=ax+b is calculated and defined as the risk change rate. The risk offset value with the largest timestamp in the sample sequence is defined as the current risk offset value.

[0072] For example, the sample sequence is (1,1.2), (2,1.8), (3,2.5), (4,3.6), (5,4.8). The slope a = 0.9 is calculated using the least squares method, and the current risk offset value is 4.8.

[0073] The current risk offset value is compared with the preset offset state classification threshold to determine the offset dimension state value, and the risk change rate is compared with the preset rate state classification threshold to determine the rate dimension state value.

[0074] The preset offset status classification threshold is set to three levels: 0 to 2 is level 1, 2 to 5 is level 2, and greater than 5 is level 3; the preset rate status classification threshold is set to three levels: 0 to 0.5 is level 1, 0.5 to 1.5 is level 2, and greater than 1.5 is level 3; the current risk offset value and risk change rate are mapped to the corresponding intervals and assigned the corresponding level values.

[0075] The current risk offset value is 4.8, falling within the range of 2 to 5, corresponding to a level 2 status value in the offset dimension; the risk change rate is 0.9, falling within the range of 0.5 to 1.5, corresponding to a level 2 status value in the rate dimension.

[0076] According to the preset state fusion rules, the offset dimension state value and the rate dimension state value are logically combined. When either the offset dimension state value or the rate dimension state value reaches a higher state level, the higher state level is taken as the current risk state.

[0077] The preset state fusion rule is defined as taking the maximum value between the offset dimension state value and the rate dimension state value as the current risk state; when the two levels are the same, the level is directly output; when the two levels are different, the level with the larger value is output.

[0078] For example, if the offset dimension state value is level two and the rate dimension state value is level three, the current risk state is determined to be level three; if the offset dimension state value is level one and the rate dimension state value is level two, the current risk state is determined to be level two.

[0079] Step S4: Determine the corresponding risk level based on the current risk status and the preset classification level weight of the classified carrier.

[0080] like Figure 6 As shown, the current risk status is used as the input parameter for the risk status level, and the classification level weight written by the classified carrier during the deployment phase is read. The classification level weight is stored in the security configuration table of the classified carrier in the form of a floating-point number, and the fields include carrier identifier, classification level identifier and classification level weight coefficient. By quantifying the current risk status and calculating it with the classification level weight, the risk level identifier is output. The risk level identifier is represented by an enumeration type, including low risk level, medium risk level and high risk level.

[0081] When the current risk status is level three and the weight of the confidentiality level is 1.5, the calculated comprehensive risk score is 9.0, which corresponds to a high risk level output.

[0082] In another example, step S4 can also be preferably implemented as follows: The weighting coefficient for the classification level is determined within a preset range based on the classification level of the information stored on the classified carrier. The higher the classification level, the greater the weighting coefficient for the classification level.

[0083] The security classification is divided into Secret, Confidential, and Top Secret according to internal management standards; the preset value range is set to 1.0 to 2.0; Secret corresponds to a security level weight coefficient of 1.0, Confidential corresponds to a security level weight coefficient of 1.5, and Top Secret corresponds to a security level weight coefficient of 2.0; this mapping relationship is written into the security configuration table during the deployment phase and protected for integrity through digital signature.

[0084] When the classification level of a classified carrier is classified as confidential, the classification level weight coefficient is read as 1.5; when the classification level of a classified carrier is classified as top secret, the classification level weight coefficient is read as 2.0.

[0085] The current risk status is mapped to the corresponding basic risk status score, which is set within a preset score range based on the severity of the risk status. The basic risk status score is then multiplied by the classification level weight coefficient to obtain the comprehensive risk score.

[0086] The preset scoring ranges for the basic risk status score are set to three ranges: 0 to 5, 5 to 10, and 10 to 15, corresponding to the current risk status as Level 1, Level 2, and Level 3, respectively. When the current risk status is Level 1, the basic risk status score is fixed at 5; when the current risk status is Level 2, the basic risk status score is fixed at 10; and when the current risk status is Level 3, the basic risk status score is fixed at 15. The formula for calculating the comprehensive risk score is: Comprehensive Risk Score = Basic Risk Status Score × Confidentiality Level Weighting Coefficient.

[0087] When the current risk status is Level 2 and the weighting coefficient for the level of confidentiality is 1.5, the basic risk status score is 10, and the comprehensive risk score is 10 × 1.5 = 15; when the current risk status is Level 3 and the weighting coefficient for the level of confidentiality is 2.0, the comprehensive risk score is 15 × 2.0 = 30.

[0088] The comprehensive risk score is compared with the preset risk level range. When the comprehensive risk score falls into the preset low-risk range, the low-risk level is output.

[0089] The preset risk level classification range is set as follows: 0 to 10 is the low risk range, 10 to 20 is the medium risk range, and greater than 20 is the high risk range. When the comprehensive risk score is greater than or equal to 0 and less than 10, the low risk level is output and the corresponding low risk level identification code is generated.

[0090] When the comprehensive risk score is 8, it falls into the range of 0 to 10 and is output as a low risk level.

[0091] When the overall risk score falls within the preset medium-risk range, the medium-risk level is output.

[0092] When the comprehensive risk score is greater than or equal to 10 and less than or equal to 20, the medium risk level is output, and the corresponding medium risk level identification code is generated and written to the risk record log table.

[0093] When the overall risk score is 15, it falls into the range of 10 to 20, and the output is a medium risk level.

[0094] When the comprehensive risk score falls into the preset high-risk range, a high-risk level is output.

[0095] When the comprehensive risk score is greater than 20, a high risk level is output, and the high risk level identifier is written to the security event log file. The log file includes the carrier identifier, the comprehensive risk score, and the generation timestamp.

[0096] When the comprehensive risk score is 30, it falls into the range of 20 or higher, and is output as a high-risk level.

[0097] Step S5: Generate corresponding response strategies based on risk levels to automatically control classified carriers.

[0098] The corresponding response strategy combination is retrieved from the preset response strategy mapping table based on the risk level identifier. The response strategy mapping table is defined as an enumeration structure during the deployment phase, with fields including the risk level identifier and the response strategy type. When executing the response strategy, a control command is sent to the internal control interface of the classified carrier. The control command adopts the form of a structured command message, including a command type field and a parameter field.

[0099] When the risk level is identified as medium risk, a restrictive response strategy is read from the response strategy mapping table, and a corresponding control command message is generated.

[0100] In another example, step S5 can also be preferably implemented as follows: When the risk level is low, a notification-type response strategy is generated to send an alarm notification to the authorized management terminal bound to the classified carrier. The alarm notification carries the carrier identifier, the current risk offset value, and the trigger time.

[0101] The classified carrier and the authorized management terminal transmit data through a preset encrypted communication channel. The encrypted communication channel uses a symmetric encryption algorithm to encrypt the data. This symmetric encryption algorithm is a publicly available advanced encryption standard algorithm in the field of cryptography. The alarm notification is encapsulated in JSON structure format, and the fields include carrier identifier, current risk offset value and trigger time. After sending, a successful sending confirmation record is generated locally.

[0102] When the risk level is low, an alarm notification is generated with the content {"Carrier Identifier":"Carrier_01","Current Risk Offset Value":2.19,"Trigger Time":1710000002000} and sent to the authorized management terminal.

[0103] When the risk level is medium risk, a restrictive response strategy is generated. The restrictive response strategy combination includes all actions of the notification response strategy combination, and at the same time, an access freeze command is issued to the classified carrier. The access freeze command causes the operation interface of the classified carrier to refuse to receive new input events and suspend all pending access call requests until an unfreeze command is issued by the authorization management terminal.

[0104] The permission freeze command is written to the control register flag bit through the internal control interface. When the flag bit is 1, the operation interface driver returns a fixed error code to reject new input events. At the same time, a call blocking flag is set in the permission listening module to put pending permission call requests into the pending queue. When a unfreeze command message containing an unfreeze flag field is received and the verification is successful, the control register flag bit is cleared and the permission call requests in the pending queue are released.

[0105] When the risk level is medium risk, the permission freeze command flag is set to 1 at the same time as sending the alarm notification, so that all new file access requests return the error code E_FREEZE until the authorization management terminal sends the unfreeze command to restore the permissions.

[0106] When the risk level is high, a mandatory response strategy is generated. The mandatory response strategy combination includes all actions of the restrictive response strategy combination, and simultaneously triggers the audible and visual alarm device deployed on the classified carrier to continuously output alarm signals, synchronously pushes the carrier's real-time coordinates and risk level identifier to the security system, and selectively executes the carrier remote locking command or storage medium data erasure command according to the data protection strategy pre-configured in the baseline behavior file.

[0107] The audible and visual alarm device drives a buzzer and flashlight by outputting a high-level signal through the GPIO interface, with the output frequency set to twice per second. The data packets pushed to the security system include carrier identifiers, real-time coordinates, and risk level identifiers, and are sent through a preset network address. The data protection policy is stored in the baseline behavior file in the form of policy identifiers and execution conditions. When the execution conditions match the current risk level as high risk, a remote lock-up command or a storage media data erasure command is triggered. The storage media data erasure command performs a full disk overwrite three times through an overwrite algorithm, which is a publicly available multi-overwrite deletion algorithm in the field of information security.

[0108] When the risk level is high, the control GPIO interface outputs a high-level signal with a frequency of 2Hz to drive the buzzer alarm. At the same time, it sends a data packet containing real-time coordinates (120.3650, 31.2550) and a high-risk level identifier to the security system, and executes the storage medium data erasure command according to the data protection policy, performing three full disk overwrites on the storage area.

[0109] In this embodiment, sensing units deployed on the classified carrier and its usage environment collect real-time coordinates, operational behaviors, and permission call records of the classified carrier to generate current behavioral feature data. This current behavioral feature data is then compared with a preset baseline behavioral profile to calculate spatial offset, temporal offset, and operational offset, generating a risk offset value. Based on this, trend analysis is performed on the risk offset value over a continuous time period to obtain the risk change rate, and the current risk status is determined according to the risk offset value and the risk change rate. Further, based on the current risk status and the preset classification level weights of the classified carrier, the corresponding risk level is determined. Finally, a corresponding response strategy is generated according to the risk level to automatically control the classified carrier, thus forming a complete processing flow from data collection, risk quantification, trend judgment to graded response.

[0110] By deploying sensing units in classified carriers and their operating environments, real-time coordinates, operational behaviors, and access records of the classified carriers are collected, generating current behavioral characteristic data. This data is then compared in a structured manner with a pre-set baseline behavioral profile, calculating spatial, temporal, and operational offsets. A weighted summation based on pre-set weighting coefficients for each offset yields a risk offset value. Furthermore, a sliding time window is used to cache risk offset values ​​over consecutive time periods. A least-squares linear regression algorithm is employed for trend analysis to determine the rate of risk change, and this, combined with the current risk offset value, determines the current risk status. The system first maps the current risk status to a basic risk status score, multiplies it by the weighting coefficient of the classification level to obtain a comprehensive risk score, and outputs low-risk, medium-risk, or high-risk levels according to the preset risk level range. At the same time, it generates notification-type response strategies, restriction-type response strategies, or mandatory response strategies based on the risk level, and implements automatic control measures such as alarm notifications, access freezes, audible and visual alarms, and data protection commands on classified carriers. This enables quantitative identification, classification, and immediate handling of risks to classified carriers, improves the accuracy of risk identification and the timeliness of response, and overcomes the problems of delayed risk identification and difficulty in timely response in existing technologies.

[0111] like Figure 7 As shown in the example, this application also provides a risk warning and automatic response system 10 for classified carriers, including: The data acquisition module 11 is used to collect real-time coordinates, operation behaviors and permission call records of the classified carrier in real time through sensing units deployed on the classified carrier and its usage environment, and generate current behavior feature data.

[0112] The data comparison module 12 is used to compare the current behavioral feature data with the preset benchmark behavioral profile, and calculate the spatial offset, time offset and operation offset respectively to generate a risk offset value.

[0113] The trend analysis module 13 is used to perform trend analysis on the risk offset value over a continuous time period, obtain the risk change rate, and determine the current risk status based on the risk offset value and the risk change rate.

[0114] Risk assessment module 14 is used to determine the corresponding risk level based on the current risk status and the pre-set classification level weight of the classified carrier.

[0115] The strategy generation module 15 is used to generate corresponding response strategies based on the risk level in order to automatically control classified carriers.

[0116] In this example, the risk warning and automatic response process for classified carriers is divided into a data acquisition module 11, a data comparison module 12, a trend analysis module 13, a risk assessment module 14, and a strategy generation module 15. Functionally, these modules correspond to the generation of current behavioral characteristic data, the calculation of spatial, temporal, and operational offsets, the acquisition of risk change rates and the determination of current risk status, the calculation of comprehensive risk scores and the output of risk levels, and the generation of response strategies and the issuance of control commands. This achieves a structured division of labor for classified carriers, from data acquisition, offset quantification, trend analysis, risk classification to automatic control. The modules communicate with each other through structured data interfaces, transmitting fields such as real-time coordinates, operational behaviors, access records, risk offset values, current risk status, and risk levels. This ensures the consistency and integrity of data flow, clearly defines functional divisions and responsibilities, and facilitates modular configuration and expansion under different hardware environments or deployment scales. It also ensures consistency with the processing logic of the risk warning and automatic response methods for classified carriers, thereby achieving continuous monitoring, quantitative assessment, and graded response control of risks to classified carriers.

[0117] It should be noted that those skilled in the art will understand that, for the sake of convenience and brevity, the specific working process of the system and each module described above can be referred to the corresponding process in the aforementioned Embodiment 1, and will not be repeated here.

[0118] like Figure 8As shown, this application example also provides an electronic device 20, including a memory 21 and a processor 22. The memory 21 stores a computer program that can run on the processor 22. When the processor 22 executes the computer program, it implements the above-mentioned risk warning and automatic response method for classified carriers.

[0119] In this example, a computer program for implementing a risk warning and automatic response method for classified carriers is stored in the memory 21 of the electronic device 20. The processor 22 executes the computer program according to a preset instruction sequence, enabling the processor 22 to sequentially perform operations such as generating current behavioral feature data, calculating spatial, temporal, and operational offsets, weighted summation of risk offset values, fitting calculation of risk change rate, determining the current risk status, calculating a comprehensive risk score, outputting the risk level, and generating response strategy control instructions. This achieves a complete risk warning and automatic response function on a single electronic device 20 hardware architecture. By embedding each calculation logic in the memory 21 in the form of program instructions, the processor 22 execution process is guaranteed to have definite input-output relationships and calculation rules, enabling the classified carrier risk identification and control process to run in a repeatable and verifiable manner, thereby improving the automation level and execution efficiency of risk assessment.

[0120] This application also provides a computer-readable storage medium having a computer program stored thereon, which, when run by a processor, causes the processor to execute the risk warning and automatic response method for classified carriers as described above.

[0121] In this example, by storing a computer program for implementing a risk warning and automatic response method for classified carriers in a computer-readable storage medium, the computer program, when loaded and run by a processor, drives the processor to perform processing steps such as constructing current behavioral feature data, calculating offsets, generating risk offset values, trend analysis, determining the current risk status, classifying risk levels, and generating response strategies. This encapsulates the risk warning and automatic response capabilities of classified carriers in a deployable software form. The independent storage and distribution of the method logic through a computer-readable storage medium ensures that different electronic devices can obtain consistent risk assessment and control functions after loading the computer program. This guarantees that the implementation method is consistent with the risk warning and automatic response method flow of classified carriers and improves the replicability and deployment flexibility of the solution in practical applications.

[0122] The above embodiments are merely illustrative examples for clear explanation and are not intended to limit the implementation. Those skilled in the art will recognize that other variations or modifications can be made based on the above description. It is neither necessary nor possible to exhaustively list all possible implementations. However, obvious variations or modifications derived therefrom are still within the scope of protection of this invention.

Claims

1. A risk warning and automatic response method for classified carriers, characterized in that, include: By using sensing units deployed on classified carriers and their usage environment, the real-time coordinates, operation behaviors, and permission call records of the classified carriers are collected in real time to generate current behavior feature data. The current behavioral feature data is compared with a preset baseline behavioral profile, and the spatial offset, temporal offset and operational offset are calculated respectively to generate a risk offset value. A trend analysis is performed on the risk offset value over a continuous time period to obtain the risk change rate, and the current risk status is determined based on the risk offset value and the risk change rate. Based on the current risk status and the preset classification level weights of the classified carrier, the corresponding risk level is determined; Based on the risk level, a corresponding response strategy is generated to automatically control classified carriers.

2. The risk warning and automatic response method for classified carriers according to claim 1, characterized in that, The step of generating current behavioral characteristic data by using sensing units deployed on classified carriers and their usage environment to collect real-time coordinates, operational behaviors, and permission call records of the classified carriers in real time includes: The real-time coordinates of the classified carrier within the authorized use area are obtained by pre-setting several radio frequency tags on the classified carrier. The user's operational behavior on the classified carrier is captured by a behavior acquisition module preset on the classified carrier at a preset sampling frequency; By intercepting interface call requests within a preset permission range during the operation of the classified carrier through a preset permission monitoring system, and extracting the call source identifier, call target resource identifier, and call time from the interface call request, permission call records are generated. The real-time coordinates, the operation behavior, and the permission call record are time-aligned and then merged to generate current behavior feature data.

3. The risk warning and automatic response method for classified carriers according to claim 2, characterized in that, The step of obtaining the real-time coordinates of the classified carrier within the authorized use area by pre-setting several radio frequency tags on the classified carrier includes: Within the authorized use area of ​​the classified carrier, an array of radio frequency read / write base stations is deployed according to a preset grid spacing; The radio frequency read / write base station array continuously broadcasts query signals to a number of radio frequency tags preset on the classified carrier; The system receives signal strength values ​​returned by each RFID tag, converts these values ​​into distance values ​​based on a preset path loss model, and uses a trilateration positioning algorithm to measure and locate all distance values ​​to obtain real-time coordinates.

4. The risk warning and automatic response method for classified carriers according to claim 1, characterized in that, The baseline behavior file stores the set of authorized spatial activity boundary coordinates of the classified carrier, the set of standard operation time windows, and the set of compliant permission call features. The step of comparing the current behavioral feature data with a preset baseline behavioral profile and calculating spatial offset, temporal offset, and operational offset to generate a risk offset value includes: The real-time coordinates in the current behavior feature data are compared with the set of spatial activity boundary coordinates. The Euclidean distance from the real-time coordinates to the nearest authorized boundary is calculated. The difference between the Euclidean distance and the preset spatial reference threshold is calculated to obtain the spatial offset. The occurrence time of the operation in the current behavior feature data is compared with the standard operation time window set, the duration of the operation occurrence time deviating from the boundary of the most recent authorized time window is calculated, and the duration is calculated by difference with a preset time base threshold to obtain the time offset. The permission call records in the current behavior feature data are matched one by one with the compliant permission call feature set. The number of call entries that do not match or are greater than the compliant permission call feature set within a unit of time is counted. The difference between the number and the preset operation benchmark threshold is calculated to obtain the operation offset. The risk offset value is obtained by performing a weighted summation operation on the spatial offset, time offset, and operation offset.

5. The risk warning and automatic response method for classified carriers according to claim 1, characterized in that, The step of performing trend analysis on the risk offset value over a continuous time period to obtain the risk change rate, and determining the current risk status based on the risk offset value and the risk change rate, includes: The continuously collected risk offset values ​​are cached using a preset sliding time window to obtain a sample sequence; Linear regression is performed on the sample sequence, and the slope of the fitted line is used as the rate of risk change. The risk offset value at the latest moment in the sample sequence is extracted as the current risk offset value. The current risk offset value is compared with a preset offset state classification threshold to determine the offset dimension state value, and the risk change rate is compared with a preset rate state classification threshold to determine the rate dimension state value. The offset dimension state value and the rate dimension state value are logically combined. When either the offset dimension state value or the rate dimension state value reaches a higher state level, the higher state level is taken as the current risk state.

6. The risk warning and automatic response method for classified carriers according to claim 1, characterized in that, The classification level weighting coefficient is taken within a preset value range according to the classification level of the information stored on the classified carrier. The higher the classification level, the larger the classification level weighting coefficient. The step of determining the corresponding risk level based on the current risk status and the preset classification level weights of the classified carrier includes: The current risk status is mapped to the corresponding basic risk status score, and the basic risk status score is multiplied by the classification level weight coefficient to obtain the comprehensive risk score. The comprehensive risk score is compared with a preset risk level range. When the comprehensive risk score falls into the preset low-risk range, a low-risk level is output. When the comprehensive risk score falls within the preset medium-risk range, the medium-risk level is output; When the comprehensive risk score falls into the preset high-risk range, a high-risk level is output.

7. The risk warning and automatic response method for classified carriers according to claim 1, characterized in that, The step of generating a corresponding response strategy based on the risk level to automatically control classified carriers includes: When the risk level is low, a notification-type response strategy is generated to send an alarm notification to the authorized management terminal bound to the classified carrier. The alarm notification carries the carrier identifier, the current risk offset value, and the trigger time. When the risk level is medium risk, a restrictive response strategy is generated, and an access freeze command is issued to the classified carrier. When the risk level is high, a mandatory response strategy is generated, and the audible and visual alarm device deployed on the classified carrier body is triggered to continuously output alarm signals.

8. A risk warning and automatic response system for classified carriers, characterized in that, include: The data acquisition module is used to collect the real-time coordinates, operation behavior and permission call records of the classified carrier in real time through the sensing unit deployed on the classified carrier and its usage environment, and generate current behavior feature data. The data comparison module is used to compare the current behavioral feature data with the preset benchmark behavioral profile, and calculate the spatial offset, time offset and operation offset respectively to generate a risk offset value. The trend analysis module is used to perform trend analysis on the risk offset value over a continuous time period, obtain the risk change rate, and determine the current risk status based on the risk offset value and the risk change rate. The risk assessment module is used to determine the corresponding risk level based on the current risk status and the preset classification level weight of the classified carrier; The strategy generation module is used to generate corresponding response strategies based on the risk level in order to automatically control classified carriers.

9. An electronic device, characterized in that, It includes a memory and a processor, the memory storing a computer program that can run on the processor, and the processor executing the computer program to implement the risk warning and automatic response method for classified carriers as described in any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that, It stores a computer program that, when executed by a processor, causes the processor to perform the risk warning and automatic response method for classified carriers as described in any one of claims 1 to 7.

Images