An intelligent wearing safety warning method and system based on artificial intelligence
By constructing multi-dimensional personal digital behavior profiles and collaborative verification, combined with physiological characteristic verification, the security vulnerabilities of smart wearable devices have been solved, enabling accurate identification and proactive protection, and adapting to the data security needs of various scenarios in the textile industry.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- NANTONG UNIV
- Filing Date
- 2026-02-03
- Publication Date
- 2026-06-19
AI Technical Summary
Existing smart wearable devices are prone to security vulnerabilities during cloud storage and system interaction, with frequent risks of data leakage and privacy theft. There is a lack of accurate identification and proactive protection capabilities for smart wearable devices in textile production. Furthermore, the perception dimensions of a single device are limited, and environmental interference leads to a high false alarm rate. Static protection strategies are difficult to adapt to the security needs of various occasions.
By constructing a multi-dimensional personal digital behavior profile for users' smart wearable devices, and using artificial intelligence technology to identify abnormal activities in real time, combined with physiological feature verification, collaborative verification and graded alerts can be carried out to achieve accurate identification and proactive protection against information leakage threats.
It achieves accurate identification and reliable protection against information leakage threats, reduces false alarm rate, adapts to multiple scenarios, and provides comprehensive data security.
Smart Images

Figure CN122241749A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of smart wearable safety technology, specifically to a smart wearable safety warning method and system based on artificial intelligence. Background Technology
[0002] Smart wearable devices have been deeply integrated into daily life, widely used in daily health monitoring, mobile office, financial payments, and other everyday situations. They have become important carriers of users' sensitive information. Especially in the textile industry, with the integration of flexible electronics and textile technology, smart wearable devices, smart work clothes, gloves, etc., generated by textile processes are becoming increasingly popular in industrial settings. They have become important carriers for monitoring workers' vital signs, operational behaviors, and environmental data. These devices often involve the collection and transmission of private data such as biometrics and activity trajectories, and are prone to security vulnerabilities in cloud storage and system interaction, leading to frequent risks such as data leakage and privacy theft. Traditional security protection methods mostly rely on passive defense, which is difficult to cope with dynamically changing security threats, and the limitations of protection are becoming increasingly apparent. However, the advantages of artificial intelligence technology in real-time monitoring and risk prediction continue to emerge, providing key technical support for breaking through existing protection bottlenecks and building a proactive security warning system, thus promoting the development of smart wearable device security protection in the textile industry towards intelligence and precision.
[0003] Existing technologies, such as the invention patent application with publication number CN105278686A, disclose a security alert method and device for smart wearable devices. The method includes: obtaining the current user identity information of the smart wearable device, detecting whether it is an authorized user, deciding whether to connect to the network to send a prompt to the associated terminal, assisting in finding the device, turning off the device function to prevent data leakage, and improving the security of use. Existing technologies, such as the invention patent application with publication number CN106408863B, disclose a smart warning wearable device based on multi-view machine vision. The device includes: a multi-view vision module and a warning module, both of which can interact with the processor and transmit information. The former senses obstacles moving in multiple directions within a preset distance and transmits their positions. The processor calculates the arrival time and controls the warning module to send a signal, realizing all-round intelligent real-time warning.
[0004] As can be seen from the above solutions, while current smart wearable devices have become important carriers of sensitive information such as users' biometrics and activity trajectories, they are prone to security vulnerabilities during cloud storage and system interaction, leading to frequent risks such as data leakage and privacy theft. Existing solutions only focus on device retrieval and function shutdown to prevent data leakage, or focus on obstacle detection and warnings. They lack the ability to accurately identify and proactively protect against information leakage threats from smart wearable devices produced in the textile industry. Furthermore, textile-produced smart wearable devices often face challenges such as limited perception dimensions of individual devices, high false alarm rates due to environmental interference, and the difficulty of adapting static protection strategies to various scenarios from personal consumption to industrial applications. They cannot achieve accurate identification, type judgment, and proactive collaborative protection against information leakage threats across device groups, thus failing to meet the urgent needs of the textile industry for intelligent, precise, and proactive security protection for smart wearable devices. Summary of the Invention
[0005] In view of the above-mentioned technical deficiencies, the purpose of this invention is to provide an intelligent wearable safety warning method and system based on artificial intelligence.
[0006] To solve the above-mentioned technical problems, the present invention adopts the following technical solution: The first aspect of the present invention provides a smart wearable security warning method based on artificial intelligence, including step 1. Risk perception: constructing a personal digital behavior profile of the user's smart wearable, identifying and marking abnormal activities by comparing the current running behavior of the application with the personal digital behavior profile of the user's smart wearable in real time, and identifying information leakage threat events by comprehensively verifying the identity verification results.
[0007] Preferably, the method for constructing a user's personal digital behavior profile using smart wearable devices is as follows: the data acquisition engine of the smart wearable device collects multi-source raw data from three dimensions: the type of application permission request, the duration and frequency of permission calls are collected in the user application permission call sequence dimension; the connection target address and data transmission volume are collected in the network communication mode dimension; and the shared records between applications, external device connections and key user operation trajectories are collected in the data interaction behavior dimension.
[0008] The raw data collected from user application permission call sequences, network communication patterns, and data interaction behaviors are cleaned and correlated. An attention-based recurrent neural network is used to capture the long-term dependencies of different permissions in the call order and duration interval in the user application permission call sequence. Clustering algorithms are used to perform group behavior analysis on the connection target address and data transmission volume in the network communication pattern to establish a dynamic normal communication baseline. Graph neural network technology is used to analyze the interaction relationship graph between applications, devices, and users in the data interaction behavior. Finally, a dynamically updated personal behavior digital profile of the user's smart wearable is constructed.
[0009] Preferably, the method for identifying and marking abnormal activities is as follows: if the type of application request permission collected in real time is inconsistent with the type of application request permission recorded in the personal digital behavior profile, or if the duration and frequency of permission calls deviate from the preset allowed range in the personal digital behavior profile, then it is identified as an abnormal activity and marked as an application abnormality.
[0010] The connection target address and data transmission volume in real-time network communication are compared with the normal communication baseline established in the personal digital behavior profile. If the connection target address is not within the preset allowable range of the normal communication baseline or the data transmission volume deviates from the preset deviation threshold of the normal communication baseline, it is identified as abnormal activity and marked as network abnormality.
[0011] If the real-time interaction relationships between application-shared records, external device connections, and key user operation trajectories conflict with the interaction topology structure built in the personal digital behavior profile, it is identified as abnormal activity and marked as data interaction anomaly.
[0012] Preferably, the method for identifying information leakage threat events through the comprehensive identity verification result is as follows: the physiological characteristics of the user are collected by the physiological sensor built into the smart wearable and matched with the physiological characteristics at the time of registration. If the similarity of the physiological characteristics is greater than the preset similarity threshold, the current user is determined to be the user; otherwise, the current user is determined not to be the user.
[0013] If the current user is not the actual user, and any of the following is detected: application anomaly, network anomaly, or data interaction anomaly, then the current smart wearable device is identified as having a potential information leakage threat.
[0014] If the current user is the user themselves, the application anomaly, network anomaly, and data interaction anomaly are weighted and summed as the evaluation value of the information leakage threat event. If the evaluation value of the information leakage threat event is greater than the preset evaluation threshold, then the current smart wearable is identified as having an information leakage threat event.
[0015] Step 2. Collaborative Verification and Evaluation: The identified information leakage threat events are transformed into collaborative analysis requests. Collaborative verification is conducted among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and, in turn, determine the type of information leakage threat events.
[0016] Preferably, the specific method for converting the identified information leakage threat event into a collaborative analysis request is as follows: the identified information leakage threat event is generated into a data packet containing abnormal activity type characteristics, timestamps, and smart wearable device identifiers according to a preset standardized format; the data packet is used as a collaborative analysis request through the Bluetooth module integrated in the smart wearable device; and a lightweight encryption mechanism is used to distribute it to a group of users wearing similar smart wearable devices within a preset range; so that similar smart wearable devices within the preset range can receive and decrypt the collaborative analysis request, thus completing the conversion from information leakage threat event to collaborative analysis request.
[0017] Preferably, the method for assessing the confidence level of information leakage threat events is as follows: when a group of users wearing similar smart wearable devices within a preset range receives a collaborative analysis request, the receiving similar smart wearable devices decrypt the collaborative analysis using a lightweight encryption mechanism, and then compare and verify the abnormal activity type characteristics in the information leakage threat event described in the collaborative analysis with the device's local personal digital behavior profile.
[0018] If the number of collaborating devices whose abnormal activity type characteristics described in the feedback collaborative analysis request are significantly inconsistent with the local personal digital behavior profile of the receiving device is greater than the preset confirmation threshold, and if the feature space clustering analysis of the abnormal activity type characteristics provided by the collaborating devices with inconsistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with inconsistent feedback conclusions show a high-density clustering trend in the clustering analysis, then the information leakage threat event is determined to be of the first confidence level.
[0019] If the number of collaborating devices whose abnormal activity characteristics described in the feedback collaborative analysis request are consistent with the conclusions in the local personal digital behavior profile of the receiving device is greater than a preset rejection threshold, and if the feature space clustering analysis of the abnormal activity type characteristics provided by the collaborating devices with consistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with consistent feedback conclusions show a dispersed distribution pattern, then the information leakage threat event is determined to be of the second confidence level.
[0020] Preferably, all features of abnormal application activities, abnormal network activities, and abnormal data interaction activities are extracted, and graph neural network technology is used to construct a unified abnormal behavior association graph of all features of the three types of abnormal activities. In this graph, nodes represent abnormal activity events, and edges represent connections between abnormal activity events based on chronological order and logical dependency. Threat type feature patterns are identified by analyzing the graph topology.
[0021] When multiple abnormal activity event nodes are detected to form a densely associated structure around a sensitive data entity, and there are data flow paths between these nodes, the information leakage threat event is determined to be a data theft threat.
[0022] When an abnormal activity event node is detected to present a directional link from an application permission node to an abnormal external network connection node, and this link has permission escalation characteristics, the information leakage threat event is determined to be an unauthorized access threat.
[0023] Step 3. Tiered Alerts and Protection: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, tiered alerts are triggered on smart wearable devices, and users are supported in taking proactive protection and countermeasures.
[0024] Preferably, the method for triggering the graded alert of the smart wearable device is as follows: trigger the graded alert of the smart wearable device according to the type and confidence level of the information leakage threat event.
[0025] If the information leakage threat is a data theft threat and is at the first confidence level, the smart wearable device will be triggered to issue an advanced alert by vibrating strongly, playing a high-frequency alarm sound, and automatically performing data encryption and network disconnection.
[0026] If the information leakage threat is a data theft threat and is at the second confidence level, the smart wearable device will be triggered to issue a medium-level alert by generating intermittent vibrations.
[0027] If the information leakage threat is an unauthorized access threat and is at the first confidence level, the smart wearable device will be triggered to issue a medium-level alert by forcibly restricting access permissions and triggering user identity verification.
[0028] If the information leakage threat is an unauthorized access threat and has a second level of confidence, the smart wearable device will trigger a low-level alert by slightly vibrating to alert the user to the abnormal activity.
[0029] Preferably, the method for supporting users to perform proactive protection and countermeasures is as follows: when the smart wearable device identifies an information leakage threat event, proactive protection is carried out through graded warnings of the smart wearable device based on the type and confidence level of the information leakage threat event. After the smart wearable device triggers the graded warning, the characteristics of the identified information leakage threat event are marked and added to the information leakage threat event blacklist. At the same time, the characteristics of the information leakage threat event type are distributed to similar smart wearable devices within a preset range through the Bluetooth module. When the characteristics of the same information leakage threat event type are detected, the connection request is automatically blocked, and false information is returned to the attack source using virtual sensitive data. The initiation point of the information leakage threat event is located based on the recorded attack behavior.
[0030] A second aspect of the present invention provides a security alert system based on an artificial intelligence-based smart wearable security alert method, comprising a risk perception module: used to construct a personal digital behavior profile of the user's smart wearable, identify and mark abnormal activities by comparing the application's current running behavior with the user's personal digital behavior profile of the smart wearable in real time, and identify information leakage threat events by comprehensively verifying the identity verification results.
[0031] Collaborative Verification and Evaluation Module: This module transforms identified information leakage threat events into collaborative analysis requests. It then conducts collaborative verification among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and, in turn, determine the type of information leakage threat events.
[0032] Tiered alert and protection module: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, it triggers tiered alerts on smart wearable devices and supports users in taking proactive protection and countermeasures.
[0033] The beneficial effects of the present invention are as follows: (1) The first part of the present invention: by collecting data from multiple dimensions to construct a dynamically updated personal digital behavior profile, it can accurately capture the personalized patterns of user permission calls, network communication, and data interaction, avoid the problem of poor adaptability of traditional static profiles, and combine physiological characteristic identity verification and abnormal activity weighted evaluation to distinguish the leakage threat in the user's own and non-user's scenarios, greatly reduce the false alarm rate of single abnormal activity judgment, and provide accurate initial risk positioning for information security protection.
[0034] (2) The second part of the present invention: relying on the collaborative verification of similar smart wearable devices within a preset range, it solves the pain points of the limited perception and high false alarm rate of traditional single smart wearable devices. By cluster analysis, it judges the aggregation or dispersion of feedback features of collaborative devices, which can accurately assess the confidence level of information leakage threat events. It can also identify the type of information leakage threat events in reverse, which significantly improves the reliability and comprehensiveness of the identification of information leakage threat events of smart wearable devices generated in the textile industry.
[0035] (3) The third part of the present invention: triggering graded warnings according to the type and confidence level of information leakage threat events, which not only avoids the problem of insufficient warnings or excessive interference of information leakage threat events, but also achieves precise protection through targeted measures such as data encryption and permission restriction, and supports active countermeasures, solves the defects of traditional passive protection, adapts to multiple scenarios of consumer and industrial levels, and comprehensively protects the data security of smart wearable devices generated in the textile industry. Attached Figure Description
[0036] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0037] Figure 1 This is a schematic diagram of the method flow of the present invention.
[0038] Figure 2 This is a schematic diagram of the system modules of the present invention. Detailed Implementation
[0039] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0040] Reference Figure 1 As shown, the present invention provides a smart wearable security alert method based on artificial intelligence, including step 1. Risk perception: constructing a personal digital behavior profile of the user's smart wearable, identifying and marking abnormal activities by comparing the current running behavior of the application with the personal digital behavior profile of the user's smart wearable in real time, and identifying information leakage threat events by comprehensively verifying the identity verification results.
[0041] The personal digital behavior profile includes the user's application permission call sequence, network communication patterns, and data interaction behavior.
[0042] It should be noted that the parameters of the personal digital behavior profile include not only the user's application permission call sequence, network communication mode, and data interaction behavior, but also basic parameters set based on historical data, such as: the duration and frequency of permission calls deviating from the allowable range of the personal digital behavior profile; the allowable range of connection target addresses in the normal communication baseline; the allowable deviation threshold of data transmission volume in the normal communication baseline; the similarity threshold of user physiological characteristics; the assessment threshold of information leakage threat events; the standardized format for generating data packets containing anomalous activity type characteristics, timestamps, and smart wearable device identifiers for information leakage threat events; the scope of distributing collaborative analysis requests to user groups wearing similar smart wearable devices; the confirmation threshold for the number of anomalous activity type characteristics reported by smart wearable collaborative devices that are significantly inconsistent with the local personal digital behavior profile; and the rejection threshold for the number of anomalous activity characteristics reported by smart wearable collaborative devices that are consistent with the local personal digital behavior profile.
[0043] It should be noted that collaborative verification through a group of nearby users wearing smart wearable devices is intended to address the limitations and high false alarm rate of perception from a single smart wearable device generated in the textile industry.
[0044] In a specific embodiment of the present invention, the method for constructing a user's personal digital behavior profile using a smart wearable device is as follows: the data acquisition engine of the smart wearable device collects multi-source raw data from three dimensions: the type of application permission request, the duration and frequency of permission calls are collected in the user application permission call sequence dimension; the connection target address and data transmission volume are collected in the network communication mode dimension; and the shared records between applications, external device connections and key user operation trajectories are collected in the data interaction behavior dimension.
[0045] The raw data collected from user application permission call sequences, network communication patterns, and data interaction behaviors are cleaned and correlated. An attention-based recurrent neural network is used to capture the long-term dependencies of different permissions in the call order and duration interval in the user application permission call sequence. Clustering algorithms are used to perform group behavior analysis on the connection target address and data transmission volume in the network communication pattern to establish a dynamic normal communication baseline. Graph neural network technology is used to analyze the interaction relationship graph between applications, devices, and users in the data interaction behavior. Finally, a dynamically updated personal behavior digital profile of the user's smart wearable is constructed.
[0046] The data acquisition engine of the smart wearable device is based on textile integration technology and is woven into the fabric of the wearable device in the form of fibers, which ensures the non-intrusiveness and continuity of data acquisition.
[0047] In one specific embodiment, the raw data collected from user application permission call sequences, network communication modes, and data interaction behaviors are cleaned and correlated. The specific method is as follows: abnormal format fields in the raw data are processed through data verification and repair rules, and all raw data from all sources are uniformly standardized and transformed. The raw data generated in the same time window and belonging to different dimensions are precisely aligned and correlated in the spatiotemporal dimension through key fields, and users and data with valid correlation status are selected.
[0048] It should be noted that during the association process, filtering users and data whose association status is valid based on the original data across the three dimensions ensures that the subsequently constructed personal behavior digital profiles are based only on currently active and legitimate data, excluding interference from deregistered users and historical data with outdated data.
[0049] For example, key fields include transaction ID and timestamp from the original data.
[0050] It should be noted that in the process of constructing a personal digital behavior profile, this invention introduces an existing technical means of recurrent neural networks based on attention mechanisms. It utilizes the inherent characteristics of recurrent neural networks in processing sequential data to capture the long-term dependency relationship between different permissions in terms of call order and duration interval. The specific parameter settings of this neural network are within the range that can be conventionally selected by those skilled in the art according to actual needs, and do not affect the implementation by those skilled in the art.
[0051] It should be noted that the core parameter settings and operation details of the clustering algorithm used in this invention are common knowledge in the field of unsupervised learning. Those skilled in the art can set them according to the actual scenario. For example, parameters such as the number of clusters, neighborhood radius, and minimum number of samples are all standardized settings in the field of unsupervised learning. Those skilled in the art can flexibly configure them based on conventional experience and specific scenarios without affecting the implementation and reproduction of the technical solution of this invention.
[0052] It should be noted that the normal communication baseline includes all target addresses and regular data transmission volume connected by the user device during normal communication. Establishing a dynamic normal communication baseline is the core pain point of high false alarm rate and poor adaptability faced by traditional static protection strategies on smart wearable devices. By introducing dynamic learning and personalized analysis, it has achieved a leap in three major capabilities: accurate identification, adaptive evolution, and proactive defense, providing users with unprecedented reliable security protection.
[0053] It should be noted that the graph neural network technology used in this invention is a mature technology in the fields of deep learning and graph learning, with its basic architecture and parameter settings being implemented in a mature manner. Classic model structures such as graph convolutional networks and graph attention networks are standard paradigms for processing graph structure data. Parameters involved in model training, such as learning rate, optimizer selection, hidden layer dimension, and number of attention heads, are all common practices for training deep neural network models. The specific implementation details and parameter settings of these model architectures can be conventionally selected and flexibly determined by those skilled in the art based on specific tasks and graph data characteristics, without affecting the implementation and reproduction of the core solution of this invention.
[0054] In a specific embodiment of the present invention, the method for identifying and marking abnormal activities is as follows: if the type of application request permission collected in real time is inconsistent with the type of application request permission recorded in the personal digital behavior profile, or if the duration and frequency of permission calls deviate from the preset allowed range in the personal digital behavior profile, then it is identified as an abnormal activity and marked as an application abnormality.
[0055] The connection target address and data transmission volume in real-time network communication are compared with the normal communication baseline established in the personal digital behavior profile. If the connection target address is not within the preset allowable range of the normal communication baseline or the data transmission volume deviates from the preset deviation threshold of the normal communication baseline, it is identified as abnormal activity and marked as network abnormality.
[0056] If the real-time interaction relationships between application-shared records, external device connections, and key user operation trajectories conflict with the interaction topology structure built in the personal digital behavior profile, it is identified as abnormal activity and marked as data interaction anomaly.
[0057] It should be noted that the construction process of personal digital behavior profiles has ensured data quality through rigorous data cleaning and correlation operations. The behavioral patterns stored in personal digital behavior profiles have effectively eliminated interference from abnormal data, accurately reflecting the user's normal behavioral characteristics and providing a reliable benchmark reference for real-time comparison.
[0058] In a specific embodiment of the present invention, the method for identifying information leakage threat events by means of the comprehensive identity verification result is as follows: the physiological characteristics of the user are collected by the physiological sensor built into the smart wearable and matched with the physiological characteristics at the time of registration. If the similarity of the physiological characteristics is greater than the preset similarity threshold, it is determined that the current user is the user himself / herself; otherwise, it is determined that the current user is not the user himself / herself.
[0059] If the current user is not the actual user, and any of the following is detected: application anomaly, network anomaly, or data interaction anomaly, then the current smart wearable device is identified as having a potential information leakage threat.
[0060] If the current user is the user themselves, the application anomaly, network anomaly, and data interaction anomaly are weighted and summed as the evaluation value of the information leakage threat event. If the evaluation value of the information leakage threat event is greater than the preset evaluation threshold, then the current smart wearable is identified as having an information leakage threat event.
[0061] It should be noted that the physiological characteristics referred to are those collected by embedding sensors into the fabric of smart wearable devices using textile integration technology, including heart rate monitored by photoplethysmography and electrocardiogram waveforms collected by textile-based flexible dry electrodes that contact the skin.
[0062] After normalizing the feature values of each abnormal feature parameter in the information leakage threat event assessment value when the user is the same person, a weighted sum is performed to obtain the abnormal feature parameters for each assessment of the information leakage threat event. Specifically, the weighted sum is obtained by summing the feature values of each abnormal feature parameter with their corresponding weight coefficients. The weight coefficients for each abnormal feature parameter are obtained from the data warehouse. The weight coefficients of each abnormal feature parameter reflect the degree and direction of influence of the abnormal feature parameter on the information leakage threat event. The direction of influence includes positive and negative influence.
[0063] For example, information breach threat event assessment data from a particular assessment of an information breach threat event is used as an application anomaly. Network anomaly Data interaction anomalies For example, data interaction anomalies have the greatest impact on information leakage threats, and the direction of the impact is positive. This is followed by network anomalies, also in a positive direction, and finally application anomalies, all in a positive direction. Therefore, the weight coefficients for data interaction anomalies, network anomalies, and application anomalies can be set to 0.5, 0.3, and 0.2, respectively. The anomaly characteristic parameters for this assessment of the information leakage threat are then... .
[0064] Step 2. Collaborative Verification and Evaluation: The identified information leakage threat events are transformed into collaborative analysis requests. Collaborative verification is conducted among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and, in turn, determine the type of information leakage threat events.
[0065] In a specific embodiment of the present invention, the method for converting the identified information leakage threat event into a collaborative analysis request is as follows: the identified information leakage threat event is generated into a data packet containing abnormal activity type characteristics, a timestamp, and a smart wearable device identifier according to a preset standardized format. This data packet is used as a collaborative analysis request through the Bluetooth module integrated in the smart wearable device, and distributed to a group of users wearing similar smart wearable devices within a preset range using a lightweight encryption mechanism. This allows similar smart wearable devices within the preset range to receive and decrypt the collaborative analysis request, thus completing the conversion from information leakage threat event to collaborative analysis request.
[0066] The Bluetooth module integrated into the smart wearable device adopts a flexible circuit design and is embedded in the device in a textile-compatible manner, ensuring reliable short-range communication while maintaining the overall flexibility of the smart wearable device.
[0067] It should be noted that lightweight encryption mechanisms refer to a type of cryptographic solution specifically designed for small electronic devices with severely limited computing power, storage space, battery life, or physical size. Its core objective is to enable security tasks such as encryption, authentication, and hashing to run efficiently in resource-constrained environments without sacrificing necessary security strength. This is achieved by optimizing algorithm structure, simplifying computational steps, reducing memory usage, and lowering energy consumption. This protects the confidentiality, integrity, and authenticity of the data generated, stored, and transmitted by these devices. The generation of data packets from identified information leakage threats and their distribution to users wearing similar smart wearable devices within a preset range also employs a lightweight encryption mechanism.
[0068] It should be noted that the characteristics of abnormal activity types refer to the type of application request for permissions, the duration and frequency of permission calls, the target address of the connection, the amount of data transmitted, the shared records between applications, the connection of external devices, and the user's key operation trajectory.
[0069] For example, the preset range is 5 meters, 10 meters, etc.
[0070] In a specific embodiment of the present invention, the method for assessing the confidence level of an information leakage threat event is as follows: when a group of users wearing similar smart wearable devices within a preset range receives a collaborative analysis request, the receiving similar smart wearable devices decrypt the collaborative analysis using a lightweight encryption mechanism, and then compare and verify the abnormal activity type characteristics in the information leakage threat event described in the collaborative analysis with the device's local personal digital behavior profile.
[0071] If the number of collaborating devices whose abnormal activity type characteristics described in the feedback collaborative analysis request are significantly inconsistent with the local personal digital behavior profile of the receiving device is greater than the preset confirmation threshold, and if the feature space clustering analysis of the abnormal activity type characteristics provided by the collaborating devices with inconsistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with inconsistent feedback conclusions show a high-density clustering trend in the clustering analysis, then the information leakage threat event is determined to be of the first confidence level.
[0072] If the number of collaborating devices whose abnormal activity characteristics described in the feedback collaborative analysis request are consistent with the conclusions in the local personal digital behavior profile of the receiving device is greater than a preset rejection threshold, and if the feature space clustering analysis of the abnormal activity type characteristics provided by the collaborating devices with consistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with consistent feedback conclusions show a dispersed distribution pattern, then the information leakage threat event is determined to be of the second confidence level.
[0073] It should be noted that the high-density clustering pattern indicates that the abnormal activity characteristics detected independently by multiple similar smart wearable devices have a high degree of consistency, which increases the confidence in the existence of information leakage threat events. On the other hand, the dispersed distribution pattern reflects that the abnormal activity characteristics detected independently by multiple similar smart wearable devices lack consensus and have low confidence. This judgment mechanism, by combining the statistical analysis of the number of similar smart wearable devices with feature space analysis, significantly improves the accuracy of confidence assessment.
[0074] It should be noted that the first confidence level is higher than the second confidence level.
[0075] In a specific embodiment of the present invention, the method for reversely determining the type of information leakage threat event is as follows: extract all features of abnormal application activities, abnormal network activities, and abnormal data interaction activities, and use graph neural network technology to construct a unified abnormal behavior association graph of all features of the three types of abnormal activities, wherein nodes represent abnormal activity events and edges represent connections between abnormal activity events based on time sequence and logical dependency, and threat type feature patterns are identified by analyzing the graph topology.
[0076] When multiple abnormal activity event nodes are detected to form a densely associated structure around a sensitive data entity, and there are data flow paths between these nodes, the information leakage threat event is determined to be a data theft threat.
[0077] When an abnormal activity event node is detected to present a directional link from an application permission node to an abnormal external network connection node, and this link has permission escalation characteristics, the information leakage threat event is determined to be an unauthorized access threat.
[0078] For example, abnormal activity events include: permission invocation events, network connection sessions, and data interaction operations.
[0079] The sensitive data refers to biometric data, behavioral trajectory data, and device interaction data.
[0080] The data flow path refers to multiple abnormal activity events all targeting the same sensitive data entity.
[0081] It should be noted that the privilege escalation feature refers to the abnormal leap in privilege levels. The privilege call behavior presents a systematic escalation pattern from basic privileges to sensitive privileges. For example, in the unauthorized access scenario, the application first obtains read and write permissions for device storage, then attempts to modify system settings, and finally establishes a debugging channel to connect to external devices, forming a step-by-step leap in privileges from the application layer to the system layer.
[0082] It should be noted that by analyzing the topological relationships between anomalous activity events through graph neural networks, the essential characteristics of different threat types can be accurately identified. The definition of edges is based on the spatiotemporal relationships between anomalous activity events, including both the temporal order and the logical dependency, which can effectively capture the inherent patterns of behavior in information leakage threat events.
[0083] Step 3. Tiered Alerts and Protection: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, tiered alerts are triggered on smart wearable devices, and users are supported in taking proactive protection and countermeasures.
[0084] In a specific embodiment of the present invention, the method for triggering the graded warning of the smart wearable device is as follows: triggering the graded warning of the smart wearable device according to the type and confidence level of the information leakage threat event.
[0085] If the information leakage threat is a data theft threat and is at the first confidence level, the smart wearable device will be triggered to issue an advanced alert by vibrating strongly, playing a high-frequency alarm sound, and automatically performing data encryption and network disconnection.
[0086] If the information leakage threat is a data theft threat and is at the second confidence level, the smart wearable device will be triggered to issue a medium-level alert by generating intermittent vibrations.
[0087] If the information leakage threat is an unauthorized access threat and is at the first confidence level, the smart wearable device will be triggered to issue a medium-level alert by forcibly restricting access permissions and triggering user identity verification.
[0088] If the information leakage threat is an unauthorized access threat and has a second level of confidence, the smart wearable device will trigger a low-level alert by slightly vibrating to alert the user to the abnormal activity.
[0089] In a specific embodiment of the present invention, the method for supporting users to perform proactive protection and countermeasures is as follows: when the smart wearable device identifies an information leakage threat event, proactive protection is carried out through graded warnings of the smart wearable device based on the type and confidence level of the information leakage threat event. After the smart wearable device triggers the graded warning, the characteristics of the identified information leakage threat event type are marked and added to the information leakage threat event blacklist. At the same time, the characteristics of the information leakage threat event type are distributed to similar smart wearable devices within a preset range through the Bluetooth module. When the characteristics of the same information leakage threat event type are detected, the connection request is automatically blocked, and false information is returned to the attack source using virtual sensitive data. The initiation point of the information leakage threat event is located based on the recorded attack behavior.
[0090] It should be noted that the characteristics of information leakage threat event types refer to the relationships between nodes in the abnormal behavior association graph constructed by applying abnormal activity, abnormal network activity, and abnormal data interaction activity when judging the type of information leakage threat event.
[0091] Reference Figure 2 As shown, the present invention provides a security alert system based on artificial intelligence for smart wearable security alerts, including a risk perception module: used to construct a personal digital behavior profile of the user's smart wearable, identify and mark abnormal activities by comparing the current running behavior of the application with the personal digital behavior profile of the user's smart wearable in real time, and identify information leakage threat events by combining the identity verification results.
[0092] Collaborative Verification and Evaluation Module: This module transforms identified information leakage threat events into collaborative analysis requests. It then conducts collaborative verification among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and, in turn, determine the type of information leakage threat events.
[0093] Tiered alert and protection module: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, it triggers tiered alerts on smart wearable devices and supports users in taking proactive protection and countermeasures.
[0094] The examples described in this invention are not limited to the specific embodiments listed above. The examples are merely illustrative to facilitate understanding of the invention and do not constitute a limitation on the scope of protection of this invention. Any modifications, equivalent substitutions, etc., made within the spirit and principles of this invention should be included within the scope of protection.
[0095] The above description is merely an example and illustration of the concept of the present invention. Those skilled in the art can make various modifications or additions to the specific embodiments described or use similar methods to replace them, as long as they do not deviate from the concept of the invention or exceed the scope defined in this specification, they should all fall within the protection scope of the present invention.
Claims
1. A smart wearable safety alert method based on artificial intelligence, characterized in that, Includes the following steps: Step 1. Risk Perception: Construct a personal digital behavior profile for the user's smart wearable device. By comparing the application's current operating behavior with the user's personal digital behavior profile in real time, identify and mark abnormal activities, and identify information leakage threat events based on the comprehensive identity verification results. Step 2. Collaborative Verification and Evaluation: The identified information leakage threat events are transformed into collaborative analysis requests. Collaborative verification is conducted among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and reversely determine the type of information leakage threat events. Step 3. Tiered Alerts and Protection: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, tiered alerts are triggered on smart wearable devices, and users are supported in taking proactive protection and countermeasures.
2. The intelligent wearable safety alert method based on artificial intelligence according to claim 1, characterized in that, The specific method for constructing a user's personal digital behavior profile for smart wearables is as follows: The data acquisition engine of smart wearable devices collects multi-source raw data from three dimensions: the type of application permission request, the duration and frequency of permission calls, the connection target address and data transmission volume, and the data interaction behavior record between applications, external device connection and key user operation trajectory. The raw data collected from user application permission call sequences, network communication patterns, and data interaction behaviors are cleaned and correlated. An attention-based recurrent neural network is used to capture the long-term dependencies of different permissions in the call order and duration interval in the user application permission call sequence. Clustering algorithms are used to perform group behavior analysis on the connection target address and data transmission volume in the network communication pattern to establish a dynamic normal communication baseline. Graph neural network technology is used to analyze the interaction relationship graph between applications, devices, and users in the data interaction behavior. Finally, a dynamically updated personal behavior digital profile of the user's smart wearable is constructed.
3. The intelligent wearable safety alert method based on artificial intelligence according to claim 2, characterized in that, The specific method for identifying and marking abnormal activities is as follows: If the type of application request permission collected in real time is inconsistent with the type of application request permission recorded in the personal digital behavior profile, or if the duration and frequency of permission calls deviate from the preset allowed range in the personal digital behavior profile, it will be identified as abnormal activity and marked as application abnormality. The connection target address and data transmission volume in real-time network communication are compared with the normal communication baseline established in the personal digital behavior profile. If the connection target address is not within the preset allowable range of the normal communication baseline or the data transmission volume deviates from the preset deviation threshold of the normal communication baseline, it is identified as abnormal activity and marked as network abnormality. If the real-time interaction relationships between application-shared records, external device connections, and key user operation trajectories conflict with the interaction topology structure built in the personal digital behavior profile, it is identified as abnormal activity and marked as data interaction anomaly.
4. The intelligent wearable safety alert method based on artificial intelligence according to claim 3, characterized in that, The specific method for identifying information leakage threat events using the comprehensive identity verification results is as follows: The system collects the user's physiological characteristics using built-in physiological sensors in smart wearables and matches them with the physiological characteristics at the time of registration. If the similarity of the physiological characteristics is greater than the preset similarity threshold, the system determines that the current user is the user; otherwise, it determines that the current user is not the user. If the current user is not the user themselves, and any of the following is detected: application abnormality, network abnormality, or data interaction abnormality, then the current smart wearable device is identified as having a threat of information leakage. If the current user is the user themselves, the application anomaly, network anomaly, and data interaction anomaly are weighted and summed as the evaluation value of the information leakage threat event. If the evaluation value of the information leakage threat event is greater than the preset evaluation threshold, then the current smart wearable is identified as having an information leakage threat event.
5. The intelligent wearable safety alert method based on artificial intelligence according to claim 4, characterized in that, The specific method for converting identified information leakage threat events into collaborative analysis requests is as follows: The identified information leakage threat events are generated into a data packet containing abnormal activity type characteristics, timestamps, and smart wearable device identifiers according to a preset standardized format. This data packet is used as a collaborative analysis request via the Bluetooth module integrated into the smart wearable device and distributed to users wearing similar smart wearable devices within a preset range using a lightweight encryption mechanism. This allows similar smart wearable devices within the preset range to receive and decrypt the collaborative analysis request, thus completing the transformation from an information leakage threat event to a collaborative analysis request.
6. The intelligent wearable safety alert method based on artificial intelligence according to claim 5, characterized in that, The specific method for assessing the confidence level of information leakage threat events is as follows: When a group of users wearing similar smart wearable devices within a preset range receives a collaborative analysis request, the receiving smart wearable devices use a lightweight encryption mechanism to decrypt the collaborative analysis and then compare and verify the abnormal activity type characteristics in the information leakage threat event described in the collaborative analysis with the device's local personal digital behavior profile. If the number of collaborating devices whose abnormal activity type features described in the feedback collaborative analysis request are significantly inconsistent with the local personal digital behavior profile of the receiving device is greater than the preset confirmation threshold, and if the feature space clustering analysis of the abnormal activity type features provided by the collaborating devices with inconsistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with inconsistent feedback conclusions show a high-density clustering trend in the clustering analysis, then the information leakage threat event is determined to be of the first confidence level. If the number of collaborating devices whose abnormal activity characteristics described in the feedback collaborative analysis request are consistent with the conclusions in the local personal digital behavior profile of the receiving device is greater than a preset rejection threshold, and if the feature space clustering analysis of the abnormal activity type characteristics provided by the collaborating devices with consistent feedback conclusions is performed by a clustering algorithm, and the feature vectors corresponding to the collaborating devices with consistent feedback conclusions show a dispersed distribution pattern, then the information leakage threat event is determined to be of the second confidence level.
7. The intelligent wearable safety alert method based on artificial intelligence according to claim 6, characterized in that, The specific method for reversely determining the type of information leakage threat event is as follows: All features of abnormal application activities, abnormal network activities, and abnormal data interaction activities are extracted. Graph neural network technology is used to construct a unified abnormal behavior association graph of all features of the three types of abnormal activities. In the graph, nodes represent abnormal activity events and edges represent connections between abnormal activity events based on time sequence and logical dependency. Threat type feature patterns are identified by analyzing the graph topology. When multiple abnormal activity event nodes are detected to form a densely associated structure around a sensitive data entity, and there is a data flow path between these nodes, the information leakage threat event is determined to be a data theft threat. When an abnormal activity event node is detected to present a directional link from an application permission node to an abnormal external network connection node, and this link has permission escalation characteristics, the information leakage threat event is determined to be an unauthorized access threat.
8. The intelligent wearable safety alert method based on artificial intelligence according to claim 7, characterized in that, The specific method for triggering the tiered alerts of the smart wearable device is as follows: Based on the type and confidence level of the information leakage threat event, trigger tiered alerts on smart wearable devices; If the information leakage threat is a data theft threat and is at the first confidence level, the smart wearable device will be triggered to issue an advanced warning by vibrating strongly, playing a high-frequency alarm sound, and automatically performing data encryption and network disconnection. If the information leakage threat is a data theft threat and is at the second confidence level, the smart wearable device will be triggered to issue a medium-level warning by generating intermittent vibrations. If the information leakage threat is an unauthorized access threat and is at the first confidence level, then the smart wearable device will be triggered to issue a medium-level alert by forcibly restricting access and triggering user identity verification. If the information leakage threat is an unauthorized access threat and has a second level of confidence, the smart wearable device will trigger a low-level alert by slightly vibrating to alert the user to the abnormal activity.
9. The intelligent wearable safety alert method based on artificial intelligence according to claim 8, characterized in that, The specific method for supporting users to implement proactive protection and countermeasures is as follows: When a smart wearable device detects a data breach threat, it proactively protects against the data breach by issuing tiered alerts based on the type and confidence level of the threat. After the smart wearable device triggers the tiered alert, it marks the characteristics of the identified data breach threat and adds it to the data breach threat blacklist. Simultaneously, it distributes the characteristics of the data breach threat type to similar smart wearable devices within a preset range via Bluetooth. When the same data breach threat type is detected, it automatically blocks the connection request and returns false information to the attack source using virtual sensitive data. Based on the recorded attack behavior, it locates the origin of the data breach threat.
10. A safety warning system implementing the intelligent wearable safety warning method based on artificial intelligence as described in any one of claims 1-9, characterized in that, include: Risk perception module: used to build a personal digital behavior profile of the user's smart wearable. By comparing the current running behavior of the application with the personal digital behavior profile of the user's smart wearable in real time, it identifies and marks abnormal activities, and identifies information leakage threat events by combining the identity verification results. Collaborative Verification and Evaluation Module: This module transforms identified information leakage threat events into collaborative analysis requests. It then conducts collaborative verification among nearby users wearing smart wearable devices to assess the confidence level of the information leakage threat events and, in turn, determine the type of information leakage threat events. Tiered alert and protection module: Based on the assessed confidence level of information leakage threat events and the identified types of information leakage threat events, it triggers tiered alerts on smart wearable devices and supports users in taking proactive protection and countermeasures.