CN116319118B - Edge calculation digital security control method and system - Google Patents
Edge calculation digital security control method and system Download PDFInfo
- Publication number
- CN116319118B CN116319118B CN202310603269.8A CN202310603269A CN116319118B CN 116319118 B CN116319118 B CN 116319118B CN 202310603269 A CN202310603269 A CN 202310603269A CN 116319118 B CN116319118 B CN 116319118B
- Authority
- CN
- China
- Prior art keywords
- security control
- edge server
- resident
- real
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004364 calculation method Methods 0.000 title abstract description 23
- 238000003860 storage Methods 0.000 claims description 9
- 230000002411 adverse Effects 0.000 claims description 2
- 238000003062 neural network model Methods 0.000 claims description 2
- 230000001953 sensory effect Effects 0.000 claims description 2
- 238000013473 artificial intelligence Methods 0.000 claims 1
- 230000006978 adaptation Effects 0.000 abstract description 4
- 238000012545 processing Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 11
- 230000007774 longterm Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000007717 exclusion Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000005059 dormancy Effects 0.000 description 1
- 238000011065 in-situ storage Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/08—Load balancing or load distribution
- H04W28/09—Management thereof
- H04W28/0908—Management thereof based on time, e.g. for a critical period only
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Hardware Redundancy (AREA)
Abstract
The invention relates to an edge calculation digital security control method and system, wherein the method comprises the following steps: the cloud computing server analyzes the security control request and determines a corresponding available security control model based on a security control mode of the security control request; the cloud computing server determines a resident edge server and a real-time resident edge server; creating and executing or recovering and starting a security control task corresponding to the security control request by the real-time resident edge server; after the execution period of the safety control request is finished, the resident edge server maintains the safety control model which is internally set and stored; the invention improves the demand between the safety control request and the edge server and the adaptation degree between the resources.
Description
Technical Field
The invention belongs to the technical field of edge calculation, and particularly relates to an edge calculation digital security control method and system.
Background
The edge calculation is to use an open platform integrating network, calculation, storage and application core capabilities on one side close to an object or data source, provide nearest service nearby, initiate an application program on the edge side, generate a faster network service response, meet the basic requirements of industry in terms of real-time service, application intelligence, security, privacy protection and the like, and the edge calculation is located between a physical entity and industrial connection or at the top of the physical entity, while cloud calculation can still access historical data of the edge calculation, and the edge calculation is helpful for improving the security of operation data.
With the rapid development of the internet of things and the arrival of the 5G age, edge computing is more important, and tens of millions of sensors, intelligent terminal equipment and applications thereof are connected to a cloud computing platform in a scene of everything interconnection, so that the cloud computing platform cannot meet the requirements on real-time processing, mass storage and the like. In addition, in the 5G era, a small-scale or portable data center needs to be deployed at the network edge to perform localization processing of the terminal request so as to meet the ultra-low delay requirement. Edge computing technology with field sensing and intelligent computing processes has been developed in this case, and an edge computing controller is a controller product applied to an industrial field at the edge of a network, and realizing in-situ connection and data processing of intelligent terminal equipment at the edge side. The intelligent terminal equipment in the industrial field can realize end-to-end cooperative control through the edge computing controller, so that the intelligent terminal equipment has higher system response performance.
The edge computing theory relates to a large amount of data processing, and the requirements on the data processing are higher and higher, and the current general data processing adopts cloud computing, and the specific cloud computing is carried out by uploading all data to a central server for processing after passing through each node server through a network. The existing common field security control hardware equipment is relatively deficient in computing resources and often does not have data verification and edge computing capabilities. In the actual safety control process, an edge computing structure combined with 5G is often adopted for safety control; the method has the advantages that the acquisition data sent by various types of acquisition equipment are conveniently acquired, so that rich acquisition data can be acquired, the acquisition data are quite complex, a certain time gap exists between the equipment, and the safety control target is quite complex, so that in the actual operation process of safety control based on edge calculation, the requirements on precision and accuracy are always abandoned to perform real-time safety control; however, with the development of technology, the informationized data that can be provided by the demander is rapidly increasing, the demand level of the demander is continuously increasing, and the reduction of precision and accuracy are increasingly unacceptable. However, for real-time scenes such as security control based on the 5G transmission technology, the required delay index is usually less than 1ms, which determines that in the real-time scene, a large amount of data analysis cannot be completed by a cloud computing platform based on network transmission, but is completed by an edge server, how to effectively utilize software and hardware resources of the edge server, how to find an optimal edge server to complete a security control task and ensure timeliness is a technical problem to be solved.
The invention combines the short-term start to optimize the selection of the edge server for a long term, forms a good long-term trend of assignment of available safety control requests and drainage of a safety control model, reduces the occupation of invalid resources of the edge server which is not used effectively, improves the software resource allocation on the edge server, and thereby improves the request of the system as a whole and the demand resource adaptation between the edge servers.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention proposes an edge computing digital security control method and system, the method comprising:
step S1: the mobile terminal sends a security control request to the edge server;
step S2: the cloud computing server analyzes the security control request and determines a corresponding available security control model based on a security control mode of the security control request;
step S3: the cloud computing server determines a resident edge server corresponding to the security control request and a target security control model thereof; the resident edge server can complete the security control request by using a target security control model, and is a selection basis of the real-time resident edge server in the execution period of the security control request;
step S4: the cloud computing server determines a real-time resident edge server based on the resident edge server every second period; the real-time resident edge server has higher execution efficiency on the target security control model in the recent time range relative to other parts in the resident edge server; creating and executing or recovering and starting a security control task corresponding to the security control request by the real-time resident edge server; wherein: the execution period is greater than the second period;
step S5: if a real-time resident edge server first executes to complete a security control task, the real-time resident edge server sends a security control result to a mobile terminal sending a security control request; the first real-time resident edge server completing the safety control task sends a stop instruction to other real-time resident edge servers to prompt the safety control task to stop;
step S6: after the execution period of the safety control request is finished, the resident edge server maintains the safety control model which is internally set and stored; specific: after the safety control task is executed, acquiring a first number N1 of times that the resident edge server is determined to be the resident edge server and the safety control model is a target safety control model, and a second number N2 of times that the target safety control model is arranged and is not determined to be the resident edge server; a third number of times N3 that the resident edge server is determined to be a real-time edge server and the security control model is the target security control model, and a fourth number of times N4 that is not determined to be a real-time edge server; the resident edge server is determined to be a real-time edge server, the safety control model is a target safety control model, and the fifth time N5 of the safety control task is completed for the first time; determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times;
determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times; the method comprises the following steps:
step S6A4: calculating an invalidation indexIf the invalidation index is equal to 1, determining to delete the target safety control model, otherwise, determining not to delete;
wherein: RSD is the number of real-time resident edge servers; LRSD1 is the average of resident edge servers that set and store the target security control modelA number of; LRSD2 is the average number of edge servers where the target security control model is set and stored;is a parameter cutoff.
Further, the safety control model is an artificial intelligent model trained in advance for the safety control mode.
Further, the available safety control models are one or more.
Further, the method comprises the steps of,。
further, the safety control model is a neural network model trained in advance for the safety control mode.
An edge computing digital security control system for implementing the method described above, the system comprising: the cloud computing system comprises a mobile terminal, an edge server and a cloud computing server;
the mobile terminal is used for sending a security control request to the edge server;
the edge server responds to the safety control request, executes a safety control task based on the sensing data and the target safety control model, and sends a safety control result analyzed and processed by the target safety control model to the mobile terminal;
the cloud computing server analyzes the security control request and determines an available security control model based on the security control mode; determining a resident edge server, a real-time resident edge server and a corresponding target security control model thereof; a task creation and execution or restoration request including a security control request, a sensory data customization plan, a target security control model is sent to a real-time resident edge server to cause the real-time resident edge server to execute a security control task corresponding to the security control request.
Further, the available security models set and stored on each edge server are the same or different.
An edge computing system based on big data is used for realizing the edge computing digital security control method.
A computer readable storage medium comprising a program which, when run on a computer, causes the computer to perform the edge computing digitised security control method.
A cloud computer device comprising a processor coupled to a memory, the memory storing program instructions that when executed by the processor implement the edge computing digital security control method.
The beneficial effects of the invention include:
(1) Optimizing and selecting a plurality of resident edge servers and real-time resident edge servers from a long-term and short-term combined mode, optimizing short-term execution efficiency through resident and customization on the basis, and avoiding complex factors to influence and maximizing real-time performance of safety control execution of each period while guaranteeing the overall efficiency of long-term execution of a safety control request;
(2) Two-dimensional deep subdivision is carried out on the resource types, enough dynamic probability calculation samples are obtained under the support of big data execution before real-time resident edge server determination, the unfavorable edge servers are deleted through relatively accurate posterior probability obtained through accurate quantitative calculation, and a good trend of assigning a security control request to the edge server with highest calculation efficiency is created while the calculated amount determined by the real-time resident edge server is reduced;
(3) The method has the advantages that the long-term trend of guiding the available safety control model to the edge server with high actual use and effective calculation efficiency can be realized, the occupation of invalid resources of the edge server which does not realize effective use is reduced, the software resource configuration on the edge server is perfected, and therefore the overall request of the system and the demand resource adaptation between the edge servers are improved;
(4) Determining sensing data required by a safety control request based on the input data type of the safety control model and forming a corresponding custom plan; and the sensing data is acquired according to actual needs, so that the transmission distance of the sensing data is shortened, and the timeliness and the reliability of the system are improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate and together with the description serve to explain the invention, if necessary:
FIG. 1 is a schematic diagram of an edge computing digital security control method according to the present invention.
Detailed Description
The invention will be described in detail below with reference to the accompanying drawings and specific embodiments, wherein the exemplary embodiments and descriptions are only for explaining the present invention, but not limiting the present invention, and the present invention proposes an edge calculation digital security control method, which comprises:
step S1: the mobile terminal sends a security control request to the edge server; the safety control request comprises a safety control object, a safety control mode, safety control time and the like; the edge server sends the task to the cloud computing server;
preferably: the edge server is an edge server which is accessed by the mobile terminal by default;
preferably: the edge server is an edge server accessed by the mobile terminal randomly;
step S2: the cloud computing server analyzes the security control request and determines a corresponding available security control model based on a security control mode of the security control request; the available security models set and stored on each edge server are the same or different;
further, the cloud computing server analyzes the security control request to customize the sensed data; specific: the cloud computing server analyzes the security control request and determines an available security control model based on the security control mode; the available safety control model can realize the safety control mode; determining sensing data required by a safety control request based on the input data type of the safety control model and forming a corresponding custom plan; the acquisition device is used for acquiring sensing data in the field environment and sending customized sensing data to a real-time resident edge server associated with the task; transmitting a customization schedule to an associated sensing device or edge server capable of acquiring the required sensing data to customize the required sensing data;
preferably: the available safety control models are one or more;
preferably: the safety control model is an artificial intelligent model trained in advance aiming at the safety control mode;
wherein: the custom plan contains the needed sensing data and the target for sending the custom sensing data;
preferably: the required sensing data includes the type, position, time, etc. of the sensing data; only those sensor data parameters that meet the need are the sensor data required;
step S3: the cloud computing server determines a resident edge server corresponding to the security control request; the resident edge server can complete the security control request and is a selection basis of the real-time resident edge server in the execution period of the security control request;
preferably: the cloud computing server determines a resident edge server when receiving a security control request;
alternatively, the following is used: the cloud computing server determines a resident edge server every a first period; for example: the first period is a complete execution period of the security control request;
the step S3 specifically includes the following steps:
step S31: the cloud computing server determines an edge server containing any one of the available security control models as a resident edge server;
preferably: if the resident edge server does not contain the edge server for receiving the security control request, determining whether to issue a security control model, if so, issuing the security control model to the edge server for receiving the security control request;
step S32: deleting the unfavorable resident edge servers from the resident edge servers; the adverse resident edge server's intended execution of the security control request is inefficient; setting a target security control model for the undeleted resident edge servers;
the step S32 specifically includes the following steps:
step S321: acquiring an unprocessed resident edge server; and setting the resource type of the resident edge server comprisesEach resource type includes->The sub-type of the sub-type,
preferably: the number of M subtypes corresponding to the N resource types is the same or different, if the N resource types are different, the default value can be used for filling the default value for the absent part so as to reach the M value;
preferably: the resource types comprise various resources such as storage, calculation, communication and the like; the storage resources include: sub-types such as memory, primary cache, secondary cache, hard disk, register, etc.; computing resources include subtypes of general purpose and various specific computing types of computing resources; the communication resources comprise sub-types such as buses, IO, various types of network transmission resources and the like;
step S322: determining that a resident edge server executes an available security control model based on historical big data requiresWhen the resource type is concerned, the +.>The prior probability of resource shortage is
Step S323: during the process of determining the resident edge server to execute the security control model, the resource competition occursWhen the resources are in shortage, the resource type is->The posterior probability of resource shortage is that
Step S324: determining current dynamic probabilities of available safety control modelsAnd->The method comprises the following steps: determining the current dynamic probability by means of a static analysis of the safety control model>And->;
Determining current dynamic probability by means of static analysis of safety control modelAnd->The method comprises the following steps: determining available security control model +/for each resource type>And subtype->Determining the amount of resources for each resource type and subtype in the edge server; find dynamic probability table get and said each resource type +.>And subtype->Is a static demand of (1) and a current dynamic probability corresponding to the number of resources of each resource type and subtypeAnd->The method comprises the steps of carrying out a first treatment on the surface of the Wherein: the dynamic probability table is obtained through historical execution data or simulation execution data; the statistical way is that, in the process of one execution, if the resource competition indication occurs for the resource usage of one resource type and subtype to reduce the execution efficiency, the corresponding dynamic probability is increased based on the one execution>And->If not, not increasing; in this way, the dynamic probability table can be obtained;
the determining available security control model for each resource typeAnd subtype->Specifically, the demand of (a) is: determining the +.A code of the available security control model for each resource type by analyzing it>And subtype->Is a required amount of (a); alternatively, the following is used: said determining available security control model +/for each resource type>And subtype->Specifically, the demand of (a) is: running the available security control model on the edge server with equivalent software and hardware resources in advance to determine the security control model for each resource type>And subtype->Is a required amount of (a);
alternatively, the following is used: determining current dynamic probability by big data fitting modeAnd->The method comprises the steps of carrying out a first treatment on the surface of the The method comprises the following steps: determining available security control model +/for each resource type>And subtype->Determining the amount of resources of each resource type and subtype in the resident edge server; acquiring execution big data of an available safety control model with the demand in the big data when the available safety control model is executed on an edge server with the resource quantity, and determining dynamic probability +_for each resource type and subtype based on the execution big data>And->The method comprises the steps of carrying out a first treatment on the surface of the Wherein: in the process of one execution, if resource competition indication occurs for the resource usage of one resource type and subtype to reduce the execution efficiency, the corresponding dynamic probability is increased based on the one execution>And->If not, not increasing; the basis of statistics is the number of executions;
the execution includes single execution and multitasking parallel execution, that is, the number of tasks and types thereof executed on the edge server at the same time are not limited;
step S325: based on current dynamic probabilityAnd->And a priori probability->Calculating posterior probability +.>;
Step S326: if there is no available security control model on the resident edge server such that the advantage condition is satisfied, determining that the resident edge server is a bad resident edge server, and deleting the bad resident edge server from the resident edge servers; otherwise, if the available safety control model exists so that the favorable condition is met, putting the favorable condition into a target safety control model set to be selected, and entering the next step;
preferably: the advantageous conditions are that the following formulae (2) and/or (4) are satisfied; wherein: a posterior probability predictor for resource type n;is a probability threshold for resource type n; />A sub-probability threshold for sub-type m of resource type n;
preferably: setting the same or different probability threshold values or sub-probability threshold values for each resource type or subtype;
according to the method, two-dimensional depth subdivision is carried out on resource types, enough dynamic probability calculation samples are obtained under the support of big data execution before real-time resident edge server determination, relatively accurate posterior probability obtained through accurate quantitative calculation is used for deleting unfavorable edge servers, and a good trend of assigning a security control request to the edge server with highest calculation efficiency is created while the calculated amount determined by the real-time resident edge server is reduced;
step S327: determining a target security control model from a set of target security control models to be selected of the undeleted resident edge server; the method specifically comprises the following steps:
step S3271: acquiring an unprocessed target security control model to be selected;
step S3272: determining a probability matrix of the available safety control model
Step S3273: calculating row probability entropy and column probability entropy Cn of the probability matrix;
step S3274: determining row probability entropyThe available safety control model corresponding to the probability matrix with the minimum column probability entropy Cn or the sum value is used as the target safety control model;
alternatively, the following is used: determining row probability entropy satisfying safety control timeThe available safety control model corresponding to the probability matrix with the minimum column probability entropy Cn is the target safety control model;
step S328: determining whether all resident edge servers are processed, if not, returning to the step S321, otherwise, ending the step;
preferably: storing a safety control model corresponding to the safety control mode, namely the execution data of the available safety control model, in the resident edge server;
step S4: the cloud computing server determines a real-time resident edge server based on the resident edge server every second period; wherein: the second period is smaller than the first period or the execution period of the safety control request; the real-time resident edge server has higher execution efficiency on the target security control model in the recent time range relative to other parts in the resident edge server;
preferably: the second period is far smaller than the first period or the execution period of the safety control request;
the step S4 includes the steps of:
step S41: determining a real-time resident edge server from the resident edge servers; the method comprises the following steps: acquiring the queue length of a task queue in each resident edge server, and selecting RSD resident edge servers with minimum queue length as real-time resident edge servers;
preferably: rsd=2;
preferably: the real-time resident edge server is one or more;
alternatively, the following is used: on the basis of the length of the queue, selecting RSD resident edge servers with the strongest mutual exclusion degree of each task and target safety control model resource in the task queue as real-time resident edge servers; the method comprises the following steps: the mutual exclusion degree is calculated by adopting the following formula (7)The method comprises the steps of carrying out a first treatment on the surface of the Calculating the relative mutual exclusion degree by adopting the following formula (8)>The method comprises the steps of carrying out a first treatment on the surface of the Select mutual exclusion degree->Maximum, relative mutual exclusivity->Or->The largest resident edge server is used as a real-time resident edge server;
wherein:is the target security control model +/for each resource type>Demand of->Is a subtype pairIs a required amount of (a); />Is the task in the task queue +.>Demand of->Is of sub-type->Is a required amount of (a); />Is the queue length of the task queue; />And->Is a regulating factor for>Adjusting to 0-1 space;
preferably: the saidIs greater than->;
Preferably:;
step S42: the method comprises the steps that a task creation and execution or recovery request comprising a security control request, a sensor data customization plan and a target security control model is sent to a real-time resident edge server; creating and executing or recovering and starting a security control task corresponding to the security control request by the real-time resident edge server; after the related sensor or the edge server acquires the sensing data, the customized sensing data is sent or packaged to all resident edge servers or real-time resident edge servers;
the creating and executing situation corresponds to a situation which is determined as a real-time resident edge server for the first time, and at this time, the real-time resident edge server creates a security control task based on the task creation request; the security control task executes a security control request based on the target security control model; the resume and start situation corresponds to a situation that is not determined to be a real-time resident edge server for the first time, at which time the suspended security control task is resumed and executed; possibly based on newly arrived sensor data;
because the actual execution of the task is dependent on the sensing data, at this time, if the customized sensing data is not timely delivered for various reasons (communication delay, communication failure, acquisition error, etc.), the execution of the safety control task is delayed; therefore, even though the positions of the safety control tasks in the queues are different among the plurality of real-time resident edge servers, it is difficult to predict which real-time resident edge server completes the tasks first because the execution progress is affected in many aspects; the important consideration is that the task of safety control is not a short-term task, but a long-term periodical execution process, and the requirement of the safety control task on timeliness is high, so that the long-term condition and the short-term real-time condition of the edge server are required to be considered globally; according to the invention, a plurality of resident edge servers and real-time resident edge servers are optimally selected from a long-term combined short-term mode, on the basis, the short-term execution efficiency is optimized through resident and customization, the integral efficiency of long-term execution of a safety control request is ensured, and meanwhile, the influence of complex factors is avoided and the real-time performance of safety control execution of each period is maximized;
step S5: if a real-time resident edge server first executes to complete a security control task, the real-time resident edge server sends a security control result to a mobile terminal sending a security control request; the first real-time resident edge server completing the safety control task sends a stop instruction to other real-time resident edge servers to prompt the safety control task to stop;
preferably: the real-time resident edge server sends a stopping instruction to other real-time resident edge servers to prompt the safety control task to stop while sending the safety control result to the mobile terminal sending the safety control request; after receiving the stopping instruction, suspending the execution of the safety control task to other real-time resident edge servers and resetting the execution site of the safety control task;
the execution of the suspended safety control task is specifically: setting the execution state of the safety control task to be a waiting, dormancy or termination state; since the arrival of the sensed data is unpredictable, the order of tasks in the same task execution queue may change; the unpredictable influence is reduced through a plurality of real-time resident edge servers, and meanwhile, the software and hardware cost caused by redundant execution is saved through task stopping and site resetting;
preferably: when the number of the resident edge servers exceeds the minimum number, if the second period number of the resident edge server which is not determined to be the real-time resident edge server is larger than the waiting period number, deleting the site of the corresponding safety control task, and thoroughly deleting the safety control task;
wherein: the waiting period number is a preset value;
the method further comprises the steps of: step S6: after the execution period of the safety control request is finished, the resident edge server maintains the safety control model which is internally set and stored; specific: after the safety control task is executed, acquiring a first number N1 of times that the resident edge server is determined to be the resident edge server and the safety control model is a target safety control model, and a second number N2 of times that the target safety control model is arranged and is not determined to be the resident edge server; a third number of times N3 that the resident edge server is determined to be a real-time edge server and the security control model is the target security control model, and a fourth number of times N4 that is not determined to be a real-time edge server; the resident edge server is determined to be a real-time edge server, the safety control model is a target safety control model, and the fifth time N5 of the safety control task is completed for the first time; determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times;
determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times; the method comprises the following steps:
step S6A4: calculating an invalidation indexIf the invalidation index is equal to 1, determining to delete the target safety control model, otherwise,determining not to delete;
wherein: RSD is the number of real-time resident edge servers; LRSD1 is the average number of resident edge servers where the target security control model is set and stored; LRSD2 is the average number of edge servers where the target security control model is set and stored;is a parameter cutoff value; the parameter cut-off value can be dynamically set according to the number of edge servers, the number of resident edge servers and the number of real-time resident edge servers;
by the cooperation of the steps, the long-term trend of guiding the available safety control model to the edge server with high actual use and effective calculation efficiency can be realized, and the invalid resource occupation of the edge server which is not used effectively is reduced; thereby improving the demand resource adaptation between the request and the edge server of the system as a whole;
based on the same inventive concept, as shown in fig. 1, the invention provides an edge calculation digital safety control system, which comprises: the cloud computing system comprises a mobile terminal, an edge server and a cloud computing server;
the mobile terminal is used for sending a security control request to the edge server;
the edge server responds to the safety control request, executes a safety control task based on the sensing data and the target safety control model, and sends a safety control result analyzed and processed by the target safety control model to the mobile terminal;
the cloud computing server analyzes the security control request and determines an available security control model based on the security control mode; determining a resident edge server, a real-time resident edge server and a corresponding target security control model thereof; transmitting a task creation and execution or restoration request containing a security control request, a sensor data customization plan and a target security control model to a real-time resident edge server, so that the real-time resident edge server executes a security control task corresponding to the security control request;
the terms "mobile terminal," "cloud computing server," include all kinds of apparatuses, devices, and machines for processing data, including by way of example a programmable processor, a computer, a system on a chip, or a plurality of or a combination of the foregoing. The apparatus can comprise dedicated logic circuits, such as an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit). In addition to hardware, the apparatus may include code to create an execution environment for the computer program, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, a cross-platform runtime environment, a virtual machine, or a combination of one or more of the foregoing. The apparatus and execution environment may implement a variety of different computing model infrastructures, such as web services, distributed computing, and grid computing infrastructures.
A computer program (also known as a program, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, declarative or procedural languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, object or other unit suitable for use in a computing environment. The computer program may, but need not, correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program, or in multiple coordinated files (e.g., files that store one or more modules, subroutines, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (10)
1. An edge computing digital security control method, comprising:
step S1: the mobile terminal sends a security control request to the edge server;
step S2: the cloud computing server analyzes the security control request and determines a corresponding available security control model based on a security control mode of the security control request;
step S3: the cloud computing server determines a resident edge server corresponding to the security control request and a target security control model thereof; the resident edge server can complete the security control request by using a target security control model, and is a selection basis of the real-time resident edge server in the execution period of the security control request;
the step S3 specifically includes the following steps:
step S31: the cloud computing server determines an edge server containing any one of the available security control models as a resident edge server;
step S32: deleting the unfavorable resident edge servers from the resident edge servers; the adverse resident edge server's intended execution of the security control request is inefficient; setting a target security control model for the undeleted resident edge servers;
step S4: the cloud computing server determines a real-time resident edge server based on the resident edge server every second period; the real-time resident edge server has higher execution efficiency on the target security control model in the recent time range relative to other parts in the resident edge server; creating and executing or recovering and starting a security control task corresponding to the security control request by the real-time resident edge server; wherein: the execution period is greater than the second period;
step S5: if a real-time resident edge server first executes to complete a security control task, the real-time resident edge server sends a security control result to a mobile terminal sending a security control request; the first real-time resident edge server completing the safety control task sends a stop instruction to other real-time resident edge servers to prompt the safety control task to stop;
step S6: after the execution period of the safety control request is finished, the resident edge server maintains the safety control model which is internally set and stored; specific: after the safety control task is executed, acquiring a first number N1 of which the edge server is determined to be a resident edge server and contains available safety control models as target safety control models, and a second number N2 of which the edge server is provided with the target safety control models and is not determined to be the resident edge server; the third number of times N3 that the resident edge server is determined to be the real-time resident edge server and that it contains the available security control model as the target security control model, and the fourth number of times N4 that the resident edge server is not determined to be the real-time resident edge server; the resident edge server is determined to be the real-time resident edge server, the security control model contained in the resident edge server is the target security control model, and the resident edge server completes the security control task for the first time by a fifth number N5; determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times;
determining whether to delete the target security control model on the resident edge server based on the first, second, third, fourth, and fifth times; the method comprises the following steps:
;
step S6A4: calculating an invalidation indexThe method comprises the steps of carrying out a first treatment on the surface of the If the invalidation index is equal to 1, determining to delete the target safety control model, otherwise, determining not to delete;
wherein: RSD is the number of real-time resident edge servers; LRSD1 is a target security setting and storing deviceThe average number of resident edge servers of the full control model; LRSD2 is the average number of edge servers where the target security control model is set and storedThe method comprises the steps of carrying out a first treatment on the surface of the Is a parameter cutoff.
2. The edge computing digital security control method of claim 1, wherein the security control model is an artificial intelligence model pre-trained for the security control mode.
3. The edge computing digital security control method of claim 2, wherein the available security control models are one or more.
4. The edge computing digital security control method of claim 3, wherein,。
5. the edge computing digital security control method of claim 1, wherein the security control model is a neural network model pre-trained for the security control mode.
6. An edge computing digital security control system for implementing the method of any of the preceding claims 1-5, the system comprising: the cloud computing system comprises a mobile terminal, an edge server and a cloud computing server;
the mobile terminal is used for sending a security control request to the edge server;
the edge server responds to the safety control request, executes a safety control task based on the sensing data and the target safety control model, and sends a safety control result analyzed and processed by the target safety control model to the mobile terminal;
the cloud computing server analyzes the security control request and determines an available security control model based on the security control mode; determining a resident edge server, a real-time resident edge server and a corresponding target security control model thereof; a task creation and execution or restoration request including a security control request, a sensory data customization plan, a target security control model is sent to a real-time resident edge server to cause the real-time resident edge server to execute a security control task corresponding to the security control request.
7. The edge computing digital security control system of claim 6, wherein the available security models set and stored on each edge server are the same or different.
8. An edge computing system based on big data, characterized in that the system is used for implementing the edge computing digital security control method according to any of claims 1-5.
9. A computer readable storage medium comprising a program which, when run on a computer, causes the computer to perform the edge computing digitised security control method of any one of claims 1 to 5.
10. A cloud computer device comprising a processor coupled to a memory, the memory storing program instructions that when executed by the processor implement the edge computing digital security control method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310603269.8A CN116319118B (en) | 2023-05-26 | 2023-05-26 | Edge calculation digital security control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310603269.8A CN116319118B (en) | 2023-05-26 | 2023-05-26 | Edge calculation digital security control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116319118A CN116319118A (en) | 2023-06-23 |
| CN116319118B true CN116319118B (en) | 2023-07-21 |
Family
ID=86783759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310603269.8A Active CN116319118B (en) | 2023-05-26 | 2023-05-26 | Edge calculation digital security control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116319118B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787038A (en) * | 2019-04-04 | 2020-10-16 | 华为技术有限公司 | Method, system and computing device for providing edge service |
| CN113783861A (en) * | 2021-09-01 | 2021-12-10 | 国网湖北省电力有限公司信息通信公司 | Information security control method and device based on edge calculation and storage medium |
| CN115499150A (en) * | 2022-07-14 | 2022-12-20 | 深圳大学 | Method and system for auditing integrity of edge data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901573A (en) * | 2020-08-17 | 2020-11-06 | 泽达易盛(天津)科技股份有限公司 | Fine granularity real-time supervision system based on edge calculation |
-
2023
- 2023-05-26 CN CN202310603269.8A patent/CN116319118B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787038A (en) * | 2019-04-04 | 2020-10-16 | 华为技术有限公司 | Method, system and computing device for providing edge service |
| CN113783861A (en) * | 2021-09-01 | 2021-12-10 | 国网湖北省电力有限公司信息通信公司 | Information security control method and device based on edge calculation and storage medium |
| CN115499150A (en) * | 2022-07-14 | 2022-12-20 | 深圳大学 | Method and system for auditing integrity of edge data |
Non-Patent Citations (1)
| Title |
|---|
| 《DoS攻击下CPS双重安全控制与通讯的协同设计》;李炜 等;《兰州理工大学学报》;第85-97页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116319118A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106776005B (en) | Resource management system and method for containerized application | |
| CN107431696B (en) | Method and cloud management node for application automation deployment | |
| US20220083395A1 (en) | Scheduling system for computational work on heterogeneous hardware | |
| US20200133702A1 (en) | Virtual workload migrations | |
| US20190163517A1 (en) | Predictive rightsizing for virtual machines in cloud computing systems | |
| CN106557369A (en) | A kind of management method and system of multithreading | |
| CN105843683B (en) | Method, system and equipment for the distribution of dynamic optimization platform resource | |
| RU2658190C2 (en) | Controlling runtime access to application programming interfaces | |
| US9535754B1 (en) | Dynamic provisioning of computing resources | |
| CN108205469B (en) | MapReduce-based resource allocation method and server | |
| CN114780225B (en) | Distributed model training system, method and device | |
| CN103645957A (en) | Resource management and control method for virtual machines, and resource management and control device for virtual machines | |
| WO2008121657A1 (en) | A recipe-and-component control module and methods thereof | |
| US11831410B2 (en) | Intelligent serverless function scaling | |
| CN111209077A (en) | Deep learning framework design method | |
| CN116467061B (en) | Task execution method and device, storage medium and electronic equipment | |
| CN103870324A (en) | Efficient execution of human machine interface applications in a heterogeneous multiprocessor environment | |
| US11216752B1 (en) | Optimizing machine learning models | |
| CN115269108A (en) | Data processing method, device and equipment | |
| Zhang et al. | Edge‐adaptable serverless acceleration for machine learning Internet of Things applications | |
| Galante et al. | A programming-level approach for elasticizing parallel scientific applications | |
| Coutinho et al. | HARNESS project: Managing heterogeneous computing resources for a cloud platform | |
| CN103957229A (en) | Active updating method, device and server for physical machines in IaaS cloud system | |
| CN116319118B (en) | Edge calculation digital security control method and system | |
| CN103019813B (en) | Method for obtaining interactive strength of SaaS-based interactive program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |