Disclosure of Invention
The invention mainly aims to provide a data mining system and an implementation method thereof, and aims to solve the technical problem that in the prior art, each organization cannot utilize internal related data of other organizations to perform operation and decision management of the organization.
To achieve the above object, the present invention provides a data mining system, including: the system comprises a cloud platform and a plurality of clients, wherein the clients are respectively and independently subjected to data interaction with the cloud platform;
the client is used for collecting shared data corresponding to a preset sharing strategy in the network where the client is located when the network where the client is located participates in data sharing, and reporting related strategy information in the sharing strategy and the collected shared data to the cloud platform;
the cloud platform is used for receiving the relevant policy information and the shared data uploaded by each client on the network, performing summary analysis processing on the shared data to obtain a plurality of types of mining data, and pushing the mining data of the corresponding type to the corresponding client according to the relevant policy information, wherein the types of the mining data at least comprise: data analysis results and hot spot safety data results concerned by the same industry;
the client is further configured to: and receiving the mining data pushed by the cloud platform.
Preferably, the client includes a gateway device, and the network where the client is located is composed of at least the gateway device and a plurality of network devices connected to the gateway device, where the types of the gateway device at least include a hardware gateway device, a virtualized gateway device, and security software or device for performing endpoint protection.
Preferably, the data mining system further comprises:
and the maintenance end is used for maintaining and monitoring the cloud platform, and the maintenance at least comprises updating related programs on the cloud platform.
Preferably, the client is further configured to: configuring a sharing strategy of data in a network where the client is located; the relevant policy information includes at least: the type of the mining data required by the network where the client is located and the receiving mode of the mining data.
Preferably, the cloud platform is built on a trusted public cloud, the cloud platform completes summary analysis processing on the shared data through a program, all processed data are encrypted in the processing process, and the mining data pushed by the cloud platform does not contain provider information of the data.
Further, in order to achieve the above object, the present invention further provides an implementation method of a data mining system, where the implementation method of the data mining system includes:
when a network where a client is located participates in data sharing, the client collects shared data corresponding to a preset sharing strategy in the network where the client is located, and reports related strategy information in the sharing strategy and the collected shared data to a cloud platform;
the cloud platform receives the relevant strategy information and the shared data uploaded by each client on the network, performs summary analysis processing on the shared data to obtain a plurality of types of mining data, and pushes the mining data of the corresponding type to the corresponding client according to the relevant strategy information, wherein the type of the mining data at least comprises: data analysis results and hot spot safety data results concerned by the same industry;
and the client receives the mining data pushed by the cloud platform.
Preferably, the client includes a gateway device, and the network where the client is located is composed of at least the gateway device and a plurality of network devices connected to the gateway device, where the types of the gateway device at least include a hardware gateway device, a virtualized gateway device, and security software or device for performing endpoint protection.
Preferably, the implementation method of the data mining system further includes:
and the maintenance end maintains and monitors the cloud platform, and the maintenance at least comprises updating related programs on the cloud platform.
Preferably, before the client collects the shared data in the network where the client is located, the implementation method of the data mining system further includes: the client configures a sharing strategy of data in a network where the client is located; the relevant policy information includes at least: the type of the mining data required by the network where the client is located and the receiving mode of the mining data.
Preferably, the cloud platform is built on a trusted public cloud, the cloud platform completes summary analysis processing on the shared data through a program, all processed data are encrypted in the processing process, and the mining data pushed by the cloud platform does not contain provider information of the data.
In the invention, each organization completes the configuration of the sharing strategy of the data in the organization network through the respective client, collects the shared data in the organization network through the client and uploads the shared data to the third-party cloud platform for summary analysis processing, and then the cloud platform obtains the mining data mined from the shared data provided by each organization, and pushes the mining data to each organization participating in data sharing, thereby realizing the sharing of network data among different organizations, and enabling each organization to utilize the shared data provided by other organizations to carry out the operation and decision management of the organization.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a functional module diagram of a first embodiment of the data mining system of the present invention. In this embodiment, the data mining system includes: the system comprises a plurality of clients 10 and a cloud platform 20, wherein data interaction is performed between each client 10 and the cloud platform 20 independently, the connection mode between each client 10 and the cloud platform 20 is not limited, and the connection mode is specifically set according to actual needs, for example, wired connection is adopted, or wireless connection can also be adopted.
In this embodiment, the type of the client is not limited, for example, the client is a gateway device, such as an internet behavior management device, a firewall device, or the like, or a software gateway platform, or a network device capable of collecting information, or security software for performing endpoint protection, or the like. Optionally, the client 10 includes a gateway device, and the network where the client 10 is located is at least composed of the gateway device and a plurality of network devices connected to the gateway device.
In this embodiment, the organization user configures the sharing policy of the data in the network where the client 10 is located at the client 10, for example, a configuration option of providing the sharing policy for the organization user on a control interface of the gateway device, for example, a configuration option of providing whether the network where the client 10 is located participates in data sharing is provided, if the configuration option participates in data sharing, configuration of other related policies of data sharing is further provided, for example, configuration of what kind of data in the network is collected for data sharing, for example, sharing of related data for performing work efficiency comparison, sharing of related data for performing game market comparison, sharing of related data for performing botnet attack comparison, sharing of related data for performing student interest trend, and the like.
In addition, in this embodiment, the received mining data delivered by the cloud platform may further be configured with a relevant policy, for example, the type of the mining data required by the network where the client is located, the receiving mode of the mining data, and the like, so that the cloud platform 20 can push the corresponding mining data to the corresponding client 10 according to the configured relevant policy, for example, push the mining data of the type a to the client a participating in data sharing, and push the mining data of the type B to the client B participating in data sharing, and the like.
In this embodiment, when the configuration policy option that the network where the client 10 is located participates in data sharing is selected by the organization user at the client 10, the client 10 collects shared data corresponding to the sharing policy in the network where the client 10 is located, and reports related policy information in the sharing policy and the collected shared data to the cloud platform 20. For example, if the sharing policy configured by the organization user is to collect the related data for work efficiency comparison, the client 10 will collect the related data for work efficiency comparison in the organization network.
In addition, in order to ensure that the cloud platform 20 can push mining data according to the configuration policy of the organization user, the client 10 uploads the collected shared data to the cloud platform 20 and also uploads the configured related policy information to the cloud platform 20.
In this embodiment, the cloud platform 20 receives the relevant policy information and the shared data uploaded by each client 10 on the network, performs summary analysis on the shared data to obtain a plurality of types of mining data, and pushes the corresponding types of mining data to the corresponding clients 10 according to the relevant policy information. In this embodiment, the way of summarizing, analyzing and processing the received shared data by the cloud platform 20 is not limited. In addition, in this embodiment, the cloud platform 20 may push the mining data according to a fixed time, or may push the mining data again according to a set specific time, where the cloud platform 20 only pushes the mining data to the corresponding client 10 participating in data sharing.
Optionally, the relevant policy information at least includes: the type of the mining data required by the network where the client 10 is located, and the manner of receiving the mining data.
In addition, the client 10 will receive the mining data pushed by the cloud platform, and further can perform operations and decision management of the organization according to the mining data (i.e. shared data provided by other organization networks). For example, taking the case of a botnet attack versus the shared data, the data mining system can achieve the following effects: after a network corresponding to an organization joins an information sharing analysis mechanism through the client 10, the cloud platform 20 will regularly push the average number of botnet attacks on the corresponding network of a related organization (for example, an organization in the same industry) and the distribution of this type of attack on each dimension, and then the organization can judge what level the organization is in this respect according to the received mining data, and further judge whether further protection processing is needed. In addition, the mining data can also contain some general safety analysis data, so that the self organizes the safety analysis data to perform organization and management work such as summarization, comparison, decision and the like.
In this embodiment, each organization completes configuration of a sharing policy of data in an organization network through its own client, collects shared data in the organization network through the client, uploads the shared data to a third-party cloud platform for summary analysis and processing, and then obtains mining data mined from the shared data provided by each organization through the cloud platform, and pushes the mining data to each organization participating in data sharing, so that sharing of network data among different organizations can be realized, and thus each organization can perform operation and decision management of the organization by using the shared data provided by other organizations.
Referring to fig. 2, fig. 2 is a functional module schematic diagram of a second embodiment of the data mining system of the present invention, wherein the data mining system further includes:
the maintenance end 30 is configured to perform maintenance and monitoring on the cloud platform 20, where the maintenance at least includes updating a related program on the cloud platform 20, and the type and the setting manner of the maintenance end 30 are not limited in this embodiment, as shown in the schematic architecture diagram of the data mining system shown in fig. 3.
For example, an "automatic analysis and pushing system" program of shared data is installed on the cloud platform 20, the system program may be developed and maintained by a device manufacturer corresponding to the client 10, and the system program mainly functions to perform summary analysis processing on the shared data reported by each client 10, and then form mining data required by an organization where the client 10 is located and push the mining data to the client 10. The maintenance end 30 is configured to maintain and monitor the cloud platform 20, and mainly includes updating a related program on the cloud platform 20, such as an "automatic analysis and pushing system of shared data" program. In addition, the whole operation process of the cloud platform 20 is monitored safely.
Further optionally, in an embodiment of the data mining system of the present invention, in order to prevent shared data uploaded by each organization through the client 10 from being acquired by the cloud platform 20 manager and other organizations, in this embodiment, the following three measures are specifically adopted:
(1) the construction of the cloud platform 20 is performed on a trusted public cloud, such as a public cloud provided by traditional telecommunication infrastructure operators, including china mobile, china unicom and chinese telecommunications; or a local cloud computing platform dominated by a government; or Ariiyun, Tengchun, etc.
(2) The cloud platform 20 completes summary analysis processing on shared data through a program, so that data leakage caused by human factors is avoided, and meanwhile, all processed data are encrypted in the processing process, so that even if the data are leaked, the data cannot be easily decrypted, and the data security is ensured; in addition, it should be further described that, for a maintenance person of the cloud platform, a related data security mechanism needs to be adopted, so that corresponding security processing is performed on data that the maintenance person can contact and data that the maintenance person cannot contact, and the specific processing manner is not described in detail.
(3) The mining data pushed by the cloud platform 20 does not contain provider information of the data, so that even if other organizations acquire related data, other organizations cannot determine the provider of the data, and adverse effects on organizations participating in data sharing after data leakage are further reduced.
In addition, based on data security considerations, the shared data uploaded from each client 10 can be displayed on the network data management device of each corresponding organization, so that the shared data provider can directly and clearly know the shared data, and supervision on data sharing is completed.
Referring to fig. 4, fig. 4 is a flowchart illustrating an embodiment of a method for implementing the data mining system of the present invention. In this embodiment, the implementation method of the data mining system includes:
step S10, when the network of the client participates in data sharing, the client collects the sharing data corresponding to the preset sharing strategy in the network of the client, and reports the relevant strategy information in the sharing strategy and the collected sharing data to the cloud platform;
when the sharing policy is pre-configured to enable the network where the client is located to participate in data sharing, the client collects sharing data corresponding to the sharing policy in the network where the client is located, such as sharing of related data for work efficiency comparison, sharing of related data for game market comparison, sharing of related data for botnet attack comparison, and the like.
In this embodiment, when the configuration policy option that the network where the client is located participates in data sharing is selected by the organization user at the client, the client collects shared data corresponding to the shared policy in the network where the client is located, and reports related policy information in the shared policy and the collected shared data to the cloud platform 20. For example, if the sharing policy configured by the organization user is to collect the relevant data for work efficiency comparison, the client will collect the relevant data for work efficiency comparison in the organization network.
In addition, in order to ensure that the cloud platform can push and mine data according to the configuration strategy of the organization user, the client uploads the collected shared data to the cloud platform and simultaneously uploads the configured related strategy information to the cloud platform.
Step S20, the cloud platform receives the relevant strategy information and the shared data uploaded by each client, performs summary analysis processing on the shared data to obtain a plurality of types of mining data, and pushes the corresponding types of mining data to the corresponding clients according to the relevant strategy information;
in step S30, the client receives the mining data pushed by the cloud platform.
In this embodiment, the cloud platform receives the relevant policy information and the shared data uploaded by each client, performs summary analysis processing on the shared data to obtain a plurality of types of mining data, and pushes the corresponding types of mining data to the corresponding clients according to the relevant policy information. In this embodiment, the cloud platform is not limited to a summarizing, analyzing and processing manner of the received shared data, such as mining data types concerned by the same industry, hotspot security data types, and the like. In addition, in this embodiment, the cloud platform may push the mining data according to a fixed time, or may push the mining data again according to a set specific time, where the cloud platform only pushes the mining data to a corresponding client participating in data sharing.
Optionally, the relevant policy information at least includes: the type of the mining data required by the network where the client is located and the receiving mode of the mining data.
In addition, the client side receives mining data pushed by the cloud platform, and further can perform organization operation and decision management according to the mining data (namely shared data provided by other organization networks). For example, taking the case of a botnet attack versus the shared data, the data mining system can achieve the following effects: after a network corresponding to an organization joins an information sharing analysis mechanism through a client, a cloud platform can regularly push the average number of botnet attacks on the corresponding network of a related organization (such as an organization in the same industry) and the distribution situation of the type of attacks on each dimension, and then the organization can judge the level of the self-organization in this respect according to the received mining data and further judge whether further protection processing is needed. In addition, the mining data can also contain some general safety analysis data, so that the self organizes the safety analysis data to perform organization and management work such as summarization, comparison, decision and the like.
In this embodiment, each organization completes configuration of a sharing policy of data in an organization network through its own client, collects shared data in the organization network through the client, uploads the shared data to a third-party cloud platform for summary analysis and processing, and then obtains mining data mined from the shared data provided by each organization through the cloud platform, and pushes the mining data to each organization participating in data sharing, so that sharing of network data among different organizations can be realized, and thus each organization can perform operation and decision management of the organization by using the shared data provided by other organizations.
Optionally, in another embodiment of the implementation method of the data mining system of the present invention, before the client collects the shared data in the network where the client is located, the implementation method of the data mining system further includes: the client configures the sharing strategy of the data in the network where the client is located.
In this embodiment, the type of the client is not limited, for example, the client may be a gateway device, such as an internet behavior management device, a firewall device, or a software gateway platform, or a network device capable of collecting information. Optionally, the client includes a gateway device, and the network where the client is located is at least composed of the gateway device and a plurality of network devices connected to the gateway device.
In this embodiment, an organization user configures a sharing policy of data in a network where a client is located at a client, for example, a configuration option of the sharing policy is provided for the organization user on a control interface of a gateway device, and the content of the configuration option of the sharing policy is not limited. For example, a configuration option of whether the network where the client is located participates in data sharing is provided, and if so, configuration of other related policies of data sharing is further provided.
In addition, in this embodiment, the received mining data delivered by the cloud platform may further be configured with a relevant policy, for example, a type of the mining data required by a network where the client is located, a receiving manner of the mining data, and the like, so that the cloud platform can push the corresponding mining data to the corresponding client according to the configured relevant policy, for example, push the mining data of the type a to the client a participating in data sharing, and push the mining data of the type B to the client B participating in data sharing, and the like.
Further optionally, in an embodiment of the implementation method of the data mining system of the present invention, the implementation method of the data mining system further includes:
and the maintenance end maintains and monitors the cloud platform, wherein the maintenance at least comprises updating a related program on the cloud platform.
For example, an "automatic analysis and pushing system" program of shared data is installed on the cloud platform, the system program can be developed and maintained by a device manufacturer corresponding to the client, the system program has a main function of summarizing, analyzing and processing the shared data reported by each client, and then forming mining data required by an organization where the client is located and pushing the mining data to the client. The maintenance end is used for maintaining and monitoring the cloud platform, and mainly comprises updating related programs on the cloud platform, such as an 'automatic analysis and pushing system of shared data' program. In addition, the whole operation process of the cloud platform is monitored safely.
Further optionally, in an embodiment of the implementation method of the data mining system, in order to prevent shared data uploaded by each organization through the client from being acquired by the cloud platform manager and other organizations, the implementation method specifically includes the following three measures:
(1) building a cloud platform on a trusted public cloud, such as a public cloud provided by traditional telecommunication infrastructure operators including China Mobile, China Unicom and China telecom; or a local cloud computing platform under government control, etc.
(2) The cloud platform completes summary analysis processing on shared data through a program, so that data leakage caused by human factors is avoided, and all processed data are encrypted in the processing process, so that even if the data are leaked, the data cannot be easily decrypted, and the data security is ensured;
(3) the mining data pushed by the cloud platform does not contain provider information of the data, so that even if other organizations acquire related data, other organizations cannot determine the provider of the data, and adverse effects on organizations participating in data sharing after data leakage are further reduced.
In addition, based on the consideration of data security, the shared data uploaded from each client can be displayed on the network data management device of each corresponding organization, so that the shared data provider can directly and clearly know the shared data, and the supervision of data sharing is completed.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.