CN109189829B - Information safety system and method based on big data - Google Patents
Information safety system and method based on big data Download PDFInfo
- Publication number
- CN109189829B CN109189829B CN201810946037.1A CN201810946037A CN109189829B CN 109189829 B CN109189829 B CN 109189829B CN 201810946037 A CN201810946037 A CN 201810946037A CN 109189829 B CN109189829 B CN 109189829B
- Authority
- CN
- China
- Prior art keywords
- big data
- access
- access request
- output
- multiplexer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2465—Query processing support for facilitating data mining operations in structured databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
Abstract
A kind of information safety system and method based on big data is disclosed.Information safety system based on big data includes multiple big data server delayed processing circuits, determination module is in the big data of external node visit memory module, the quantity and permission of external node are determined, when the quantity for the external node for needing to access is more than that may have access to the quantity of process resource, need not meeting the external node of access conditions by the judgement exclusion of permission or refusal;Delayed processing circuit latches and gates one in multiple access requests, and allows the access request;Feedback signal is sent to the processor of big data server after the access request to carry out the operation of the access permission of next access request.The system can be avoided the case where losing due to server fail internal storage data, reduce the influence resumed work to big data server, reduces the reading as caused by the failure of field data, calls, calculates with the time cost of restoring scene data.
Description
Technical field
The present invention relates to electric data processing fields, and more specifically, are related to a kind of information security based on big data
System and method.
Background technique
With the continuous development of technology, more and more mass datas, i.e. big data are produced.Big data have it is a large amount of,
At a high speed, the characteristics of multiplicity, authenticity, complexity, Gao Shixiao, high value, the thinking, production, life of the mankind are profoundly changed
Living and mode of learning, and extend into daily life.On the one hand the increase of big data is provided to people more fully believes
Source is ceased, but on the other hand, the screening of information is carried out to people and excavation brings puzzlement, especially wherein often there is void
It is false and interfere, similar information;In another aspect, also bringing huge security risk and data storage pressure.
In the prior art, the secret protection of data information, the research of Encryption Algorithm are often focused on, security risk is commented
Estimate, information excavating of data etc., lack the proper treatment for data source, for the reasonable distribution of storage, for access
Safety certification, for the Adaptive coping of the emergency processing of numerous access etc., leading to lay particular emphasis on the later period is excavated and light early period
Processing.So that the information security of big data lacks guarantee early period, this is the significant challenge that the prior art is faced.
Particularly, more outstanding in the prior art to be, data volume rapidly increases the quantity for leading to big data server
Also rapidly increase with capacity, simultaneously because the rapidly increase of the quantity of the client of access, leads to the visit to big data server
Ask the risk and security risk in the presence of conflict.When big data server breaks down, the data in memory may lose or
Disorder, field data may not be effectively handled and be lost, and huge due to treating capacity, seriously affect big data clothes
Business device is resumed work.In addition, the failure of field data increase reading, calling, calculating with the time of restoring scene data at
This.
Based on this, it is necessary to invent and a kind of solve problem above based on the information safety system of big data and method.
Summary of the invention
An object of the present invention is to provide a kind of information safety system and method based on big data, can be for number
Proper treatment is carried out according to source, reasonable distribution is carried out to storage, safety certification is carried out to access, numerous access are handled, are had
The risk that big data is attacked is avoided to effect, and can effectively alleviate access process resource in the case where access is excessive
Pressure can guarantee the accuracy of data, can reasonably big data is distributed and be stored, can guarantee that big data breaks down
In the case where data restore and access;The case where losing due to server fail internal storage data is avoided, and is dropped
The low influence resumed work to big data server;And reduces the reading as caused by the failure of field data, adjusts
With, calculate with the time cost of restoring scene data.
A kind of technical solution that the present invention takes to solve above-mentioned technical problem are as follows: information security system based on big data
System, including multiple big data servers and multiple delayed processing circuits, wherein each big data server and a delay process
Circuit corresponds;Each big data server includes determining whether module, and the determination module includes permission determination module, outside
When the big data of portion's node visit memory module, by include in each big data server determination module to external node
Quantity and permission are determined, when the quantity for the external node for needing to access is more than that may have access to the quantity of process resource, are needed
The external node of access conditions is excluded or refused not meeting by the judgement of permission;Delayed processing circuit includes multiple delayers,
Each delayer receives an access request from corresponding big data server, and delayed processing circuit latches and gates multiple visits
It asks one in request, and allows the access request;Feedback signal is sent to big data server after the access request
Processor with carry out next access request access permission operation.
In one embodiment, the determination module further comprises quantitative determination module, if outer after permission judgement
The quantity of portion's node is more than that may have access to the quantity of process resource, then is ranked up external node according to access sequencing, and
The forward access request that sorts is sequentially input into the more of the corresponding delayed processing circuit of big data server according to ranking results
In a different delayer;The access request of external node after permission judgement is the i-th access request~jth access request,
Middle j-i=L and i, j and L are positive integer;Then the i-th access request~jth access request is inputted into respective delay respectively
In device;The delayed processing circuit includes multiple delayers, multiple first multiplexers, multiple latch units and one more than second
Path multiplexer;Each delayer is made of end to end multiple delay units, and the output of each delay unit is connected to correspondence
The first multiplexer, and in addition to first and the last one delay unit, the output of each delay unit is also connected with
To the input of next delay unit of its affiliated delayer, it is corresponding that the input of first delay unit is connected to the delayer
Access request and input as the delayer, second delay that the output of first delay unit is connected to the delayer are single
The input of member, output of the output of the last one delay unit as the delayer belonging to it;Wherein end to end delay is single
First quantity is M, and M is 2 positive integer power and its numerical value is greater than L.
In one embodiment, each big data server includes processor, and under the control of a processor, i-th is visited
Ask that request is connected to M delay unit i1 ..., im ..., iM, and so on, jth access request is connected to M delay unit
J1 ..., jm ..., jM, m are the positive integers between 1 and M;Wherein the i-th access request~jth access request respective first
The output of a delay unit is connected to the first multiplexer mux11 ..., wherein the i-th access request~jth access request is respectively
The output of m-th of delay unit be connected to the first multiplexer mux1m ..., wherein the i-th access request~jth access is asked
The output of respective m-th delay unit is asked to be connected to the first multiplexer mux1M;The output of each first multiplexer
Corresponding latch units are connected to, wherein the output of the first multiplexer mux11 is connected to latch units 1 ..., the first multichannel
The output of multiplexer mux1m is connected to latch units m ..., and the output of the first multiplexer mux1M is connected to latch units M;
The output of each latch units is connected to the second multiplexer, and wherein the output of latch units 1 is connected to the second multiplexing
First input ... of device mux2, the output of latch units m are connected to m-th of input ... of the second multiplexer mux2,
The output of latch units M is connected to the m-th input of the second multiplexer mux2;The output of second multiplexer mux2 is made
For the output of determination module and the input of authentication module, wherein under the control of a processor, the i-th access request~jth is accessed
Different delays is respectively set in request, and under the control of enable signal, controls one in multiple first multiplexers
The gating of input, and the signal is locked into corresponding latch units, later under the control of the second enable signal, control the
The gating of an input in two multiplexers;Later after the access request, feedback signal is sent to big data clothes
The processor of business device, to carry out the access permission operation of next access request.
In one embodiment, big data server further includes authentication module, for the judgement in big data server
After module operation, authentication module carries out authentication to external accessed node, comprising: obtains the history of the external node of access
Behavioral data, and analyze it the behavior and its identity for identifying the user of the external node to obtain feature;Judgement is visited
The related coefficient of the access request for the external node asked and preset instruction is identified through when the related coefficient is greater than threshold value
Authentication simultaneously enters excavation module progress data mining;Otherwise determine that authentication does not pass through and exits.
In one embodiment, big data server further includes memory module, for the judgement in big data server
Before module operation, big data is stored in big data platform in a distributed fashion, comprising: cloud storage technology is used,
Big data is stored in a distributed fashion on multiple nodes in big data platform;The wherein storage further comprises: receiving big
Data;Confirm its data integrity and data length;Available memory node is selected, and carries out abrasion equilibrium judgement, with determination
Its availability coefficient, and determine that its free memory size successively selects summation using the sequence from high to low of availability coefficient
Meet the available to memory node of big data data length, wherein the access times of the availability coefficient and available memory node
Negatively correlated relationship.
In one embodiment, big data server further includes excavating module, for the certification in big data server
After module operation, big data is excavated according to the request of external node, comprising: big data is classified: according to it
The source of data carries out space clustering processing, removes data outside space;The data of cluster are formed into multiple set, i.e., it will be in same
The data object in one space becomes set;Using regular expressions, the symbols such as number, the emoticon in gathering unless each are removed;It adopts
Determine that data object collects corresponding with the frequency of occurrence of data object and distribution situation of the data object in above-mentioned set
Significance level in conjunction;The frequency of data object is obtained by statistical method, and is summarized to obtain and the data object is gone out
Occurrence number;Clustering is carried out to the data object, obtains data mining results.
A kind of another technical solution that the present invention takes to solve above-mentioned technical problem are as follows: information based on big data
Safety method, applied to the information safety system based on big data, wherein the system includes multiple big data servers and multiple
Delayed processing circuit, wherein each big data server and a delayed processing circuit correspond;This method comprises: in outside
When the big data of node visit memory module, by the determination module that includes in each big data server to the number of external node
Amount and permission are determined, when the quantity for the external node for needing to access is more than that may have access to the quantity of process resource, need to lead to
The judgement for crossing permission excludes or refuses not meeting the external node of access conditions;Delayed processing circuit latches and gates multiple access
One in request, and allow the access request;Feedback signal is sent to big data server after the access request
Processor is operated with the access permission for carrying out next access request, and wherein the delayed processing circuit includes multiple delayers, often
A delayer receives an access request from corresponding big data server.
In one embodiment, the operation of the quantitative determination module in the determination module in big data server, Yi Jiyan
When processing circuit operation further comprise: when the quantity of external node for needing to access is more than that may have access to the quantity of process resource
When, need to exclude or refuse not meeting the external node of access conditions by the judgement of permission;If the outside after permission judgement
The quantity of node is more than that may have access to the quantity of process resource, then the quantitative determination module for including in determination module is successive according to access
External node is ranked up by sequence, and sequentially inputs the big data service according to the ranking results forward access request that will sort
In multiple and different delayers of the corresponding delayed processing circuit of device;The access request of external node after permission judgement is i-th
Access request~jth access request, wherein j-i=L and i, j and L are positive integer;Then the i-th access request~jth is visited
Ask that request is inputted respectively in respective delayer;The delayed processing circuit includes multiple delayers, multiple first multiplexers,
Multiple latch units and second multiplexer;Each delayer is made of end to end multiple delay units, each
The output of delay unit is connected to corresponding first multiplexer, and in addition to first and the last one delay unit,
The output of each delay unit is also connected to the input of next delay unit of its affiliated delayer, first delay unit
Input is connected to the corresponding access request of the delayer and the input as the delayer, the output connection of first delay unit
To the input of second delay unit of the delayer, the output of the last one delay unit is defeated as the delayer belonging to it
Out;Wherein end to end delay unit quantity is M, and M is 2 positive integer power and its numerical value is greater than L;Wherein the i-th access
Request M delay unit of connection for i1 ..., im ..., iM, and so on, M delay unit of jth access request connection is
J1 ..., jm ..., jM, m are the positive integers between 1 and M;Wherein the i-th access request~jth access request respective first
The output of a delay unit is connected to the first multiplexer mux11 ..., wherein the i-th access request~jth access request is respectively
The output of m-th of delay unit be connected to the first multiplexer mux1m ..., wherein the i-th access request~jth access is asked
The output of respective m-th delay unit is asked to be connected to the first multiplexer mux1M;The output of each first multiplexer
Corresponding latch units are connected to, wherein the output of the first multiplexer mux11 is connected to latch units 1 ..., the first multichannel
The output of multiplexer mux1m is connected to latch units m ..., and the output of the first multiplexer mux1M is connected to latch units M;
The output of each latch units is connected to the second multiplexer, and wherein the output of latch units 1 is connected to the second multiplexing
First input ... of device mux2, the output of latch units m are connected to m-th of input ... of the second multiplexer mux2,
The output of latch units M is connected to the m-th input of the second multiplexer mux2;The output of second multiplexer mux2 is made
For the output of determination module and the input of authentication module, wherein under the control of a processor, the i-th access request~jth is accessed
Different delays is respectively set in request, and under the control of enable signal, controls one in multiple first multiplexers
The gating of input, and the signal is locked into corresponding latch units, later under the control of the second enable signal, control the
The gating of an input in two multiplexers;Later after the access request, feedback signal is sent to big data clothes
The processor of business device, to carry out the access permission operation of next access request.
In one embodiment, big data server is after the decision in big data server, to outside access
Node carries out authentication, comprising: obtains the historical behavior data of the external node of access, and analyzes it to obtain spy
Sign, identifies the behavior and its identity of the user of the external node;Judge access external node access request with it is preset
The related coefficient of instruction is identified through authentication and carries out data mining when the related coefficient is greater than threshold value;Otherwise it determines
Authentication does not pass through and exits;Big data server is before the decision in big data server, by big data to divide
The mode of cloth is stored in big data platform, comprising: use cloud storage technology, on multiple nodes in big data platform with
Distributed mode stores big data;The wherein storage further comprises: receiving big data;Confirm its data integrity and data
Length;Available memory node is selected, and carries out abrasion equilibrium judgement, to determine its availability coefficient, and determines that it can be used and deposits
Space size is stored up, using the sequence from high to low of availability coefficient, successively summation is selected to meet the available of big data data length
To memory node, the wherein negatively correlated relationship of the access times of the availability coefficient and available memory node.
In one embodiment, big data server is after the authentication operation in big data server, according to outside segments
Big data is excavated in the request of point, comprising: big data is classified: being carried out at space clustering according to the source of its data
Reason removes data outside space;The data of cluster are formed into multiple set, i.e., the data object in the same space are become into collection
It closes;Using regular expressions, the symbols such as number, the emoticon in gathering unless each are removed;Using the frequency of occurrence of data object and this
Data object determines significance level of the data object in corresponding set in the distribution situation in above-mentioned set;By statistics side
Method obtains the frequency of data object, and is summarized to obtain the frequency of occurrence to the data object;The data object is gathered
Alanysis obtains data mining results.
Detailed description of the invention
In the accompanying drawings by way of example rather than the embodiment of the present invention is shown by way of limitation, wherein phase
Same appended drawing reference indicates identical element, in which:
According to an exemplary embodiment of the invention, Fig. 1 illustrates the structure chart of the information safety system based on big data.
According to an exemplary embodiment of the invention, Fig. 2 illustrates the structure chart of big data server.
According to an exemplary embodiment of the invention, Fig. 3 illustrates the structure chart of the delayed processing circuit of access request.
According to an exemplary embodiment of the invention, Fig. 4 illustrates a kind of process letter of information security method based on big data
Figure.
Specific embodiment
Before carrying out following specific embodiments, certain words and phrase used in the patent document are illustrated
Definition may be advantageous: term " includes " and "comprising" and its derivative mean to include without limiting;Term "or" is
Include, it is meant that and/or;Phrase " with ... it is associated ", " associated with it " and its derivative might mean that including quilt
Be included in ... it is interior, with ... interconnection, include be comprised in ... it is interior, be connected to ... or with ... connect, be coupled to ... or
With ... couple, can be with ... communicate, with ... cooperation interweaves, and side by side, approaches ..., be bound to ... or with ... binding, tool
Have, the attribute, etc. with ..;And term " controller " mean to control any equipment of at least one operation, system or its
Component, such equipment may be realized with some combinations of hardware, firmware or software or wherein at least two.It should be noted that
: functionality associated with any specific controller may be centralization or distributed, either local or remote
Journey.The definition for being used for certain words and phrase is provided through patent document, it should be understood by those skilled in the art that: if not
In most cases, in many cases, such definition is suitable for word and phrase existing and define in this way not
To use.
In the following description, several specific embodiments with reference to attached drawing and are diagrammatically shown.It will be appreciated that
It is contemplated that and other embodiments can be made without departing from the scope of the present disclosure or spirit.Therefore, described in detail below should not be by
Think in a limiting sense.
According to an exemplary embodiment of the invention, Fig. 1 illustrates the structure chart of the information safety system based on big data.It is based on
The information safety system of big data includes multiple big data servers and multiple delayed processing circuits, wherein each big data service
Device and a delayed processing circuit correspond.
According to an exemplary embodiment of the invention, Fig. 2 illustrates the structure chart of big data server.The wherein big data service
Device includes:
Coffret receives the request of access, and/or sends the data of processing;
Integration module is obtained, via coffret, obtains data from multiple data sources, and formed by data integration process
Big data that is to be processed and using;
Cleaning module cleans big data, eliminates similar or duplicate data;
Determining module, it is determined whether protected using the big data that secret protection technology generates cleaning module, and root
Corresponding operating is executed according to definitive result;
The big data that determining module generates is stored in big data platform by memory module in a distributed fashion;
Redundant module carries out disaster tolerance preparation using the big data that redundancy stores memory module;
Determination module, when big data of the external node via coffret access memory module storage, to external node
Quantity and permission determined, it is eligible, external node is directed to authentication module;
Authentication module carries out authentication to external accessed node;
Module is excavated, big data is excavated according to the request of external node;
Feedback module, according to whether being fed back big data Result via coffret using the judgement of encryption technology
Return outside access node.
Preferably, the acquisition integration module in big data server obtains number from multiple data sources via coffret
According to, and big data that is to be processed and using is formed by data integration process and further comprises: by wired or wireless link, warp
By meeting the coffret of secure transfer protocol, data are obtained from external multiple data sources, and according to different source numbers
According to forming big data that is to be processed and using by data integration process.Preferably, the data of separate sources include: by calculating
The data that machine information processing system generates, the initial data obtained by digital device;The form of expression packet of the data of separate sources
Include but be not limited to text, either statically or dynamically image.
Preferably, the cleaning module in big data server, big data is cleaned, and eliminates similar or duplicate number
According to further comprising: the description based on different mode divide to big data and forms unit to be processed according to division rule, according to
Calculate corresponding hashed value according to the content character of each unit to be processed, compare the hashed value it is identical with already present hashed value and
It is no to determine whether unit to be processed repeats;Then show that unit to be processed and already present unit to be processed are similar if they are the same
Or duplicate data, and the unit to be processed is removed, otherwise show it is not that similar or duplicate data do not execute removal behaviour
Make.Particularly, the division rule is length etc. point rule.By the module and its operation, it can guarantee the accuracy of data.
Preferably, the determining module in big data server, it is determined whether raw to cleaning module using secret protection technology
At big data protected, and according to definitive result execute corresponding operating further comprise: determine whether using secret protection
Technology is protected to the big data that integration module is formed is obtained, and is encrypted if necessary using anonymous secret protection technology
It protects and result is input to memory module, be otherwise directly entered memory module.
Preferably, big data is stored in big data in a distributed fashion and put down by the memory module in big data server
Platform further comprises: using cloud storage technology, stores in a distributed fashion on multiple nodes in big data platform big
Data;The wherein storage further comprises: receiving big data;Confirm its data integrity and data length;Select available deposit
Node is stored up, and carries out abrasion equilibrium judgement, to determine its availability coefficient, and determines its free memory size, using can
With the sequence from high to low of coefficient, successively summation is selected to meet the available to memory node of big data data length, wherein should
The negatively correlated relationship of the access times of availability coefficient and available memory node.It, can be reasonable by the module and its operation
Big data is distributed and is stored by ground.
Preferably, the big data of generation is carried out disaster tolerance standard using redundancy by the redundant module in big data server
It is standby to further comprise: to store source data using the first memory node, set the second memory node to provide isomery storage information
Resource pool, and each data storage cell in the second memory node is arranged to and the corresponding position of the first memory node
Mirror image, and guarantee that the first memory node and the second memory node belong to the different storage mediums of separation;Monitoring the first storage section
The access and failure of point, and when monitoring the first memory node generation update or failure, the second memory node is executed respectively
The corresponding of mirror image update or the second memory node of starting is to be supplied to access by communication interface for the data of corresponding part
Node.By the redundant module and its operation, it can guarantee that the data in the case that big data breaks down are restored and accessed.
Preferably, the determination module in big data server, the determination module include permission determination module, which sentences
Cover half block is in the big data of external node visit memory module, by the determination module pair for including in each big data server
The quantity and permission of external node are determined, further comprise: when the quantity for the external node for needing to access is more than that may have access to
When the quantity of process resource (when such as encountering attack in force, or encounter such as promotion etc a large amount of access when), need to lead to
The judgement for crossing permission excludes or refusal does not meet the external node of access conditions, for example, when the IP of the external node of access be located at it is black
When IP listed by list, directly refuse the access of its port;If the quantity of the external node after permission judgement is more than that may have access to place
The quantity of resource is managed, then is ranked up external node according to access sequencing, and it is forward to be sorted according to ranking results
Access request is sequentially input in multiple and different delayers of the corresponding delayed processing circuit of big data server;The delay
Device is made of end to end multiple delay units, and the output of each delay unit is connected to corresponding first multiplexer,
And the output of each first multiplexer is connected to corresponding latch units, and the output of each latch units is connected to second
Multiplexer, input of the output of the second multiplexer as authentication module.
By the determination module, it can be effectively prevented from the risk that big data is attacked, and accessing excessive situation
Under, it can effectively alleviate the pressure of access process resource.
More specifically, the determination module in big data server, the determination module includes permission determination module, the permission
Determination module is in the big data of external node visit memory module, by the determination module for including in each big data server
The quantity and permission of external node are determined, further comprise: when the quantity for the external node that needs access is more than that can visit
It asks when the quantity of process resource while encountering such as a large amount of access of promotion etc (when such as encountering attack in force, or), needs
The external node of access conditions is excluded or refused not meeting by the judgement of permission, such as when the IP of the external node of access is located at
When IP listed by blacklist, directly refuse the access of its port;If the quantity of the external node after permission judgement is more than that may have access to
External node is then ranked up according to access sequencing by the quantity of process resource, and it is forward to be sorted according to ranking results
Access request sequentially input in multiple and different delayers of the corresponding delayed processing circuit of big data server;Permission is sentenced
The access request of external node after fixed is the i-th access request~jth access request, and wherein j-i=L and i, j and L are positive
Integer;Then the i-th access request~jth access request is inputted respectively in respective delayer;Fig. 3 diagram access request is prolonged
When processing circuit structure chart, which includes multiple delayers, multiple first multiplexers, and multiple latches are single
Member and second multiplexer;Each delayer is made of end to end multiple delay units, each delay unit
Output is connected to corresponding first multiplexer, and in addition to first and the last one delay unit, each delay is single
The output of member is also connected to the input of next delay unit of its affiliated delayer, and the input of first delay unit is connected to
The corresponding access request of the delayer and the input as the delayer, the output of first delay unit are connected to the delayer
Second delay unit input, output of the output of the last one delay unit as the delayer belonging to it;It is wherein first
The connected delay unit quantity of tail is M, and M is 2 positive integer power and its numerical value is greater than L;Wherein each big data server
All include processor, under the control of a processor, by the i-th access request connection M delay unit be i1 ..., im ..., iM,
And so on, M delay unit of jth access request connection is j1 ..., jm ..., jM, and m is just whole between 1 and M
Number;Wherein the output of respective first delay unit of the i-th access request~jth access request is connected to the first multiplexer
Mux11 ..., wherein the output of respective m-th of the delay unit of the i-th access request~jth access request is connected to the first multichannel
Multiplexer mux1m ..., wherein the output of the respective m-th delay unit of the i-th access request~jth access request is connected to
One multiplexer mux1M;The output of each first multiplexer is connected to corresponding latch units, wherein the first multichannel is multiple
Latch units 1 are connected to the output of device mux11 ..., the output of the first multiplexer mux1m is connected to latch units
The output of m ..., the first multiplexer mux1M are connected to latch units M;The output of each latch units is connected to more than second
Path multiplexer, wherein the output of latch units 1 is connected to first input ... of the second multiplexer mux2, latch units m
Output be connected to m-th of the second multiplexer mux2 input ..., it is multiple that the output of latch units M is connected to the second multichannel
It is inputted with the m-th of device mux2;Second multiplexer mux2 output as determination module output and authentication module it is defeated
Enter.Wherein under the control of a processor, different delays is respectively set in the i-th access request~jth access request, and made
Under the control of energy signal, the gating of an input in multiple first multiplexers is controlled, and the signal is locked into correspondence
Latch units in, later under the control of the second enable signal, control the second multiplexer in one input gating;
Later after the access request to, feedback signal is sent to the processor of big data server, is asked with carrying out next access
The access permission operation asked.
Delayed processing circuit and big data service as the significant improvement for the prior art, in the program of the present invention
Device is independently arranged, and is reduced and is lined up the process resource that processing occupies, while when big data server breaks down, delay process electricity
It routes in latch function, that is, saves field data, and can continue at faster speed when big data server is resumed work
Work, middle field data saves in memory compared with the existing technology, avoids due to server fail internal storage data meeting
The case where loss, and reduce the influence resumed work to big data server;And reduce due to field data
It reads, call, calculated with the time cost of restoring scene data caused by failure.
Preferably, wherein the structure of each delay unit include: the first transistor source electrode connection high-voltage level, first
The drain electrode of transistor connects the drain electrode of second transistor and collectively as the output of the same level delay unit, the grid of the first transistor
Connect the grid of second transistor and collectively as the input of the same level delay unit, the source electrode connection third crystal of second transistor
The drain electrode of pipe, the grid of third transistor connect high-voltage level, and the source electrode of third transistor connects low voltage level, wherein the
The polarity of one transistor is opposite with the polarity of second transistor, third transistor.
Alternatively, wherein the structure of each delay unit includes: the source of the source electrode of the 11st transistor, the tenth two-transistor
Pole, the 15th transistor grid be all connected to high-voltage level, the grid of the 11st transistor and drain electrode are all connected to the tenth
The drain electrode of five transistors, the 17th transistor grid, the grid of the tenth two-transistor is connected to the grid of the 16th transistor,
The source electrode of 15th transistor is connected to the drain electrode of the 16th transistor, and the drain electrode of the tenth two-transistor is connected to the 13rd crystal
The source electrode of pipe, the grid of the 13rd transistor are connected to the grid of the 14th transistor and collectively as the defeated of the same level delay unit
Entering, the drain electrode of the 13rd transistor is connected to the drain electrode of the 14th transistor and the output as the same level delay unit, and the 14th
The source electrode of transistor is connected to the drain electrode of the 17th transistor, and the source electrode of the 16th transistor and the source electrode of the 17th transistor connect
It is connected to low voltage level, wherein the polarity of the 11st transistor, the tenth two-transistor, the 13rd transistor and the 14th crystal
Pipe, the 15th transistor, the 16th transistor, the polarity of the 17th transistor are opposite.
Alternatively, wherein the structure of each delay unit includes: the source electrode of the 21st transistor, the 20th two-transistor
Source electrode, the 25th transistor source electrode be connected to high-voltage level, grid, the 22nd crystal of the 21st transistor
The grid of the grid of pipe, the grid of the 23rd transistor and the 24th transistor is all connected to the defeated of the same level delay unit
Enter, the drain electrode of the 21st transistor, the drain electrode of the 20th two-transistor are all connected to the drain electrode of the 23rd transistor, second
The source electrode of the grid of the grid of 15 transistors, the 26th transistor, the 23rd transistor is connected to the 24th crystal
The drain electrode of the drain electrode of pipe, the 25th transistor is connected to the drain electrode of the 26th transistor and as the defeated of the same level delay unit
Out, the source electrode of the 26th transistor and the source electrode of the 24th transistor are all connected to low voltage level, wherein the 21st
The polarity of transistor, the 20th two-transistor and the 25th transistor and the 23rd transistor, the 24th transistor and
The polarity of 26th transistor is opposite.
Preferably, wherein the input that the structure of each latch units includes: the latch units is connected to the first phase inverter
Input, the output of the first phase inverter are connected to input and the grid of the 31st transistor of the second phase inverter, and the 31st is brilliant
The drain electrode of body pipe is connected to the output of third phase inverter, the input of the 4th phase inverter, the input of the 5th phase inverter, the 5th phase inverter
Output be connected to the input of the 6th phase inverter, output of the output of the 6th phase inverter as the latch units, the second phase inverter
Output be connected to the grid of the 33rd transistor, the source electrode of the 33rd transistor and the source electrode of the 31st transistor connect
It is connected to low voltage level, the drain electrode of the 33rd transistor is connected to the source electrode of the 30th two-transistor, the 30th two-transistor
Grid be connected to enable signal, the drain electrode of the 30th two-transistor is connected to input and the 4th phase inverter of third phase inverter
Output.
By above delay unit and latch units, the different access timing of multiple access requests can be efficiently controlled
And sequence, so that the utilization of access process resource is optimized.
Preferably, the authentication module in big data server, carrying out authentication to external accessed node further comprises:
The historical behavior data of the external node of access are obtained, and are analyzed it to obtain feature, making for the external node is identified
The behavior and its identity of user;The access request of the external node of access and the related coefficient of preset instruction are judged, when the phase
When relationship number is greater than threshold value, it is identified through authentication and enters and excavate module progress data mining;Otherwise authentication is determined
Do not pass through and exits;The wherein generating process of the related coefficient are as follows: the data vector for including by access request forms AS=
[A1, A2, Ai ..., AN];The vectorization for obtaining preset instruction indicates PSI=[I1, I2, Ii ..., IN], and wherein N is just whole
Number;Calculate the access request of the external node of access and the related coefficient of preset instruction It is preferred that
Ground, the selection space of the threshold value are 0.925~0.975.It is highly preferred that the threshold value is 0.95.
By the authentication module and its specific operation, can behavior to the user of external node and its identity carry out
Effectively identification is demonstrate,proved, to ensure the safety of the information safety system based on big data.
Preferably, the excavation module in big data server, according to the request of external node to big data excavated into
One step includes: that big data is classified: carrying out space clustering processing according to the source of its data, removes data outside space;It will
The data of cluster form multiple set, i.e., the data object in the same space are become set;Using regular expressions, removal
The symbols such as number, emoticon in each set;Using the frequency of occurrence and the data object of data object in above-mentioned set
Distribution situation determine significance level of the data object in corresponding set;The frequency of data object is obtained by statistical method
Rate, and summarized to obtain the frequency of occurrence to the data object;Clustering is carried out to the data object, obtains data mining
As a result.
Preferably, the feedback module in big data server, according to whether being dug big data using the judgement of encryption technology
It includes: when using encryption technology, according to adding for large data center that pick result, which feeds back to outside access node via coffret,
Decryption unit encrypts big data Result, and is fed back to outside access node by coffret, wherein will
Key is separately stored with encryption data.
It, can be for number by the configuration of the above-described information safety system based on big data and big data server
Proper treatment is carried out according to source, reasonable distribution is carried out to storage, safety certification is carried out to access, numerous access are handled, are had
The risk that big data is attacked is avoided to effect, and can effectively alleviate access process resource in the case where access is excessive
Pressure can guarantee the accuracy of data, can reasonably big data is distributed and be stored, can guarantee that big data breaks down
In the case where data restore and access;The case where losing due to server fail internal storage data is avoided, and is dropped
The low influence resumed work to big data server;And reduces the reading as caused by the failure of field data, adjusts
With, calculate with the time cost of restoring scene data.
According to an exemplary embodiment of the invention, Fig. 4 illustrates a kind of process letter of information security method based on big data
Figure.The information security method based on big data is applied to the information safety system based on big data, and wherein the system includes
Multiple big data servers and multiple delayed processing circuits, wherein each big data server and a delayed processing circuit are one by one
It is corresponding.This method comprises: big data server is configured to execute:
The request of access is received, and/or sends the data of processing;Number is obtained from multiple data sources via coffret
According to, and big data that is to be processed and using is formed by data integration process;
Big data is cleaned, similar or duplicate data are eliminated;
Determine whether that the big data generated using secret protection technology to cleaning is protected, and is executed according to definitive result
Corresponding operating;
The big data for determining that step generates is stored in big data platform in a distributed fashion;
The big data of storage is subjected to disaster tolerance preparation using redundancy;
In big data of the external node via coffret access storage, the quantity and permission of external node are sentenced
It is fixed, it is eligible, external node is directed to authenticating step;
Authentication is carried out to external accessed node;
Big data is excavated according to the request of external node;
According to whether big data Result is fed back to outside access via coffret using the judgement of encryption technology
Node.
Preferably, data are obtained via coffret and from multiple data sources, and is formed by data integration process wait locate
The big data managed and used further comprises: by wired or wireless link, via the coffret for meeting secure transfer protocol,
Data are obtained from external multiple data sources, and according to different derived datas, are formed by data integration process to be processed
With the big data used.Preferably, the data of separate sources include: the data generated by computer information processing system, by counting
The initial data that word equipment obtains;The form of expression of the data of separate sources includes but is not limited to text, either statically or dynamically image.
Preferably, big data is cleaned, eliminating similar or duplicate data further comprises: based on different mode
Description, big data divide according to division rule form unit to be processed, the content according to each unit to be processed is special
Property calculate corresponding hashed value, compare the hashed value it is identical as already present hashed value whether determine whether unit to be processed weighs
It is multiple;Then show that unit to be processed and already present unit to be processed are similar or duplicate data if they are the same, and removing should be to
Otherwise processing unit shows it is not that similar or duplicate data do not execute removal operation.Particularly, the division rule is
Length etc. point rule.By the step, it can guarantee the accuracy of data.
Preferably, it is determined whether protected using the big data that secret protection technology generates cleaning, and according to determination
As a result execute corresponding operating further comprise: determine whether using secret protection technology to the big data for obtaining and being integrated to form into
Row protection is encrypted using anonymous secret protection technology if necessary and result is input to storing step, otherwise
It is directly entered storing step.
Preferably, the big data for determining step generation is stored in a distributed fashion in big data platform and is further wrapped
It includes: using cloud storage technology, storing big data in a distributed fashion on multiple nodes in big data platform;Wherein this is deposited
Storage further comprises: receiving big data;Confirm its data integrity and data length;Available memory node is selected, and is carried out
Abrasion equilibrium determines, to determine its availability coefficient, and determines its free memory size, using availability coefficient slave height to
Low sequence successively selects summation to meet the available to memory node of big data data length, wherein the availability coefficient and available
Memory node the negatively correlated relationship of access times.By the step, can reasonably big data be distributed and be stored.
Preferably, the big data of storage is carried out disaster tolerance preparation using redundancy further comprises: using the first storage
Node stores source data, and the second memory node is set as providing the resource pool of isomery storage information, and by the second memory node
In each data storage cell be arranged to the mirror image with the corresponding position of the first memory node, and guarantee the first memory node
Belong to the different storage mediums of separation with the second memory node;It monitors the access and failure of the first memory node, and is monitoring
First memory node occurs the corresponding of the mirror image for executing the second memory node when updating perhaps failure respectively and updates or starting the
Two memory nodes are to be supplied to accessed node by communication interface for the data of corresponding part.By the step, can guarantee big
Data in the case that data break down are restored and are accessed.
Preferably, in big data of the external node via coffret access storing step storage, to external node
Quantity and permission are determined, eligible, and external node is directed to authenticating step and further comprises: when needs access
The quantity of external node is more than (when such as encountering attack in force, or to encounter and such as promote when may have access to the quantity of process resource
Etc a large amount of access when), need to exclude by the judgement of permission or refusal do not meet the external node of access conditions, for example, when
When the IP of the external node of access is located at IP listed by blacklist, directly refuse the access of its port;If outer after permission judgement
The quantity of portion's node is more than that may have access to the quantity of process resource, then is ranked up external node according to access sequencing, and
The forward access request that sorts is sequentially input into the more of the corresponding delayed processing circuit of big data server according to ranking results
In a different delayer;The delayer is made of end to end multiple delay units, and the output of each delay unit connects
It is connected to corresponding first multiplexer, and the output of each first multiplexer is connected to corresponding latch units, respectively
The output of a latch units is connected to the second multiplexer, input of the output of the second multiplexer as authenticating step.
By the determination step, it can be effectively prevented from the risk that big data is attacked, and accessing excessive situation
Under, it can effectively alleviate the pressure of access process resource.
More specifically, quantity and permission to external node carry out in the big data of external node visit storing step
Determine, further comprise: (such as being encountered big when needing the quantity of the external node accessed to be more than that may have access to the quantity of process resource
When scale is attacked, or when encountering such as a large amount of access of promotion etc), it needs to exclude by the judgement of permission or refusal is not inconsistent
The external node of access conditions is closed, such as IP listed by the IP of the external node of access is located at blacklist, directly refuses it
Port access;If the quantity of the external node after permission judgement is more than that may have access to the quantity of process resource, first according to access
Afterwards sequence external node is ranked up, and according to ranking results will sort forward access request sequentially input the big data clothes
It is engaged in multiple and different delayers of the corresponding delayed processing circuit of device;The access request of external node after permission determines is the
I access request~jth access request, wherein j-i=L and i, j and L are positive integer;Then by the i-th access request~jth
Access request is inputted respectively in respective delayer;The delayed processing circuit includes multiple delayers, multiple first multiplexings
Device, multiple latch units and second multiplexer;Each delayer is made of end to end multiple delay units, often
The output of a delay unit is connected to corresponding first multiplexer, and except first and the last one delay unit it
Outside, the output of each delay unit is also connected to the input of next delay unit of its affiliated delayer, and first delay is single
The input of member is connected to the corresponding access request of the delayer and the input as the delayer, the output of first delay unit
It is connected to the input of second delay unit of the delayer, the output of the last one delay unit is as the delayer belonging to it
Output;Wherein end to end delay unit quantity is M, and M is 2 positive integer power and its numerical value is greater than L;It is wherein each
Big data server all includes processor, under the control of a processor, is by the M delay unit that the i-th access request links
I1 ..., im ..., iM, and so on, M delay unit of jth access request link is j1 ..., jm ..., jM, and m is between 1
Positive integer between M;Wherein the output of respective first delay unit of the i-th access request~jth access request is connected to
First multiplexer mux11 ..., wherein the output of respective m-th of the delay unit of the i-th access request~jth access request
It is connected to the first multiplexer mux1m ..., wherein the respective m-th delay unit of the i-th access request~jth access request
Output be connected to the first multiplexer mux1M;The output of each first multiplexer is connected to corresponding latch units,
Wherein the output of the first multiplexer mux11 is connected to latch units 1 ..., the output connection of the first multiplexer mux1m
Output to latch units m ..., the first multiplexer mux1M is connected to latch units M;The output of each latch units connects
Be connected to the second multiplexer, wherein the output of latch units 1 be connected to first of the second multiplexer mux2 it is defeated
Enter ..., the output of latch units m is connected to m-th of input ... of the second multiplexer mux2, and the output of latch units M connects
It is connected to the m-th input of the second multiplexer mux2;Output of the output of second multiplexer mux2 as determination step
With the input of authenticating step.Wherein under the control of a processor, difference is respectively set in the i-th access request~jth access request
Delay control the gating of an input in multiple first multiplexers, and should and under the control of enable signal
Signal is locked into corresponding latch units, later under the control of the second enable signal, is controlled in the second multiplexer
The gating of one input;Later after the access request to, feedback signal is sent to the processor of big data server, with into
The access permission operation of the next access request of row.
As the improvement for the prior art, using delayed processing circuit and big data server in this method step
It is independently arranged, reduces and be lined up the process resource that processing occupies, while when big data server breaks down, delayed processing circuit
Due to latch function, that is, field data is saved, and work can be continued at faster speed when big data server is resumed work
Make, middle field data saves in memory compared with the existing technology, avoids since server fail internal storage data can be lost
The case where mistake, and reduce the influence resumed work to big data server;And reduce the event due to field data
It reads, call, calculated with the time cost of restoring scene data caused by barrier.In addition, delay unit and latch more than passing through
Unit can efficiently control the different access timing and sequence of multiple access requests, so that access process resource utilizes
To optimization.
Preferably, carrying out authentication to external accessed node further comprises: obtaining the history of the external node of access
Behavioral data, and analyze it the behavior and its identity for identifying the user of the external node to obtain feature;Judgement is visited
The related coefficient of the access request for the external node asked and preset instruction is identified through when the related coefficient is greater than threshold value
Authentication simultaneously enters excavation step progress data mining;Otherwise determine that authentication does not pass through and exits;The wherein correlation
The generating process of coefficient are as follows: the data vector for including by access request is formed AS=[A1, A2, Ai ..., AN];It obtains default
Instruction vectorization indicate PSI=[I1, I2, Ii ..., IN], wherein N is positive integer;Calculate the visit of the external node of access
Ask the related coefficient of request with preset instructionPreferably, the selection space of the threshold value is
0.925~0.975.It is highly preferred that the threshold value is 0.95.
By the authenticating step and its specific operation, can behavior to the user of external node and its identity carry out
Effectively identification is demonstrate,proved, to ensure the safety of the information safety system based on big data.
Preferably, big data excavate according to the request of external node and further comprises: big data is classified:
Space clustering processing is carried out according to the source of its data, removes data outside space;The data of cluster are formed into multiple set, i.e., will
Data object in the same space becomes set;Using regular expressions, number, emoticon in gathering unless each etc. is gone to accord with
Number;Determine data object right using the frequency of occurrence and distribution situation of the data object in above-mentioned set of data object
Significance level in should gathering;The frequency of data object is obtained by statistical method, and is summarized to obtain to the data object
Frequency of occurrence;Clustering is carried out to the data object, obtains data mining results.
Preferably, according to whether using encryption technology judgement, big data Result is fed back to via coffret
Outside access node includes: when using encryption technology, according to the encryption/decryption element of large data center to big data Result
It is encrypted, and outside access node is fed back to by coffret, wherein key is separately stored with encryption data.
By the above-described information security method based on big data and its operation, it is appropriate that data source can be carried out
Processing, carries out reasonable distribution to storage, carries out safety certification to access, handles numerous access, be effectively prevented from big number
According to the risk attacked, and it can effectively alleviate in the case where access is excessive the pressure of access process resource, Neng Goubao
The accuracy of data is demonstrate,proved, can reasonably big data is distributed and be stored, in the case where capable of guaranteeing that big data breaks down
Data restore and access;The case where losing due to server fail internal storage data is avoided, and is reduced to big number
According to the influence of server resumed work;And reduces the reading as caused by the failure of field data, call, calculate with extensive
Reappear the time cost of field data.
According to an exemplary embodiment of the invention, the invention further relates to a kind of information safety device based on big data, packets
It includes: reservoir, for storing the information and director data of big data;And processor, it is used to execute above based on big data
Information security method described in any one or more steps.
According to an exemplary embodiment of the invention, it the invention further relates to a kind of computer readable storage medium, stores thereon
There is executable instruction, will realize when which is executed as computer and appoint described in the above information security method based on big data
What one or more steps.
Above-mentioned each technical term is the routine techniques term with common meaning in this field, in order not to obscure this
The emphasis of invention, is not further explained it herein.
Multiple nodes in big data platform are node types as known in the art, such as can be big data service
Device, cloud disk, micro- disk, Dropbox, the node of the various forms of Stored Data Types such as client.External node for example can be using visitor
The form at family end, mobile terminal, client computer etc.Big data platform can be the platform including big data server, wherein wrapping
Above-mentioned multiple nodes are included.Addressable process resource can for example refer to the channel, assembly line, thread etc. that can be used for data processing.
But terms above is only exemplary rather than limitation.
To sum up, in the inventive solutions, by using a kind of information safety system based on big data and side
Method can carry out proper treatment for data source, carry out reasonable distribution to storage, safety certification be carried out to access, to numerous
Access is handled, and is effectively prevented from the risk that big data is attacked, and can effectively delay in the case where access is excessive
The pressure for solving access process resource, can guarantee the accuracy of data, can reasonably big data is distributed and be stored, Neng Goubao
Data in the case that card big data breaks down are restored and are accessed;It avoids since server fail internal storage data can be lost
The case where mistake, and reduce the influence resumed work to big data server;And reduce the event due to field data
It reads, call, calculated with the time cost of restoring scene data caused by barrier.
It will be appreciated that example and reality of the invention can be realized in the form of the combination of hardware, software or hardware and software
Apply example.As described above, any main body for executing this method can be stored, in the form of volatility or non-volatile holographic storage, such as
Equipment is stored, as ROM, whether no matter can erasing or is rewritable, or in the form of a memory, such as RAM, storage core
Piece, equipment or integrated circuit or on the readable medium of light or magnetic, such as CD, DVD, disk or tape.It will be appreciated that
Storage equipment and storage medium are suitable for storing the example of the machine readable storage of one or more programs, upon being performed,
One or more of programs realize example of the invention.Via any medium, such as it is loaded with by wired or wireless coupling
Signal of communication can electronically transmit example of the invention, and example suitably includes identical content.
It is to be noted that being closed because the present invention, which solves, to carry out proper treatment for data source to storage
Reason distribution carries out safety certification to access, handles numerous access, be effectively prevented from the risk that big data is attacked, and
And can effectively alleviate the pressure of access process resource in the case where access is excessive, it can guarantee the accuracy of data, energy
It is enough that reasonably big data is distributed and is stored, it can guarantee that the data in the case that big data breaks down are restored and accessed;It keeps away
The case where losing due to server fail internal storage data is exempted from, and has reduced and resume work to big data server
Influence;And reduce as caused by the failure of field data reading, call, calculate with the time of restoring scene data at
This technical issues of, can manage according to its training centre after reading this description using technical staff in field of computer technology
The technological means of solution, and advantageous effects are obtained, so claimed scheme belongs to patent in the following claims
Technical solution in method meaning.In addition, because the claimed technical solution of appended claims can manufacture in the industry or
It uses, therefore the program has practicability.
The above, preferable specific embodiment only of the invention, but protection scope of the present invention is not limited to
This, anyone skilled in the art in the technical scope disclosed by the present invention, the variation that can readily occur in or replaces
It changes, should all forgive within protection scope of the present invention.Unless be otherwise expressly recited, otherwise disclosed each feature is only
It is equivalent or similar characteristics a example for general series.Therefore, protection scope of the present invention should be with claims
Subject to protection scope.
Claims (8)
1. a kind of information safety system based on big data, including multiple big data servers and multiple delayed processing circuits,
In each big data server and delayed processing circuit correspond;
Each big data server includes determining whether module, and the determination module includes permission determination module, which determines mould
Block determines the quantity and permission of external node in the big data of external node visit memory module, when needing to access
The quantity of external node be more than to need to exclude by the judgement of permission or refusal is not met when may have access to the quantity of process resource
The external node of access conditions;
Delayed processing circuit includes multiple delayers, and each delayer receives an access from corresponding big data server and asks
It asks, delayed processing circuit latches and gates one in multiple access requests, and allows the access request;The access request it
Feedback signal is sent to the processor of big data server afterwards to carry out the operation of the access permission of next access request;
The determination module further comprises quantitative determination module, if the quantity of the external node after permission judgement is more than that can visit
It asks the quantity of process resource, is then ranked up external node according to access sequencing, and leaned on sequence according to ranking results
Preceding access request is sequentially input in multiple and different delayers of the corresponding delayed processing circuit of big data server;Permission
The access request of external node after judgement is the i-th access request~jth access request, and wherein j-i=L and i, j and L are
Positive integer;Then the i-th access request~jth access request is inputted respectively in respective delayer;
The delayed processing circuit includes multiple delayers, multiple first multiplexers, multiple latch units and one more than second
Path multiplexer;Each delayer is made of end to end multiple delay units, and the output of each delay unit is connected to correspondence
The first multiplexer, and in addition to first and the last one delay unit, the output of each delay unit is also connected with
To the input of next delay unit of its affiliated delayer, it is corresponding that the input of first delay unit is connected to the delayer
Access request and input as the delayer, second delay that the output of first delay unit is connected to the delayer are single
The input of member, output of the output of the last one delay unit as the delayer belonging to it;Wherein end to end delay is single
First quantity is M, and M is 2 positive integer power and its numerical value is greater than L.
2. the information safety system according to claim 1 based on big data, it is characterised in that:
Each big data server includes processor, under the control of a processor, the i-th access request is connected to M delay
Unit i1 ..., im ..., iM, and so on, jth access request, which is connected to M delay unit j1 ..., jm ..., jM, m, is
Positive integer between 1 and M;Wherein the output of respective first delay unit of the i-th access request~jth access request connects
It is connected to the first multiplexer mux11, wherein the output of respective m-th of the delay unit of the i-th access request~jth access request
It is connected to the first multiplexer mux1m, wherein the respective m-th delay unit of the i-th access request~jth access request is defeated
It is connected to the first multiplexer mux1M out;The output of each first multiplexer is connected to corresponding latch units, wherein
The output of first multiplexer mux11 is connected to latch units 1, and the output of the first multiplexer mux1m is connected to latch
Unit m, the output of the first multiplexer mux1M are connected to latch units M;The output of each latch units is connected to more than second
Path multiplexer, wherein the output of latch units 1 is connected to first input of the second multiplexer mux2, latch units m's
Output is connected to m-th of input of the second multiplexer mux2, and the output of latch units M is connected to the second multiplexer
The m-th of mux2 inputs;Second multiplexer mux2's exports as the output of determination module and the input of authentication module,
In under the control of a processor, the i-th access request~jth access request is respectively set different delays, and in enabled letter
Number control under, control the gating of an input in multiple first multiplexers, and the signal is locked into corresponding lock
In memory cell, later under the control of the second enable signal, the gating of an input in the second multiplexer is controlled;Later
After the access request to, feedback signal is sent to the processor of big data server, to carry out next access request
Access permission operation.
3. the information safety system according to claim 2 based on big data, it is characterised in that:
Big data server further includes authentication module, for authenticating mould after the determination module operation in big data server
Block carries out authentication to external accessed node, comprising: obtains the historical behavior data of the external node of access, and carries out to it
Analysis identifies the behavior and its identity of the user of the external node to obtain feature;Judge the access of the external node of access
The related coefficient of request and preset instruction is identified through authentication and enters and excavate when the related coefficient is greater than threshold value
Module carries out data mining;Otherwise determine that authentication does not pass through and exits.
4. the information safety system according to claim 3 based on big data, it is characterised in that:
Big data server further includes memory module, for that will count greatly before the determination module operation in big data server
According to being stored in big data platform in a distributed fashion, comprising: use cloud storage technology, multiple sections in big data platform
Big data is stored in a distributed fashion on point;The wherein storage further comprises: receiving big data;Confirm its data integrity
And data length;Available memory node is selected, and carries out abrasion equilibrium judgement, to determine its availability coefficient, and determines it
Free memory size successively selects summation to meet big data data length using the sequence from high to low of availability coefficient
It is available to memory node, the wherein negatively correlated relationship of the access times of the availability coefficient and available memory node.
5. the information safety system according to claim 4 based on big data, it is characterised in that:
Big data server further include excavate module, in big data server authentication module operation after, according to outer
Big data is excavated in the request of portion's node, comprising: big data is classified: it is poly- to carry out space according to the source of its data
Class processing, removes data outside space;The data of cluster are formed into multiple set, i.e., are integrated the data object in the same space
For set;Using regular expressions, number in gathering unless each, emoticon are gone;Using the frequency of occurrence and the number of data object
Significance level of the data object in corresponding set is determined in the distribution situation in above-mentioned set according to object;Pass through statistical method
The frequency of data object is obtained, and is summarized to obtain the frequency of occurrence to the data object;The data object is clustered
Analysis obtains data mining results.
6. a kind of information security method based on big data, applied to the information safety system based on big data, the wherein system
Including multiple big data servers and multiple delayed processing circuits, wherein each big data server and a delayed processing circuit
It corresponds;
This method comprises:
It is external by the determination module for including in each big data server in the big data of external node visit memory module
The quantity and permission of portion's node are determined, when the quantity for the external node for needing to access is more than that may have access to the quantity of process resource
When, need to exclude or refuse not meeting the external node of access conditions by the judgement of permission;
Delayed processing circuit latches and gates one in multiple access requests, and allows the access request;In the access request
Feedback signal is sent to the processor of big data server later with carry out the access permission of next access request operation,
In the delayed processing circuit include multiple delayers, each delayer receives an access from corresponding big data server and asks
It asks;
The operation of quantitative determination module in determination module in big data server and the operation of delayed processing circuit are into one
Step includes: to need sentencing by permission when the quantity for the external node for needing to access is more than that may have access to the quantity of process resource
The fixed external node excluded or refuse not meeting access conditions;If the quantity of the external node after permission judgement is more than that may have access to
The quantity of process resource, then the quantitative determination module for including in determination module arrange external node according to access sequencing
Sequence, and the corresponding delayed processing circuit of big data server is sequentially input according to the ranking results forward access request that will sort
Multiple and different delayers in;The access request of external node after permission judgement is that the i-th access request~jth access is asked
It asks, wherein j-i=L and i, j and L are positive integer;Then the i-th access request~jth access request is inputted respectively respectively
Delayer in;The delayed processing circuit includes multiple delayers, multiple first multiplexers, multiple latch units and one
Second multiplexer;Each delayer is made of end to end multiple delay units, the output connection of each delay unit
To corresponding first multiplexer, and in addition to first and the last one delay unit, the output of each delay unit
It is also connected to the input of next delay unit of its affiliated delayer, the input of first delay unit is connected to the delayer
Corresponding access request and input as the delayer, the output of first delay unit are connected to second of the delayer
The input of delay unit, output of the output of the last one delay unit as the delayer belonging to it;It is wherein end to end
Delay unit quantity is M, and M is 2 positive integer power and its numerical value is greater than L;Wherein M delay of the i-th access request connection
Unit is i1 ..., im ..., iM, and so on, M delay unit of jth access request connection is j1 ..., jm ..., jM, m
It is the positive integer between 1 and M;The wherein output of respective first delay unit of the i-th access request~jth access request
It is connected to the first multiplexer mux11, wherein respective m-th of the delay unit of the i-th access request~jth access request is defeated
It is connected to the first multiplexer mux1m out, wherein the respective m-th delay unit of the i-th access request~jth access request
Output is connected to the first multiplexer mux1M;The output of each first multiplexer is connected to corresponding latch units,
In the output of the first multiplexer mux11 be connected to latch units 1, the output of the first multiplexer mux1m is connected to lock
Memory cell m, the output of the first multiplexer mux1M are connected to latch units M;The output of each latch units is connected to second
Multiplexer, wherein the output of latch units 1 is connected to first input of the second multiplexer mux2, latch units m
Output be connected to m-th of the second multiplexer mux2 input, the output of latch units M is connected to the second multiplexer
The m-th of mux2 inputs;Second multiplexer mux2's exports as the output of determination module and the input of authentication module,
In under the control of a processor, the i-th access request~jth access request is respectively set different delays, and in enabled letter
Number control under, control the gating of an input in multiple first multiplexers, and the signal is locked into corresponding lock
In memory cell, later under the control of the second enable signal, the gating of an input in the second multiplexer is controlled;Later
After the access request to, feedback signal is sent to the processor of big data server, to carry out next access request
Access permission operation.
7. the information security method according to claim 6 based on big data, it is characterised in that:
Big data server carries out authentication, packet after the decision in big data server, to external accessed node
It includes: obtaining the historical behavior data of the external node of access, and analyze it to obtain feature, identify the external node
The behavior and its identity of user;The access request of the external node of access and the related coefficient of preset instruction are judged, when this
When related coefficient is greater than threshold value, it is identified through authentication and carries out data mining;Otherwise determine that authentication does not pass through and moves back
Out;
Big data server is stored in greatly in a distributed fashion before the decision in big data server, by big data
In data platform, comprising: use cloud storage technology, stored in a distributed fashion on multiple nodes in big data platform big
Data;The wherein storage further comprises: receiving big data;Confirm its data integrity and data length;Select available deposit
Node is stored up, and carries out abrasion equilibrium judgement, to determine its availability coefficient, and determines its free memory size, using can
With the sequence from high to low of coefficient, successively summation is selected to meet the available to memory node of big data data length, wherein should
The negatively correlated relationship of the access times of availability coefficient and available memory node.
8. the information security method according to claim 7 based on big data, it is characterised in that:
Big data server carries out big data after the authentication operation in big data server, according to the request of external node
It excavates, comprising: big data is classified: space clustering processing being carried out according to the source of its data, removes data outside space;It will
The data of cluster form multiple set, i.e., the data object in the same space are integrated into set;Using regular expressions, removal
Number, emoticon in each set;Using the frequency of occurrence and distribution of the data object in above-mentioned set of data object
Situation determines significance level of the data object in corresponding set;The frequency that data object is obtained by statistical method, goes forward side by side
Row summarizes to obtain the frequency of occurrence to the data object;Clustering is carried out to the data object, obtains data mining results.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910517344.2A CN110348253B (en) | 2018-08-20 | 2018-08-20 | Time delay processing circuit and method of big data based information security system |
| CN201810946037.1A CN109189829B (en) | 2018-08-20 | 2018-08-20 | Information safety system and method based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810946037.1A CN109189829B (en) | 2018-08-20 | 2018-08-20 | Information safety system and method based on big data |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910517344.2A Division CN110348253B (en) | 2018-08-20 | 2018-08-20 | Time delay processing circuit and method of big data based information security system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109189829A CN109189829A (en) | 2019-01-11 |
| CN109189829B true CN109189829B (en) | 2019-07-26 |
Family
ID=64918822
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810946037.1A Active CN109189829B (en) | 2018-08-20 | 2018-08-20 | Information safety system and method based on big data |
| CN201910517344.2A Active CN110348253B (en) | 2018-08-20 | 2018-08-20 | Time delay processing circuit and method of big data based information security system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910517344.2A Active CN110348253B (en) | 2018-08-20 | 2018-08-20 | Time delay processing circuit and method of big data based information security system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN109189829B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999377A (en) * | 2012-11-30 | 2013-03-27 | 北京东方通科技股份有限公司 | Service concurrent access control method and device |
| CN103095691A (en) * | 2012-12-31 | 2013-05-08 | 清华大学 | Method of controlling access to Internet of things nodes |
| CN105553940A (en) * | 2015-12-09 | 2016-05-04 | 北京中科云集科技有限公司 | Safety protection method based on big data processing platform |
| CN107222394A (en) * | 2017-06-16 | 2017-09-29 | 上海斐讯数据通信技术有限公司 | A kind of user access control method and system of social networks |
| CN107423155A (en) * | 2017-07-27 | 2017-12-01 | 杭州绿湾网络科技有限公司 | Back end fault detection method and device |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE602004008628T2 (en) * | 2003-06-16 | 2008-06-05 | Nxp B.V. | DATA PROCESSING CIRCUIT WITH MULTIPLEXED MEMORY |
| KR100641360B1 (en) * | 2004-11-08 | 2006-11-01 | 삼성전자주식회사 | Delay locked loop and semiconductor memory device comprising the same |
| KR20090068780A (en) * | 2007-12-24 | 2009-06-29 | 주식회사 동부하이텍 | Device and method for modeling to evaluate unit delay time of inverter |
| US9208109B2 (en) * | 2011-06-01 | 2015-12-08 | Altera Corporation | Memory controllers with dynamic port priority assignment capabilities |
| CN103366793B (en) * | 2012-03-28 | 2017-08-11 | 飞思卡尔半导体公司 | SECO in synchronous memories data transfer |
| WO2013164699A2 (en) * | 2012-05-01 | 2013-11-07 | Marvell World Trade Ltd. | Systems and methods for dqs gating |
| CN104320246A (en) * | 2014-09-22 | 2015-01-28 | 宁波大学 | Configurable multi-bit key output TVD-PUFs (Threshold Variation Delay-Physical Unclonable functions) circuit |
| CN107329982A (en) * | 2017-06-01 | 2017-11-07 | 华南理工大学 | A kind of big data parallel calculating method stored based on distributed column and system |
| CN108182213A (en) * | 2017-12-20 | 2018-06-19 | 福建新大陆软件工程有限公司 | A kind of data processing optimization device and method based on distributed system |
-
2018
- 2018-08-20 CN CN201810946037.1A patent/CN109189829B/en active Active
- 2018-08-20 CN CN201910517344.2A patent/CN110348253B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999377A (en) * | 2012-11-30 | 2013-03-27 | 北京东方通科技股份有限公司 | Service concurrent access control method and device |
| CN103095691A (en) * | 2012-12-31 | 2013-05-08 | 清华大学 | Method of controlling access to Internet of things nodes |
| CN105553940A (en) * | 2015-12-09 | 2016-05-04 | 北京中科云集科技有限公司 | Safety protection method based on big data processing platform |
| CN107222394A (en) * | 2017-06-16 | 2017-09-29 | 上海斐讯数据通信技术有限公司 | A kind of user access control method and system of social networks |
| CN107423155A (en) * | 2017-07-27 | 2017-12-01 | 杭州绿湾网络科技有限公司 | Back end fault detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110348253A (en) | 2019-10-18 |
| CN109189829A (en) | 2019-01-11 |
| CN110348253B (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108600000A (en) | A kind of failure prediction method, server and computer storage media | |
| CN107577771A (en) | A kind of big data digging system | |
| CN103870751A (en) | Method and system for intrusion detection | |
| CN107122221A (en) | Compiler for regular expression | |
| CN113347170B (en) | Intelligent analysis platform design method based on big data framework | |
| CN110046297B (en) | Operation and maintenance violation identification method and device and storage medium | |
| CN113189451A (en) | Power distribution network fault positioning studying and judging method, system, computer equipment and storage medium | |
| CN105471647B (en) | A kind of power communication network fault positioning method | |
| CN108710644A (en) | One kind is about government affairs big data processing method | |
| Eid et al. | Improved real-time discretize network intrusion detection system | |
| CN115174165A (en) | Self-adaptive security situation cognitive system based on block chain under cloud edge-side architecture | |
| KR102509374B1 (en) | IT Infrastructure Fault Learning and Analysis System Using Linguistic Analysis Techniques | |
| CN109189829B (en) | Information safety system and method based on big data | |
| CN110175070A (en) | Management method, device, system, medium and the electronic equipment of distributed data base | |
| CN114448659B (en) | Yellow river dam bank monitoring Internet of things access control optimization method based on attribute exploration | |
| CN116070193A (en) | Authority auditing method, system and storage medium for operation and maintenance personnel | |
| Manohar | Design of distributed database system based on improved DES algorithm | |
| CN115189966A (en) | Block chain private data encryption and decryption service system | |
| CN111737319B (en) | User cluster prediction method, device, computer equipment and storage medium | |
| CN108881411A (en) | A kind of method that CTDB cluster is grouped under extensive node | |
| CN115208604A (en) | Method, device and medium for detecting AMI network intrusion | |
| He et al. | A distributed network alarm correlation analysis mechanism for heterogeneous networks | |
| Li et al. | SIEGE: Self-Supervised Incremental Deep Graph Learning for Ethereum Phishing Scam Detection | |
| Pump et al. | State of the art in artificial immune-based intrusion detection systems for smart grids | |
| CN112231705A (en) | Information system reliability improving method based on primary and secondary division |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190704 Address after: 518000 Shenzhen Nanshan District, Shenzhen City, Guangdong Province, Guangdong Province, Guangdong Province, Guangdong Province, Guangdong Province, Guangdong Province, Shenzhen Bay Science and Technology Eco-Park, 7 buildings B, 10 floors, 05-07 Applicant after: Pacific Telecom Limited by Share Ltd Address before: 510000 Building A30, 68 Nanxiang Road, Huangpu District, Guangzhou City, Guangdong Province Applicant before: Guangzhou Zhi Hong science and Technology Co., Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |