CN109995703B - Data source security inspection method and edge server - Google Patents
Data source security inspection method and edge server Download PDFInfo
- Publication number
- CN109995703B CN109995703B CN201711479767.7A CN201711479767A CN109995703B CN 109995703 B CN109995703 B CN 109995703B CN 201711479767 A CN201711479767 A CN 201711479767A CN 109995703 B CN109995703 B CN 109995703B
- Authority
- CN
- China
- Prior art keywords
- data source
- edge server
- safety
- preset
- safety check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The embodiment of the invention provides a data source security check method and an edge server. The method comprises the following steps: if the preset safety check triggering condition is met, the first edge server performs safety check on the data sources to be distributed, and determines the safety check result of each data source; and the first edge server determines a data source passing the safety certification according to the safety check result and distributes the data source passing the safety certification to the terminal. According to the embodiment of the invention, under the condition that the preset safety check triggering condition is judged to be met, the safety check is carried out on the data source to be distributed on the edge server, so that not only is the basic data distribution function of the edge server ensured, but also the safety check function of the edge server is endowed, the safety of the data source is improved through the double safety check, the edge server only distributes the data source passing the safety certification, the influence of the polluted data source on the network is reduced, and the network quality is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of cloud computing, in particular to a data source security inspection method and an edge server.
Background
Cloud computing includes not only applications delivered to users in the form of services on the internet, but also hardware and software for providing these services in a data center, and the data center including these hardware and software is called a cloud. In the cloud, all resources, including frameworks, platforms and software, are delivered as services, which users can use in a "pay-per-use" mode. Therefore, the cloud computing has the advantages of cost saving, high availability ratio, high expansibility and the like. Fig. 1 is a schematic diagram of a prior art cloud computing architecture, and as shown in fig. 1, a cloud computing provider has a three-layer architecture for providing cloud computing services, including a source station server, a core server cluster and an edge server cluster. The source station server provides an information source, the core server cluster mainly provides work such as processing, safety inspection and distribution strategy of information, the edge server cluster specifically performs data distribution and sends the data to a user terminal purchasing cloud service.
Cloud computing has been rapidly developed in recent years, and it has become a trend of development of information industry to use a cloud platform to carry various large-scale services. In addition, with the progress of multimedia technology, a great number of new multimedia services are also emerging on the internet and are popularized among a large number of users. With the continuous expansion of network scale, the cloud computing architecture is more and more complex, the distance between a core server and an edge server is larger and larger, the hierarchy of an edge server cluster is also larger and larger, and the potential safety hazard brought by a large amount of real-time data streams in a multimedia cloud computing platform is more and more serious. In the prior art, the work of security check on information is completely finished by a core server, and once the work is finished, the subsequent edge server is only responsible for data distribution and is no longer responsible for the work related to the security check.
However, in the prior art, data is safe on the core server, but after a long transmission flow, the data may not be safe on the edge server, and since the edge server in the prior art is not responsible for data security check work, contaminated data in the edge server will affect the user terminal, and the contaminated user terminal will affect more data, which threatens the system security of the cloud platform.
Disclosure of Invention
Aiming at the defects in the prior art, the embodiment of the invention provides a data source security inspection method and an edge server.
In a first aspect, an embodiment of the present invention provides a data source security inspection method, including:
if the preset safety check triggering condition is met, the first edge server performs safety check on the data sources to be distributed, and determines the safety check result of each data source;
and the first edge server determines a data source passing the safety certification according to the safety check result and distributes the data source passing the safety certification to the terminal.
In a second aspect, an embodiment of the present invention provides an edge server, including:
the safety inspection module is used for carrying out safety inspection on the data sources to be distributed and determining the safety inspection result of each data source if the preset safety inspection triggering condition is judged and known to be met;
and the distribution module is used for determining the data source passing the security authentication according to the security check result and distributing the data source passing the security authentication to the terminal.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform a method comprising: if the preset safety check triggering condition is met, carrying out safety check on the data sources to be distributed, and determining the safety check result of each data source; and determining a data source passing the security authentication according to the security check result, and distributing the data source passing the security authentication to the terminal.
In a fourth aspect, an embodiment of the present invention provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following method: if the preset safety check triggering condition is met, carrying out safety check on the data sources to be distributed, and determining the safety check result of each data source; and determining a data source passing the security authentication according to the security check result, and distributing the data source passing the security authentication to the terminal.
According to the data source safety inspection method provided by the embodiment of the invention, under the condition that the preset safety inspection triggering condition is met, the safety inspection is carried out on the data source to be distributed on the edge server, so that not only is the basic data distribution function of the edge server ensured, but also the safety inspection function of the edge server is endowed, the safety of the data source is improved through double safety inspection, the edge server only distributes the data source passing the safety certification, the influence of a polluted data source on a network is reduced, and the network quality is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a prior art cloud computing architecture;
fig. 2 is a schematic flow chart of a data source security inspection method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a data source security inspection method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of an edge server according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 2 is a schematic flow chart of a data source security inspection method according to an embodiment of the present invention, and as shown in fig. 2, the method includes:
step S21, if the preset safety check triggering condition is judged and known to be met, the first edge server performs safety check on the data sources to be distributed, and determines the safety check result of each data source;
in the cloud platform, after security check is carried out on a data source by a core server, the data source is distributed to each edge server according to a distribution strategy, due to the rapid development of cloud computing, the distance between the core server and the edge server is increasingly large, and after a data source reaches the edge server through long transmission, security problems may exist, because the basic function of the edge server is to distribute data, the edge server first determines whether a preset security check triggering condition is met to ensure that the edge server can normally distribute data, under the condition of meeting the preset safety check triggering condition, the edge server carries out safety check on the received data source to be distributed, in order to distinguish different edge servers, an edge server performing security check is referred to as a first edge server, and other edge servers are referred to as second edge servers. There are many data security Inspection methods, such as Deep Packet Inspection (DPI), which performs Deep Inspection on different network application layer loads based on a data Packet and determines whether the Packet is secure by detecting a payload of the Packet. For example, deep inspection is performed on HTTP, DNS, or the like, and the inspection result is determined. The first edge server carries out security check on the data source to be distributed, and determines a security check result, wherein the security check result comprises passing security authentication which indicates that the data source is safe and existence of a security problem which indicates that the data source is unsafe.
And step S22, the first edge server determines the data source passing the security authentication according to the security check result, and distributes the data source passing the security authentication to the terminal.
Specifically, the first edge server performs security check on a data source to be distributed to determine the data source passing security authentication and the data source having security problems, and then the first edge server distributes the data source passing security authentication to the terminal and does not distribute the data source having security problems to the terminal any more, so that the contaminated data source does not affect the terminal and does not cause network threat.
According to the data source safety inspection method provided by the embodiment of the invention, under the condition that the preset safety inspection triggering condition is met, the safety inspection is carried out on the data source to be distributed on the edge server, so that not only is the basic data distribution function of the edge server ensured, but also the safety inspection function of the edge server is endowed, the safety of the data source is improved through double safety inspection, the edge server only distributes the data source passing the safety certification, the influence of a polluted data source on a network is reduced, and the network quality is improved.
On the basis of the foregoing embodiment, further, if it is determined that the preset security check triggering condition is satisfied, the performing, by the first edge server, security check on the data sources to be distributed, and determining a security check result of each data source includes:
the first edge server calculates the remaining computing capacity;
and if the residual computing capacity is judged and acquired to be larger than a preset computing capacity threshold value, determining that the first edge server meets a preset safety check triggering condition, and performing safety check on the data sources to be distributed by the first edge server to determine the safety check result of each data source.
Specifically, in the prior art, the first edge server is only used to distribute data, so that the resources of the first edge server are limited, in order to perform security check under limited resources, after the first edge server receives the data source to be distributed sent by the core server, the first edge server may first calculate its own remaining computing capacity, for example, the first edge server calculates a CPU idle rate or a hard disk space, and then determine whether the remaining computing capacity is greater than a preset computing capacity threshold, that is, whether the first edge server currently has enough resources to perform security check, if the remaining computing capacity is greater than the preset computing capacity threshold, it is determined that the first edge server satisfies a preset security check trigger condition, the first edge server may perform security check, specifically, the first edge server performs security check on the data source to be distributed, and determines the security check result of each data source, and distributing the data source passing the security authentication to the corresponding terminal. If the first edge server judges that the self residual computing capacity is smaller than the preset computing capacity threshold value, the first edge server does not meet the preset security check triggering condition, the first edge server does not perform security check on the data source, and only performs conventional data distribution work, so that the basic function of data distribution of the edge server can be ensured.
According to the data source safety inspection method provided by the embodiment of the invention, the edge server determines whether to participate in safety inspection according to respective computing capacity, so that the basic work of data distribution of the edge server can be well maintained. The edge server with the residual computing capacity larger than the threshold value carries out data source safety check, the data distribution work is not influenced while the safety check is carried out, the safety of the data source is improved through double safety check, the edge server only distributes the data source which passes through the safety certification, the influence of a polluted data source on the network is reduced, and the network quality is improved.
On the basis of the foregoing embodiments, further, if it is determined that a preset security check trigger condition is met, the performing, by the first edge server, security check on the data sources to be distributed, and determining a security check result of each data source includes:
the method comprises the steps that a first edge server obtains a distribution record of a data source to be distributed, and first distribution times of the data source in a preset period are determined according to the distribution record;
the first edge server determines the local popularity of the data source according to the first distribution times;
and if the local popularity is judged to be larger than a first preset popularity threshold value, determining that the data source corresponding to the local popularity meets a preset safety check triggering condition, and performing safety check on the data source by the first edge server to determine a safety check result of the data source.
Specifically, in the prior art, the first edge server is only used for distributing data, so that the resources of the first edge server are limited, in order to perform security check under the limited resources, after receiving the data sources to be distributed sent by the core server, the first edge server may obtain distribution records of the data sources to be distributed locally, determine the distribution times of each data source in a preset period according to the distribution records, and record the distribution times as the first distribution times, for example, the first edge server obtains the distribution times of each data source to be distributed within one month, and then determine the local popularity of each data source according to the first distribution times, for example, the local popularity of the data source with a larger distribution time is higher, so that the local popularity of each data source to be distributed can be determined. Taking video data as an example, a large amount of research on a cloud platform shows that video information including videos on demand, live broadcasts and videos in games very accord with the popularity characteristic, a large amount of spread can be formed in a short time, illicit molecules can pay attention to data streams with high popularity in a key way, malicious information is spread by utilizing the data with high popularity, in addition, the data popularity has the regional characteristic, great differences exist in different physical positions, and the popularity content, the popularity and the popular starting time are different. Thus, the high popularity data sources have a greater impact on the network, and after obtaining the local popularity of each data source, the first edge server judges whether the local popularity of each data source is larger than a first preset popularity threshold value or not, if so, determining that the data source corresponding to the local popularity meets a preset security check triggering condition, the first edge server may perform security check on the data source, specifically, the first edge server performs security check on the data source whose local popularity is greater than a first preset popularity threshold, other data sources do not meet the preset safety check triggering condition, the first edge server directly distributes the data sources, therefore, the security of the data source with high local popularity is ensured, and the condition that illegal molecules transmit malicious information by using the data source with high popularity is effectively avoided.
In practical application, the first edge server may also sort the local popularity of each data source to be distributed, perform security check on N data sources before the local popularity, and directly distribute the data sources to other data sources, where N is a positive integer greater than 1.
According to the data source safety inspection method provided by the embodiment of the invention, the edge server determines the local popularity of each data source according to the distribution record of the data source, performs safety inspection on the data source with higher local popularity, considers the physical region difference condition of the popularity, reduces the influence of the high-popularity data source on the regional network, can well maintain the basic work of data distribution of the edge server, improves the safety of the data source through double safety inspection, reduces the influence of the polluted data source on the network, and improves the network quality.
On the basis of the foregoing embodiments, further, the obtaining, by the first edge server, a distribution record of a data source to be distributed, and determining, according to the distribution record, a first distribution frequency of the data source in a preset period includes:
the method comprises the steps that a first edge server obtains a distribution record of a data source to be distributed, and first distribution times of the data source in a preset period are determined according to the distribution record;
the first edge server sends the first distribution times to a second edge server;
the first edge server receives a second distribution frequency of the data source sent by the second edge server;
correspondingly, the determining, by the first edge server, the local first popularity of the data source according to the distribution times includes:
the first edge server determines the area popularity of the data source according to the first distribution times and the second distribution times;
correspondingly, if it is determined that the area popularity is greater than a first preset popularity threshold, it is determined that the data source corresponding to the local popularity meets a preset security check triggering condition, and the first edge server performs security check on the data source to determine a security check result of the data source, including:
if the area popularity is judged and obtained to be larger than a second preset popularity threshold value, it is determined that a data source corresponding to the area popularity meets a preset safety check triggering condition, and the first edge server performs safety check on the data source to determine a safety check result of the data source.
Specifically, after determining a first distribution number of a data source to be distributed in a preset period, a first edge server sends the first distribution number to other edge servers, which are denoted as second edge servers, for example, the first edge server sends the first distribution number to other second edge servers under the same core server, or the first edge server sends the first distribution number to a source station server, and the source station server sends the first distribution number to each second edge server, in the same way, each second edge server sends a second distribution number of the data source on the second edge server to each first edge server, and then the first edge server determines the area popularity of the data source according to the first distribution number and the second distribution number of the data source, for example, the first edge server directly adds the first distribution number and each second distribution number, the regional popularity of the data source is determined. In practical application, the first edge server may further set different weights for the first distribution times and the different second distribution times, and determine the regional popularity of each data source after the first distribution times and the second distribution times of each data source are weighted and accumulated. And then, the first edge server judges whether the area popularity of each data source is greater than a second preset popularity threshold, if so, the data source corresponding to the area popularity is determined to meet a preset safety check triggering condition, the first edge server can perform safety detection on the data source, specifically, the edge server performs safety check on the data source greater than the second preset popularity threshold, and if the data source not greater than the second preset popularity threshold is determined not to meet the preset safety check triggering condition, the first edge server directly distributes the data source.
According to the data source safety inspection method provided by the embodiment of the invention, the edge server determines the regional popularity of each data source according to the distribution record of the data source, performs safety inspection on the data source with higher regional popularity, gives consideration to the global situation of the network, reduces the influence of high-popularity data sources on the network, can well maintain the basic work of data distribution of the edge server, improves the safety of the data source through double safety inspection, reduces the influence of polluted data sources on the network, and improves the network quality.
On the basis of the above embodiments, further, the method further includes:
the first edge server determines a data source with a safety problem according to the safety inspection result and generates alarm information of the data source with the safety problem;
and the first edge server sends the alarm information to a second edge server so that the second edge server can perform security check on the data source with the security problem according to the alarm information.
Specifically, the first edge server performs security check on the data source, distributes the data source passing the security authentication, generates alarm information for the data source with the security problem, the alarm information carries the data source information with the security problem, the first edge server does not distribute the data source with the security problem any more, and sends the alarm information to the second edge server and the source station server, and the second edge server performs security check on the data source carried by the alarm information after receiving the alarm information. For example, the second edge server directly performs security check on the data source carried by the alarm information; or the second edge server calculates the residual calculation capacity of the second edge server, and when the residual calculation capacity is larger than a preset calculation capacity threshold value, the second edge server performs security check on the data source carried by the alarm information; the second edge server can also calculate the regional popularity of the data source carried by the alarm information, and comprehensively considers according to the popularity and the residual computing capacity, and when the residual computing capacity and the regional popularity meet the preset conditions, the security check is carried out on the data source carried by the alarm information.
According to the data source safety inspection method provided by the embodiment of the invention, the edge server carries out safety inspection on the data source, broadcasts the data source with safety problem to other edge servers in the form of alarm information, gives consideration to the overall situation of the network, reduces the influence of high-popularity data sources on the network, can well maintain the basic work of data distribution of the edge servers, improves the safety of the data source through double safety inspection, reduces the influence of polluted data sources on the network, and improves the network quality.
On the basis of the foregoing embodiments, further, if it is determined that a preset security check trigger condition is met, the performing, by the first edge server, security check on the data sources to be distributed, and determining a security check result of each data source includes:
if the first edge server receives alarm information carrying a data source, the first edge server determines that the data source carried by the alarm information meets a preset safety check triggering condition, and the first edge server performs safety check on the data source to determine a safety check result of the data source.
Specifically, after receiving the alarm information, the first edge server parses the alarm information, determines a data source carried by the alarm information, and then the first edge server determines that the data source carried by the alarm information satisfies a preset security check triggering condition, and can perform security check on the data source, and then the first edge server checks the data source to confirm a security check result. If the security check result is that the security authentication is passed, the data source is distributed when the data source needs to be distributed, and if the security check result is that the security problem exists, the data source is not distributed to the terminal.
Fig. 3 is a schematic flow chart of a data source security inspection method according to another embodiment of the present invention, as shown in fig. 3, the method includes:
step S31, each edge server records the distribution record of the data source, and counts the distribution times of each data source in unit time;
step S32, each edge server periodically broadcasts the distributed times of each data source to other edge servers;
step S33, each edge server calculates the area popularity of each data source according to the number of times of distribution of the locally recorded data source and the number of times of distribution of the data source received from other edge servers. For example, the average of the number of times of distribution of the locally recorded data source and the number of times of distribution of the data source received from the other edge server is taken as the area popularity;
step S34, each local edge server calculates the residual calculation capacity of the local edge server in real time, judges whether the residual calculation capacity is larger than a preset calculation capacity threshold value or not, if so, executes step S35, otherwise, executes step S38;
step S35, determining that safety check can be executed on N data sources according to the residual computing capacity, wherein the N data sources refer to N data sources with regional popularity ranking;
step S36, when the data source with safety problem is checked, the edge server stops the distribution of the data source and reports the data source to the source station server and other edge servers in the form of alarm information;
and step S37, after receiving the alarm information, the other edge servers perform corresponding processing on the alarm information. For example: the security check is directly executed on the data source marked in the alarm information without considering any other factors; performing a security check only if the edge server has remaining computing power; comprehensively considering whether to execute security check according to the regional popularity of the data source and the residual capacity of the edge server;
and step S38, the edge server distributes the data source to the terminal.
According to the data source safety inspection method provided by the embodiment of the invention, the edge server carries out safety inspection on the data source carried in the received alarm information, the network global situation is considered, the influence of a high-popularity data source on the network is reduced, the basic work of data distribution of the edge server can be well maintained, the safety of the data source is improved through double safety inspection, the influence of a polluted data source on the network is reduced, and the network quality is improved.
Fig. 4 is a schematic structural diagram of an edge server according to an embodiment of the present invention, and as shown in fig. 4, the edge server includes: a security check module 41 and a distribution module 42, wherein:
the security inspection module 41 is configured to, if it is determined that a preset security inspection trigger condition is met, perform security inspection on the data sources to be distributed, and determine a security inspection result of each data source; the distribution module 42 is configured to determine a data source passing the security authentication according to the security check result, and distribute the data source passing the security authentication to the terminal.
Specifically, the security check module 41 determines whether a preset security check trigger condition is met to ensure that the edge server can perform normal data distribution work, performs security check on the received data source to be distributed under the condition that the preset security check trigger condition is met, for example, a depth detection technology, performs depth detection on different network application layer loads based on a data packet, and determines whether the packet is safe or not by detecting a payload of the packet. For example, the security check module 41 performs deep detection on HTTP, DNS, or the like, and determines a check result. The security check result includes that the data source is safe through security authentication, and that the data source is unsafe due to security problems. The distribution module 42 distributes the data source passing the security authentication to the terminal, and no data source having security problem is distributed to the terminal, so that the contaminated data source does not affect the terminal, and network threat is not caused, and the security of the data is ensured through double security check. The apparatus provided in the embodiment of the present invention is configured to implement the method, and its functions specifically refer to the method embodiment, which is not described herein again.
The edge server provided by the embodiment of the invention performs security check on the data source to be distributed under the condition of meeting the preset security check triggering condition, thereby not only ensuring the basic data distribution function of the edge server, but also endowing the edge server with the security check function, improving the security of the data source through double security check, only distributing the data source passing the security certification, reducing the influence of a polluted data source on a network, and improving the network quality.
On the basis of the above embodiment, further, the security check module includes:
determining a residual capacity unit for calculating residual computing capacity;
and the judging unit is used for determining that a preset safety check triggering condition is met if the residual computing capacity is judged and acquired to be larger than a preset computing capacity threshold value, performing safety check on the data sources to be distributed, and determining the safety check result of each data source.
Specifically, it is determined that the residual capacity unit calculates the residual computing capacity of the unit, for example, it is determined that the residual capacity unit calculates the CPU idle rate or the hard disk space, and then the determining unit determines whether the residual computing capacity is greater than a preset computing capacity threshold, and if the residual computing capacity is greater than the preset computing capacity threshold, it is determined that a preset security check triggering condition is satisfied, and security check may be performed, and specifically, security check is performed on the data sources to be distributed, a security check result of each data source is determined, and the data sources passing security authentication are distributed to the corresponding terminals. And if the judging unit judges that the self residual computing capacity is smaller than the preset computing capacity threshold value, the data source is not subjected to security check, and only the conventional data distribution work is executed. The apparatus provided in the embodiment of the present invention is configured to implement the method, and its functions specifically refer to the method embodiment, which is not described herein again.
The edge server provided by the embodiment of the invention determines whether to participate in security check according to respective computing capacity, and can well maintain the basic work of data distribution of the edge server. The edge server with the residual computing capacity larger than the threshold value carries out data source safety check, the data distribution work is not influenced while the safety check is carried out, the safety of the data source is improved through double safety check, the edge server only distributes the data source which passes through the safety certification, the influence of a polluted data source on the network is reduced, and the network quality is improved.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device includes: a processor (processor)51, a memory (memory)52, and a bus 53;
wherein, the processor 51 and the memory 52 complete the communication with each other through the bus 53;
the processor 51 is configured to call program instructions in the memory 52 to perform the methods provided by the above-mentioned method embodiments, including, for example: if the preset safety check triggering condition is met, carrying out safety check on the data sources to be distributed, and determining the safety check result of each data source; and determining a data source passing the security authentication according to the security check result, and distributing the data source passing the security authentication to the terminal.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: if the preset safety check triggering condition is met, carrying out safety check on the data sources to be distributed, and determining the safety check result of each data source; and determining a data source passing the security authentication according to the security check result, and distributing the data source passing the security authentication to the terminal.
Embodiments of the present invention provide a non-transitory computer-readable storage medium, which stores computer instructions, where the computer instructions cause the computer to perform the methods provided by the above method embodiments, for example, the methods include: if the preset safety check triggering condition is met, carrying out safety check on the data sources to be distributed, and determining the safety check result of each data source; and determining a data source passing the security authentication according to the security check result, and distributing the data source passing the security authentication to the terminal.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the devices and the like are merely illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention, and are not limited thereto; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A data source security check method is characterized by comprising the following steps:
if the preset safety check triggering condition is met, the first edge server performs safety check on the data sources to be distributed, and determines the safety check result of each data source;
the first edge server determines a data source passing the safety certification according to the safety check result, and distributes the data source passing the safety certification to the terminal;
if the preset safety check triggering condition is met, the first edge server performs safety check on the data sources to be distributed, and determines the safety check result of each data source, including:
the first edge server calculates the remaining computing capacity;
and if the residual computing capacity is judged and acquired to be larger than a preset computing capacity threshold value, determining that the first edge server meets a preset safety check triggering condition, and performing safety check on the data sources to be distributed by the first edge server to determine the safety check result of each data source.
2. The method according to claim 1, wherein if it is determined that a preset security check trigger condition is satisfied, the first edge server performs security check on the data sources to be distributed, and determines a security check result of each data source, including:
the method comprises the steps that a first edge server obtains a distribution record of a data source to be distributed, and first distribution times of the data source in a preset period are determined according to the distribution record;
the first edge server determines the local popularity of the data source according to the first distribution times;
and if the local popularity is judged to be larger than a first preset popularity threshold value, determining that the data source corresponding to the local popularity meets a preset safety check triggering condition, and performing safety check on the data source by the first edge server to determine a safety check result of the data source.
3. The method according to claim 2, wherein the first edge server obtains a distribution record of a data source to be distributed, and determines a first distribution number of the data source in a preset period according to the distribution record, including:
the method comprises the steps that a first edge server obtains a distribution record of a data source to be distributed, and first distribution times of the data source in a preset period are determined according to the distribution record;
the first edge server sends the first distribution times to a second edge server;
the first edge server receives a second distribution frequency of the data source sent by the second edge server;
correspondingly, the determining, by the first edge server, the local first popularity of the data source according to the distribution times includes:
the first edge server determines the area popularity of the data source according to the first distribution times and the second distribution times;
correspondingly, if it is determined that the area popularity is greater than a first preset popularity threshold, it is determined that the data source corresponding to the local popularity meets a preset security check triggering condition, and the first edge server performs security check on the data source to determine a security check result of the data source, including:
if the area popularity is judged and obtained to be larger than a second preset popularity threshold value, it is determined that a data source corresponding to the area popularity meets a preset safety check triggering condition, and the first edge server performs safety check on the data source to determine a safety check result of the data source.
4. The method according to any one of claims 1-3, further comprising:
the first edge server determines a data source with a safety problem according to the safety inspection result and generates alarm information of the data source with the safety problem;
and the first edge server sends the alarm information to a second edge server so that the second edge server can perform security check on the data source with the security problem according to the alarm information.
5. The method according to claim 1, wherein if it is determined that a preset security check trigger condition is satisfied, the first edge server performs security check on the data sources to be distributed, and determines a security check result of each data source, including:
if the first edge server receives alarm information carrying a data source, the first edge server determines that the data source carried by the alarm information meets a preset safety check triggering condition, and the first edge server performs safety check on the data source to determine a safety check result of the data source.
6. An edge server, comprising:
the safety inspection module is used for carrying out safety inspection on the data sources to be distributed and determining the safety inspection result of each data source if the preset safety inspection triggering condition is judged and known to be met;
the distribution module is used for determining a data source passing the safety certification according to the safety check result and distributing the data source passing the safety certification to the terminal;
the security check module comprises:
determining a residual capacity unit for calculating residual computing capacity;
and the judging unit is used for determining that a preset safety check triggering condition is met if the residual computing capacity is judged and acquired to be larger than a preset computing capacity threshold value, performing safety check on the data sources to be distributed, and determining the safety check result of each data source.
7. An electronic device, comprising:
the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 5.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711479767.7A CN109995703B (en) | 2017-12-29 | 2017-12-29 | Data source security inspection method and edge server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711479767.7A CN109995703B (en) | 2017-12-29 | 2017-12-29 | Data source security inspection method and edge server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109995703A CN109995703A (en) | 2019-07-09 |
| CN109995703B true CN109995703B (en) | 2021-08-13 |
Family
ID=67109711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711479767.7A Active CN109995703B (en) | 2017-12-29 | 2017-12-29 | Data source security inspection method and edge server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109995703B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112104704A (en) * | 2020-08-21 | 2020-12-18 | 深圳大学 | Edge calculation method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102597980A (en) * | 2009-09-10 | 2012-07-18 | 第三雷沃通讯有限责任公司 | Cache server with extensible programming framework |
| CN103368963A (en) * | 2013-07-15 | 2013-10-23 | 网宿科技股份有限公司 | HTTP message tamper-proofing method in content distribution network |
| CN103986976A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | Content delivery network (CDN)-based transmission system and method |
| CN104106073A (en) * | 2011-12-21 | 2014-10-15 | 阿卡麦科技公司 | Security policy editor |
| US9392075B1 (en) * | 2015-07-23 | 2016-07-12 | Haproxy Holdings, Inc. | URLs with IP-generated codes for link security in content networks |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7805499B2 (en) * | 2005-08-22 | 2010-09-28 | Bea Systems, Inc. | RFID edge server with security WSRM |
| CN105704708A (en) * | 2014-11-25 | 2016-06-22 | 中兴通讯股份有限公司 | Mobile network content distribution method, device and system |
| CN107317722B (en) * | 2017-05-27 | 2020-01-31 | 北京奇艺世纪科技有限公司 | data source extensible system and method |
-
2017
- 2017-12-29 CN CN201711479767.7A patent/CN109995703B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102597980A (en) * | 2009-09-10 | 2012-07-18 | 第三雷沃通讯有限责任公司 | Cache server with extensible programming framework |
| CN104106073A (en) * | 2011-12-21 | 2014-10-15 | 阿卡麦科技公司 | Security policy editor |
| CN103368963A (en) * | 2013-07-15 | 2013-10-23 | 网宿科技股份有限公司 | HTTP message tamper-proofing method in content distribution network |
| CN103986976A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | Content delivery network (CDN)-based transmission system and method |
| US9392075B1 (en) * | 2015-07-23 | 2016-07-12 | Haproxy Holdings, Inc. | URLs with IP-generated codes for link security in content networks |
Non-Patent Citations (1)
| Title |
|---|
| "内容分发网络抗DDoS攻击性能研究";熊宇;《中国优秀硕士学位论文全文数据库-信息科技辑》;20130315;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109995703A (en) | 2019-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| US11848999B2 (en) | Location aware authorization system | |
| CN107040494B (en) | User account abnormity prevention method and system | |
| CN104079557A (en) | CC attack protection method and device | |
| CN108833450B (en) | Method and device for preventing server from being attacked | |
| CN105915494A (en) | Anti-stealing-link method and system | |
| CN105847277A (en) | Service account share management method and system used for third party application | |
| CN111711655A (en) | Block chain-based electronic data evidence storing method, system, storage medium and terminal | |
| CN106210153A (en) | The method for pushing of a kind of resource information, system and electronic equipment thereof | |
| CN110365712A (en) | A kind of defence method and system of distributed denial of service attack | |
| CN107682316B (en) | Method for generating dynamic password sending strategy and method for sending dynamic password | |
| CN109995703B (en) | Data source security inspection method and edge server | |
| CN109474623B (en) | Network security protection and parameter determination method, device, equipment and medium thereof | |
| CN111988644B (en) | Anti-stealing-link method, device, equipment and storage medium for network video | |
| CN108055356A (en) | A kind of information processing method, server, client and readable storage medium storing program for executing | |
| CN103607419A (en) | High-quality user account anti-sharing method and system | |
| CN113873278B (en) | Broadcast content auditing method and device and electronic equipment | |
| CN108809909B (en) | Data processing method and data processing device | |
| Sagar et al. | A study of distributed denial of service attack in cloud computing (DDoS) | |
| CN112190950B (en) | Method and device for detecting abnormal player account | |
| Mariconti et al. | Why allowing profile name reuse is a bad idea | |
| CN111163055B (en) | Weak authentication method and device for non-ground network access | |
| CN109743304B (en) | Cloud computing-oriented network security early warning method and system | |
| CN111294311A (en) | Flow charging method and system for preventing flow fraud | |
| CN112311748A (en) | Data sharing authority management method and device, client and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |