CN111641613B

CN111641613B - Data processing method based on block chain and big data and artificial intelligence information platform

Info

Publication number: CN111641613B
Application number: CN202010432287.0A
Authority: CN
Inventors: 郝鹏
Original assignee: China Railway Cloud Information Technology Co ltd
Current assignee: China Railway Cloud Information Technology Co ltd
Priority date: 2020-05-20
Filing date: 2020-05-20
Publication date: 2021-05-07
Anticipated expiration: 2040-05-20
Also published as: CN111641613A

Abstract

The embodiment of the disclosure provides a data processing method and an artificial intelligence information platform based on a block chain and big data, the edge calculation communication behaviors are detected one by one through at least two communication safety protection models, the detection results are analyzed one by matching with a preset communication behavior feature extraction strategy, and finally a first feature extraction result of each edge calculation communication behavior under each communication safety protection model is obtained, thereby effectively avoiding the situation that the edge computing communication behavior feature extracts the ambiguity caused by a single communication safety protection model, and moreover, by adopting a mechanism similar to recommendation of various communication safety protection models, the credibility of the edge computing communication behavior feature extraction result is reevaluated, so that the subsequent sample edge computing communication behavior data based on different service protection grades is facilitated, and the individual analysis is carried out on the actual edge computing communication behavior data with different requirements.

Description

Data processing method based on block chain and big data and artificial intelligence information platform

Technical Field

The disclosure relates to the technical field of block chains and big data, in particular to a data processing method and an artificial intelligence information platform based on the block chains and the big data.

Background

The edge computing reduces the hosting of the application program centralized in the data center to the edge of the network, is closer to consumers and data sources, has the characteristics of ultra-low time delay, ultra-high bandwidth and the like, and is an item carrier platform combining information technology and communication technology services.

In the traditional scheme, in the process of monitoring and processing the edge computing communication behavior between the network communication equipment and the edge computing platform, a single communication security protection model is usually adopted, so that the situation that the edge computing communication behavior features are ambiguous is caused, the subsequent sample edge computing communication behavior data based on different service protection grades is not facilitated, the actual edge computing communication behavior data with different requirements are subjected to personalized analysis, various service security risks possibly existing in the edge computing process cannot be effectively analyzed, and the data security is influenced.

Disclosure of Invention

In order to overcome at least the above disadvantages in the prior art, an object of the present disclosure is to provide a data processing method and an artificial intelligence information platform based on a block chain and big data, which can effectively avoid the situation that an edge computing communication behavior feature extracts ambiguity due to a single communication security protection model, and facilitate subsequent sample edge computing communication behavior data based on different service protection levels, and perform personalized analysis on actual edge computing communication behavior data of different requirements, thereby facilitating effective analysis of various service security risks possibly existing in an edge computing process and affecting data security.

In a first aspect, the present disclosure provides a data processing method based on a blockchain and big data, which is applied to an artificial intelligence information platform communicatively connected to a network communication device, and the method includes:

detecting a preset number of edge computing communication behaviors between the network communication equipment and the artificial intelligence information platform through at least two communication safety protection models in a pre-configured communication safety protection control respectively;

according to the detection result of each edge computing communication behavior of each communication safety protection model, determining first feature extraction information of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior;

according to the first feature extraction information of each edge computing communication behavior, determining the feature extraction information of each edge computing communication behavior as second feature extraction information of a preset service protection level;

analyzing the communication behavior data of the edge computing communication behavior according to second feature extraction information of a preset service protection level to obtain a communication protection result of the network communication equipment;

analyzing the communication protection result of the network communication equipment according to the historical communication protection big data of the network communication equipment and the artificial intelligence model configured in the artificial intelligence information platform, and determining a protection label of the communication protection result of the network communication equipment, wherein the protection label of the communication protection result of the network communication equipment comprises a service safety risk node existing in the edge calculation process.

In a possible implementation manner of the first aspect, the determining first feature extraction information of each edge computing communication behavior under each communication security protection model includes any one of:

determining the first feature extraction information as a non-attack behavior feature vector;

determining the first feature extraction information as an attack behavior feature vector;

determining the first feature extraction information as a fusion attack behavior feature vector;

the non-attack behavior feature vector is an edge computing communication behavior which comprises at least one continuous feature vector segment and meets a preset condition;

the attack behavior feature vector is an edge calculation communication behavior which does not comprise continuous feature vector segments;

the fusion attack behavior feature vector is an edge calculation communication behavior which comprises at least one continuous feature vector segment and does not meet a preset condition;

the continuous feature vector is segmented into edge computing communication behavior segments comprising a plurality of continuous target edge computing communication behavior nodes, and the target edge computing communication behavior nodes comprise edge computing communication behavior nodes corresponding to the communication safety protection targets indicated by the communication safety protection control.

In a possible implementation manner of the first aspect, the determining, according to the respective first feature extraction information of each edge computing communication behavior, the feature extraction information of each edge computing communication behavior as the second feature extraction information of the predetermined service protection level includes any one of:

when the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a first service protection level, a second service protection level or a third service protection level according to the first feature extraction information of one edge computing communication behavior;

when the first feature extraction information of one edge computing communication behavior is different, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a second service protection level according to the first feature extraction information of one edge computing communication behavior;

when the first feature extraction information of one edge computing communication behavior is different, determining the protection screening degree of each communication safety protection model, based on the protection screening degree of each communication safety protection model, according to the first feature extraction information of one edge computing communication behavior, and determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a third service protection level or a fourth service protection level;

the first service protection level is higher than the second service protection level, the second service protection level is higher than the third service protection level, and the third service protection level is higher than the fourth service protection level.

In a possible implementation manner of the first aspect, the second feature extraction information includes a non-aggressive behavior feature vector or an aggressive behavior feature vector;

when the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of one edge computing communication behavior as the second feature extraction information of the first service protection level, the second service protection level or the third service protection level according to the first feature extraction information of one edge computing communication behavior, wherein the second feature extraction information comprises any one of the following items:

if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is the same, determining the characteristic extraction information of the edge computing communication behavior as a non-attack behavior characteristic vector of a first service protection level;

if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is different, determining the characteristic extraction information of the edge computing communication behavior as a non-attack behavior characteristic vector of a second service protection level;

when all the first feature extraction information of one edge computing communication behavior is attack behavior feature vectors, determining the feature extraction information of the edge computing communication behavior as the attack behavior feature vectors of a first service protection level;

and when all the first feature extraction information of one edge computing communication behavior is the fusion attack behavior feature vector, determining that the feature extraction information of the edge computing communication behavior is the attack behavior feature vector of the third service protection level.

when the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, based on the protection screening degree of each communication security protection model, according to each piece of first feature extraction information of one edge computing communication behavior, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a third service protection level, wherein the second feature extraction information comprises any one of the following:

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a fusion attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the non-attack behavior feature vector of a third service protection level;

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a fusion attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as an attack behavior feature vector of a third service protection level.

when the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, determining the feature extraction information of one edge computing communication behavior as the second feature extraction information of a fourth service protection level according to the first feature extraction information of one edge computing communication behavior based on the protection screening degree of each communication security protection model, wherein the second feature extraction information comprises any one of the following:

when the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as a non-attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the one edge as an attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the one edge calculation communication behavior is determined as the non-attack behavior feature vector of a fourth service protection level;

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is an attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as an attack behavior feature vector of a fourth service protection level;

when the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as an attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the one edge as a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the one edge calculation communication behavior is determined as the attack behavior feature vector of a fourth service protection level;

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is an attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the non-attack behavior feature vector of a fourth service protection level.

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a fusion attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as an attack behavior feature vector of a third service protection level;

the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as a fusion attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the edge as a non-attack behavior feature vector, the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, and the feature extraction information of the edge calculation communication behavior is determined as the non-attack behavior feature vector of a third service protection level.

In a possible implementation manner of the first aspect, the second feature extraction information includes an attack behavior feature vector;

when the number of the communication security protection models is two and two pieces of first feature extraction information of one edge computing communication behavior are different, determining the feature extraction information of the edge computing communication behavior as second feature extraction information of a second service protection level according to each piece of first feature extraction information of the edge computing communication behavior, wherein the second feature extraction information comprises any one of the following items:

when the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as an attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the edge as a fusion attack behavior feature vector, and the feature extraction information of the edge calculation communication behavior is determined as the attack behavior feature vector of a second service protection level;

when the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as a fusion attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the edge as an attack behavior feature vector, and the feature extraction information of the edge calculation communication behavior is determined as the attack behavior feature vector of the second service protection level.

In a second aspect, the present disclosure provides a data processing apparatus based on a blockchain and big data, which is applied to an artificial intelligence information platform communicatively connected to a network communication device, and the apparatus includes:

the detection module is used for respectively detecting a preset number of edge computing communication behaviors between the network communication equipment and the artificial intelligence information platform through at least two communication safety protection models in a pre-configured communication safety protection control, wherein the communication safety protection control is obtained through edge computing communication authority behaviors and edge computing communication service boundary information configuration of the network communication equipment when registering edge computing service, which are obtained from a pre-configured block chain;

the first determining module is used for determining first feature extraction information of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior according to the detection result of each communication safety protection model on each edge computing communication behavior;

the second determining module is used for determining the feature extraction information of each edge computing communication behavior as second feature extraction information of a preset service protection level according to each first feature extraction information of each edge computing communication behavior;

the first analysis module is used for analyzing the communication behavior data of the edge computing communication behavior according to second feature extraction information of a preset service protection level to obtain a communication protection result of the network communication equipment;

and the second analysis module is used for analyzing the communication protection result of the network communication equipment according to the historical communication protection big data of the network communication equipment and the artificial intelligence model configured in the artificial intelligence information platform, and determining a protection label of the communication protection result of the network communication equipment, wherein the protection label of the communication protection result of the network communication equipment comprises a service safety risk node existing in the edge calculation process.

In a third aspect, the present disclosure provides a data processing system based on a blockchain and big data, where the data processing system based on the blockchain and the big data includes an artificial intelligence information platform and a network communication device communicatively connected to the artificial intelligence information platform;

the artificial intelligence information platform is used for respectively detecting a preset number of edge computing communication behaviors between the network communication equipment and the artificial intelligence information platform through at least two communication safety protection models in a pre-configured communication safety protection control, wherein the communication safety protection control is obtained through edge computing communication permission behaviors and edge computing communication service boundary information configuration of the network communication equipment when registering edge computing service, which are obtained from a pre-configured block chain;

the artificial intelligence information platform is used for determining first feature extraction information of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior according to the detection result of each communication safety protection model on each edge computing communication behavior;

the artificial intelligence information platform is used for determining the feature extraction information of each edge computing communication behavior as second feature extraction information of a preset service protection level according to each first feature extraction information of each edge computing communication behavior;

the artificial intelligence information platform is used for extracting information according to a second characteristic of a preset service protection level to analyze the communication behavior data of the edge computing communication behavior to obtain a communication protection result of the network communication equipment;

the artificial intelligence information platform is used for analyzing the communication protection result of the network communication equipment according to the historical communication protection big data of the network communication equipment and an artificial intelligence model configured in the artificial intelligence information platform, and determining a protection label of the communication protection result of the network communication equipment, wherein the protection label of the communication protection result of the network communication equipment comprises a business safety risk node existing in the edge calculation process.

In a fourth aspect, an embodiment of the present disclosure further provides an artificial intelligence information platform, where the artificial intelligence information platform includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is configured to be communicatively connected to at least one network communication device, the machine-readable storage medium is configured to store a program, an instruction, or a code, and the processor is configured to execute the program, the instruction, or the code in the machine-readable storage medium to perform a data processing method based on a blockchain and big data in any one of the possible designs of the first aspect or the first aspect.

In a fifth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, where instructions are stored, and when executed, cause a computer to perform a data processing method based on a blockchain and big data in the first aspect or any one of the possible designs of the first aspect.

Based on any one of the aspects, the method comprises the steps of detecting edge computing communication behaviors one by one through at least two communication security protection models, analyzing results of detection one by matching with a feature extraction strategy of a preset communication behavior, and finally obtaining a first feature extraction result of each edge computing communication behavior under each communication security protection model, so that the condition that the feature extraction of the edge computing communication behaviors is ambiguous due to a single communication security protection model is effectively avoided, and the reliability of the feature extraction of the edge computing communication behaviors is greatly improved; by creatively introducing the concept of the service protection grade, according to the first feature extraction result of each edge computing communication behavior under each communication safety protection model, re-determining the final feature extraction result of each edge computing communication behavior as the second feature extraction result of the preset service protection grade, the reliability of the edge computing communication behavior feature extraction result is reevaluated by adopting a mechanism similar to recommendation of various communication safety protection models, so that the edge computing communication behavior feature extraction result with high reliability and the edge computing communication behavior feature extraction result with two half-module edges can be effectively distinguished, and moreover, the method can provide sample edge calculation communication behavior data of various service protection grades, is beneficial to subsequently calculating the communication behavior data based on the sample edges of different service protection grades, and carries out personalized analysis on the actual edge calculation communication behavior data of different requirements.

Drawings

To more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings may be obtained from the drawings without inventive effort.

Fig. 1 is a schematic view of an application scenario of a data processing system based on a blockchain and big data according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart of a data processing method based on a blockchain and big data according to an embodiment of the present disclosure;

fig. 3 is a schematic functional block diagram of a data processing apparatus based on a block chain and big data according to an embodiment of the present disclosure;

fig. 4 is a schematic block diagram of a structure of an artificial intelligence information platform for implementing the above-described data processing method based on a blockchain and big data according to an embodiment of the present disclosure.

Detailed Description

The present disclosure is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the device embodiments or the system embodiments.

FIG. 1 is an interaction diagram of a data processing system 10 based on blockchains and big data according to an embodiment of the present disclosure. The blockchain and big data based data processing system 10 may include an artificial intelligence information platform 100 and a network communication device 200 communicatively coupled to the artificial intelligence information platform 100. The blockchain and big data based data processing system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the blockchain and big data based data processing system 10 may also include only a portion of the components shown in fig. 1 or may also include other components.

In this embodiment, the network communication device 200 is used to provide network communication services for a user terminal, and the user terminal may include a mobile device, a tablet computer, a laptop computer, and the like, or any combination thereof. In some embodiments, the mobile device may include a smart home device, a wearable device, a smart mobile device, a virtual reality device, an augmented reality device, or the like, or any combination thereof. In some embodiments, the smart home devices may include control devices of smart electrical devices, smart monitoring devices, smart televisions, smart cameras, and the like, or any combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart lace, smart glass, a smart helmet, a smart watch, a smart garment, a smart backpack, a smart accessory, or the like, or any combination thereof. In some embodiments, the smart mobile device may include a smartphone, a personal digital assistant, a gaming device, and the like, or any combination thereof. In some embodiments, the virtual reality device and/or the augmented reality device may include a virtual reality helmet, virtual reality glass, a virtual reality patch, an augmented reality helmet, augmented reality glass, an augmented reality patch, or the like, or any combination thereof. For example, the virtual reality device and/or augmented reality device may include various virtual reality products and the like.

In this embodiment, the artificial intelligence information platform 100 and the network communication device 200 in the data processing system 10 based on the blockchain and the big data can cooperatively perform the data processing method based on the blockchain and the big data described in the following method embodiment, and for the specific steps of the artificial intelligence information platform 100 and the network communication device 200, reference may be made to the following detailed description of the method embodiment.

In order to solve the technical problem in the foregoing background art, fig. 2 is a schematic flowchart of a data processing method based on a block chain and big data according to an embodiment of the present disclosure, where the data processing method based on a block chain and big data according to this embodiment may be executed by the artificial intelligence information platform 100 shown in fig. 1, and the data processing method based on a block chain and big data is described in detail below.

Step S110, detecting a preset number of edge computing communication behaviors between the network communication device 200 and the artificial intelligence information platform 100 through at least two communication security protection models in the preconfigured communication security protection control.

Step S120, according to the detection result of each edge computing communication behavior of each communication safety protection model, determining first feature extraction information of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior.

Step S130, according to the first feature extraction information of each edge computing communication behavior, determining the feature extraction information of each edge computing communication behavior as second feature extraction information of a preset service protection level.

Step S140, analyzing the communication behavior data of the edge computing communication behavior according to the second feature extraction information of the predetermined service protection level, to obtain the communication protection result of the network communication device 200.

Step S150, analyzing the communication protection result of the network communication device 200 according to the historical communication protection big data of the network communication device 200 and the artificial intelligence model configured in the artificial intelligence information platform 100, and determining a protection tag of the communication protection result of the network communication device 200, where the protection tag of the communication protection result of the network communication device 200 includes a service security risk node existing in the edge calculation process.

In this embodiment, the communication security protection control may be configured by the edge computing communication permission behavior and the edge computing communication service boundary information, which are obtained from the preconfigured blockchain when the network communication device 200 registers the edge computing service. The edge computing communication permission behavior may refer to permission behavior (e.g., access permission behavior of XX data, etc.) configured when network communication is performed in the edge computing process. The edge calculation communication service boundary information may refer to a communication service boundary when network communication is performed in an edge calculation process, and the communication service boundary may be used to separate different communication services.

In the embodiment, the edge computing communication behaviors are detected one by one through at least two communication security protection models, and then the result of detection one by one is analyzed by matching with the feature extraction strategy of the preset communication behavior, so that the first feature extraction result of each edge computing communication behavior under each communication security protection model is finally obtained, thereby effectively avoiding the situation that the feature extraction of the edge computing communication behavior is ambiguous caused by a single communication security protection model, and greatly improving the reliability of the feature extraction of the edge computing communication behavior; by creatively introducing the concept of the service protection grade, according to the first feature extraction result of each edge computing communication behavior under each communication safety protection model, re-determining the final feature extraction result of each edge computing communication behavior as the second feature extraction result of the preset service protection grade, the reliability of the edge computing communication behavior feature extraction result is reevaluated by adopting a mechanism similar to recommendation of various communication safety protection models, so that the edge computing communication behavior feature extraction result with high reliability and the edge computing communication behavior feature extraction result with two half-module edges can be effectively distinguished, and moreover, the method can provide sample edge calculation communication behavior data of various service protection grades, is beneficial to subsequently calculating the communication behavior data based on the sample edges of different service protection grades, and carries out personalized analysis on the actual edge calculation communication behavior data of different requirements.

In a possible embodiment, for step S110, in order to specifically and effectively analyze various business security risks that may exist in the edge calculation process, thereby facilitating improvement of data security, the following exemplary sub-steps may be implemented.

And a substep S111, obtaining an edge computing communication authority behavior and edge computing communication service boundary information of the network communication device 200 when registering edge computing service from a pre-configured block chain, generating a communication channel to be protected according to the edge computing communication service boundary information, and determining a current edge computing communication limitation range according to the edge computing communication authority behavior.

And step S112, carrying out threat situation processing on the unregistered communication access information contained in the communication channel to be protected to obtain threat situation information of the communication service object.

Step S113, determining a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, and performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information included in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter, so as to generate a communication security protection control for the industrial edge computing communication authority behavior of the network communication device 200.

Step S114, processing an edge computing communication behavior between the network communication device 200 and the edge computing platform based on the communication security protection control.

In this embodiment, the communication service object may be a communication access object of a communication service node that includes a preset feature vector identifier in the unregistered communication access information. The preset feature vector identifier may be used to calibrate a communication service node where a set monitoring communication service exists.

In a possible implementation manner, for step S111, in the process of generating the to-be-protected communication channel according to the edge calculation communication traffic boundary information, the following exemplary sub-steps may be implemented, and are described in detail below.

In sub-step S1111, the multiple target communication service boundaries corresponding to the network communication device 200, and the service types and service separation nodes of the multiple target communication service boundaries corresponding to the network communication device 200 are obtained from the edge calculation communication service boundary information.

Substep S1112 determines a corresponding protection communication channel region according to the location information of the service separation node corresponding to the network communication device 200 at the target communication service boundary.

And a substep S1113, selecting the corresponding protection communication channel from the protection communication channel region as the communication channel to be protected according to the service type corresponding to the service separation node.

In one possible implementation manner, regarding step S111, in the process of determining the current edge computing communication limit range according to the edge computing communication authority behavior, the following exemplary sub-steps may be implemented, and the following detailed description is provided.

And a substep S1114, performing at least one behavior prediction on the edge computing communication authority behavior, extracting a first behavior prediction feature vector from the behavior prediction information obtained by the behavior prediction, and obtaining a communication restriction node of at least one edge computing communication restriction object according to the extracted first behavior prediction feature vector.

And a substep S1115, performing at least one behavior prediction on unregistered communication access information contained in the communication channel to be protected, extracting a second behavior prediction characteristic vector in the behavior prediction information obtained by the behavior prediction, and obtaining at least one associated communication restriction node of the edge computing communication restriction object according to the extracted second behavior prediction characteristic vector.

In the sub-step S1116, the source information of the destination communication restriction node in the communication restriction node of each edge calculation communication restriction object in the at least one edge calculation communication restriction object is obtained, and the source communication restriction information of the source information of each communication restriction node in the associated communication restriction node of the edge calculation communication restriction object and the source communication restriction information of the source information of the destination communication restriction node are determined.

And a substep S1117 of determining the association degree of the source communication restriction information of the source information of each communication restriction node and the source communication restriction information of the source information of the destination communication restriction node, sorting the association degrees corresponding to the source information of each communication restriction node, and selecting similar source information of the communication restriction node from the source information of each communication restriction node according to the sorting result.

And a substep S1118, performing fusion processing on the source information of at least one similar communication restriction node to obtain source information of a fusion communication restriction node, performing fusion processing on the communication restriction node of the edge calculation communication restriction object and the associated communication restriction node of the first edge calculation communication restriction object, and obtaining a restriction range matrix according to a fusion processing result. The limitation range matrix comprises limitation ranges corresponding to the communication limitation nodes.

And a substep S1119 of determining, from the limitation range matrix, limitation range information corresponding to the communication limitation node in the source information of the target communication limitation node, performing vector calculation on the source communication limitation information corresponding to the source information of the fusion communication limitation node and the limitation range feature vector corresponding to the limitation range information, and taking the result of the vector calculation as the communication limitation feature of the key communication limitation node of the source information of the target communication limitation node.

And a substep S11191 of determining a communication limit range to be calculated for the current edge based on the limit range identified by the communication limit characteristic of the key communication limit node.

In a possible implementation manner, for step S120, in the process of determining the first feature extraction information of each edge computing communication behavior under each communication security protection model, any one of the following items may be included:

and determining the first feature extraction information as a non-attack behavior feature vector.

And determining the first feature extraction information as an attack behavior feature vector.

And determining the first feature extraction information as a fusion attack behavior feature vector.

The non-attack behavior feature vector is an edge-computed communication behavior that may include at least one continuous feature vector segment, and the at least one continuous feature vector segment satisfies a predetermined condition.

The attack behavior feature vector computes the communication behavior for edges that may not include consecutive feature vector segments.

The fusion attack behavior feature vector is an edge computing communication behavior that may include at least one continuous feature vector segment that does not satisfy a predetermined condition.

The continuous feature vector is segmented into edge computing communication behavior segments which can comprise a plurality of continuous target edge computing communication behavior nodes, and the target edge computing communication behavior nodes are edge computing communication behavior nodes corresponding to communication safety protection targets which can comprise communication safety protection controls.

In a possible implementation manner, for step S130, determining the feature extraction information of each edge-computed communication behavior as the second feature extraction information of the predetermined service protection level according to the respective first feature extraction information of each edge-computed communication behavior may include any one of the following:

and when the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a first service protection level, a second service protection level or a third service protection level according to the first feature extraction information of one edge computing communication behavior.

And when the first feature extraction information of one edge computing communication behavior is different, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a second service protection level according to the first feature extraction information of one edge computing communication behavior.

And when the first feature extraction information of one edge computing communication behavior is different, determining the protection screening degree of each communication safety protection model, based on the protection screening degree of each communication safety protection model, according to the first feature extraction information of one edge computing communication behavior, and determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a third service protection level or a fourth service protection level.

In one possible implementation, for step S130, the second feature extraction information may include a non-attack behavior feature vector or an attack behavior feature vector.

When the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of one edge computing communication behavior as the second feature extraction information of the first service protection level, the second service protection level, or the third service protection level according to the first feature extraction information of one edge computing communication behavior, which may include any one of the following:

and if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is the same, determining the characteristic extraction information of the edge computing communication behavior as the non-attack behavior characteristic vector of the first service protection level.

And if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is determined to be different, determining the characteristic extraction information of the edge computing communication behavior as the non-attack behavior characteristic vector of the second service protection level.

When all the first feature extraction information of one edge computing communication behavior is the attack behavior feature vector, determining that the feature extraction information of the edge computing communication behavior is the attack behavior feature vector of the first service protection level.

When the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, based on the protection screening degree of each communication security protection model, according to each piece of first feature extraction information of one edge computing communication behavior, determining the feature extraction information of one edge computing communication behavior as the second feature extraction information of the third service protection level, which may include any one of the following:

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a fusion attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the non-attack behavior feature vector of a third service protection level.

When the number of the communication security protection models is two and the two first feature extraction information of one edge computing communication behavior are different, based on the protection screening degree of each communication security protection model, according to each first feature extraction information of one edge computing communication behavior, determining the feature extraction information of one edge computing communication behavior as the second feature extraction information of the fourth service protection level, which may include any one of the following:

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is an attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the non-attack behavior feature vector of a fourth service protection level.

When the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is an attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the attack behavior feature vector of the fourth service protection level.

When the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is an attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as the attack behavior feature vector of the fourth service protection level.

when the first feature extraction information of the first communication security protection model aiming at one edge calculation communication behavior is a fusion attack behavior feature vector, the first feature extraction information of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, the feature extraction information of the edge calculation communication behavior is determined as an attack behavior feature vector of a third service protection level.

In one possible implementation, for step S130, the second feature extraction information may include an attack behavior feature vector.

When the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, determining the feature extraction information of one edge computing communication behavior as second feature extraction information of a second service protection level according to each piece of first feature extraction information of one edge computing communication behavior, which may include any one of the following:

when the first communication security protection model calculates the first feature extraction information of the communication behavior aiming at one edge as an attack behavior feature vector, the second communication security protection model calculates the first feature extraction information of the communication behavior aiming at the edge as a fusion attack behavior feature vector, and the feature extraction information of the edge calculation communication behavior is determined as the attack behavior feature vector of the second service protection level.

In a possible implementation manner, for step S140, in the process of analyzing the communication behavior data of the edge-computed communication behavior according to the second feature extraction information of the predetermined service protection level to obtain the communication protection result of the network communication device 200, specifically, a communication behavior data segment matching each feature extraction vector in the communication behavior data of the edge-computed communication behavior may be analyzed according to each feature extraction vector in the second feature extraction information of the predetermined service protection level to obtain the communication protection result of the network communication device 200, and the communication protection result may specifically include the communication protection result of the communication behavior data segment matching each feature extraction vector when performing communication protection based on the feature extraction vector.

Analyzing the communication protection result of the network communication device 200 according to the historical communication protection big data of the network communication device 200 and the artificial intelligence model configured in the artificial intelligence information platform 100, and determining a protection tag of the communication protection result of the network communication device 200, wherein the protection tag of the communication protection result of the network communication device 200 includes a business safety risk node existing in the edge calculation process.

In a possible implementation manner, the step S150 can be specifically realized by the following sub-steps, which are described in detail below.

In the substep S151, communication protection dynamic data of the communication protection process information of the communication protection result of the network communication device 200 is obtained, and target protection instantiation information of a protection object including historical communication protection big data of the network communication device 200 is determined from an initial communication protection dynamic node of a communication protection dynamic node set corresponding to the communication protection dynamic data.

And a substep S152, obtaining at least one protection instantiation information corresponding to the associated protection object from the comparative communication protection dynamic node of the communication protection dynamic node set, wherein the comparative communication protection dynamic node is any communication protection dynamic node except the initial communication protection dynamic node in the communication protection dynamic node set, and the associated protection object is a protection object of the anchor audience account corresponding to the protection object in the associated communication protection dynamic node of the comparative communication protection dynamic node.

And a substep S153 of extracting features of the current protection instantiation information and the target protection instantiation information according to the artificial intelligence model configured in the artificial intelligence information platform 100 to obtain corresponding current protection instantiation features and target protection instantiation features. The current protection instantiation information is any protection instantiation information in the at least one protection instantiation information.

And a substep S154, extracting protection matching features from the current protection instantiation feature and the target protection instantiation feature to obtain a current positive protection matching feature and a current negative protection matching feature. The current positive guard matching feature and the current negative guard matching feature are both guard matching features.

And a substep S155, comparing the current positive guard matching feature with the current negative guard matching feature to obtain guard deviation information, and determining a guard label of the communication guard result of the network communication device 200 from at least one guard instantiation information based on the guard deviation information, where the guard label of the communication guard result of the network communication device 200 includes a service security risk node existing in the edge calculation process.

For example, the protection deviation information may be matched with a corresponding protection deviation segment from at least one protection instantiation information, and then tag information corresponding to the protection deviation segment is identified to determine a protection tag of the communication protection result of the network communication device 200.

In the sub-step S154, specifically, guard matching features may be extracted from each guard instantiation interval related to the current guard instantiation vector and the target guard instantiation vector, and a guard matching description vector corresponding to the live viewer account is determined.

Then, an associated protection matching description node sequence may be determined according to the protection matching description vector, a protection-specific protection matching description node of the protection matching description vector is extracted, a set threshold is used as a protection matching description node interval, and a centralized associated protection matching description node of the associated protection matching description node sequence associated with the protection-specific protection matching description node is extracted, where the protection-specific protection matching description node is used to indicate a protection matching description node formed by a case that the number of associable description nodes in a protection matching association space in the protection matching description vector is greater than a set number. On this basis, according to at least two associated concentrated associated protection vector points in the concentrated associated protection matching description node, a plurality of protection deviation direction units are generated in the table sections corresponding to the associated concentrated associated protection vector points according to the protection deviation direction, the overlapping section between all the table sections in the next concentrated associated protection vector point and all the table sections in the previous concentrated associated protection vector point is calculated, and the corresponding protection deviation direction table is obtained according to each obtained overlapping section.

Then, according to the protection deviation pointing direction table, a protection deviation pointing unit is obtained, wherein the protection deviation pointing direction is matched with the protection deviation pointing direction, and the overlapped section between the table sections of the two protection deviation pointing units is smaller than the maximum continuous overlapped section of the protection matching description vector in the overlapped section, so that a concentrated associated protection vector point space is formed;

on the basis, the vector point spaces in each concentrated associated protection vector point space can be matched to obtain the matching interval of each matched concentrated associated protection vector point space, and the direction of the matching interval of each concentrated associated protection vector point space in the protection matching associated space is determined. Therefore, the positive direction and the negative direction can be determined in the direction of the protection matching associated space according to the matching interval of each concentrated associated protection vector point space, and the determined characteristic information of the matching interval of the concentrated associated protection vector point space corresponding to the positive direction and the negative direction respectively is used as the current positive protection matching characteristic and the current negative protection matching characteristic.

Fig. 3 is a schematic diagram of functional modules of a data processing apparatus 300 based on a block chain and big data according to an embodiment of the present disclosure, and this embodiment may divide the functional modules of the data processing apparatus 300 based on the block chain and the big data according to a method embodiment executed by the artificial intelligence information platform 100, that is, the following functional modules corresponding to the data processing apparatus 300 based on the block chain and the big data may be used to execute each method embodiment executed by the artificial intelligence information platform 100. The data processing apparatus 300 based on blockchain and big data may include a detection module 310, a first determination module 320, a second identification module 330, a first analysis module 340, and a second analysis module 350, wherein functions of the functional modules of the data processing apparatus 300 based on blockchain and big data are respectively described in detail below.

The detecting module 310 is configured to detect a preset number of edge computing communication behaviors between the network communication device 200 and the artificial intelligence information platform 100 through at least two communication security protection models in a preconfigured communication security protection control, where the communication security protection control is obtained by configuring edge computing communication permission behaviors and edge computing communication service boundary information of the network communication device 200 when registering edge computing services, which are obtained from a preconfigured block chain. The detection module 310 may be configured to perform the step S110, and the detailed implementation of the detection module 310 may refer to the detailed description of the step S110.

The first determining module 320 is configured to determine, according to a detection result of each communication security protection model for each edge computing communication behavior, first feature extraction information of each edge computing communication behavior under each communication security protection model by presetting a feature extraction policy of the communication behavior. The first determining module 320 may be configured to perform the step S120, and for a detailed implementation of the first determining module 320, reference may be made to the detailed description of the step S120.

And the second determining module 330 is configured to determine, according to the respective first feature extraction information of each edge computing communication behavior, the feature extraction information of each edge computing communication behavior as second feature extraction information of a predetermined service protection level. The second determining module 320 may be configured to perform the step S130, and as for a detailed implementation of the second determining module 320, reference may be made to the detailed description of the step S130.

The first analysis module 340 is configured to analyze the communication behavior data of the edge computing communication behavior according to the second feature extraction information of the predetermined service protection level, so as to obtain a communication protection result of the network communication device 200. The first analysis module 340 may be configured to perform the step S140, and the detailed implementation manner of the first analysis module 340 may refer to the detailed description of the step S140.

The second analysis module 350 is configured to analyze the communication protection result of the network communication device 200 according to the historical communication protection big data of the network communication device 200 and the artificial intelligence model configured in the artificial intelligence information platform 100, and determine a protection tag of the communication protection result of the network communication device 200, where the protection tag of the communication protection result of the network communication device 200 includes a service security risk node existing in an edge calculation process. The second analysis module 350 may be configured to perform the step S150 of data processing based on the block chain and the big data, and as for a detailed implementation of the second analysis module 350, reference may be made to the detailed description of the step S150.

It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules may all be implemented in software invoked by a processing element. Or may be implemented entirely in hardware. And part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the detection module 310 may be a separate processing element, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the detection module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).

Fig. 4 is a schematic diagram illustrating a hardware structure of the artificial intelligence information platform 100 for implementing the control device according to the embodiment of the disclosure, and as shown in fig. 4, the artificial intelligence information platform 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, the at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the detection module 310, the first determination module 320, the second identification module 330, the first analysis module 340, and the second analysis module 350 included in the data processing apparatus 300 based on the blockchain and big data shown in fig. 3), so that the processor 110 may execute the data processing method based on the blockchain and big data according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control transceiving actions of the transceiver 140, so as to transceive data with the aforementioned network communication device 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the artificial intelligence information platform 100, which implement principles and technical effects are similar, and this embodiment is not described herein again.

In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The machine-readable storage medium 120 may comprise high-speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.

The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

In addition, the embodiment of the present disclosure also provides a readable storage medium, in which a computer executing instruction is stored, and when a processor executes the computer executing instruction, the data processing method based on the block chain and the big data is implemented.

The readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.

Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present disclosure, and not for limiting the same; while the present disclosure has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims

1. A data processing method based on a block chain and big data is applied to an artificial intelligence information platform in communication connection with network communication equipment, and the method comprises the following steps:

respectively detecting a preset number of edge computing communication behaviors between the network communication equipment and the artificial intelligence information platform through at least two communication safety protection models in a pre-configured communication safety protection control, wherein the communication safety protection control is obtained through edge computing communication permission behaviors and edge computing communication service boundary information configuration of the network communication equipment when registering edge computing service, which are obtained from a pre-configured block chain;

2. The data processing method based on the blockchain and the big data according to claim 1, wherein the determining of the first feature extraction information of each edge computing communication behavior under each communication security protection model includes any one of the following:

3. The method according to claim 1 or 2, wherein the calculating, according to the respective first feature extraction information of the communication behavior of each edge, the feature extraction information of the communication behavior of each edge is determined as the second feature extraction information of the predetermined service protection level, and the method comprises any one of the following steps:

when the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of the edge computing communication behavior as second feature extraction information of a first service protection level or a second service protection level or a third service protection level according to the first feature extraction information of the edge computing communication behavior;

when the first feature extraction information of one edge computing communication behavior is different, determining the feature extraction information of the edge computing communication behavior as second feature extraction information of a second service protection level according to the first feature extraction information of the edge computing communication behavior;

when the first feature extraction information of one edge computing communication behavior is different, determining the protection screening degree of each communication safety protection model, based on the protection screening degree of each communication safety protection model, according to the first feature extraction information of the edge computing communication behavior, and determining the feature extraction information of the edge computing communication behavior as second feature extraction information of a third service protection level or a fourth service protection level;

4. The blockchain and big data based data processing method according to claim 3, wherein the second feature extraction information includes a non-aggressive behavior feature vector or an aggressive behavior feature vector;

when the first feature extraction information of one edge computing communication behavior is the same, determining the feature extraction information of the edge computing communication behavior as second feature extraction information of a first service protection level, a second service protection level or a third service protection level according to the first feature extraction information of the edge computing communication behavior, wherein the second feature extraction information comprises any one of the following:

5. The blockchain and big data based data processing method according to claim 3, wherein the second feature extraction information includes a non-aggressive behavior feature vector or an aggressive behavior feature vector;

when the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, based on the protection screening degree of each communication security protection model, according to each piece of first feature extraction information of the one edge computing communication behavior, determining the feature extraction information of the one edge computing communication behavior as second feature extraction information of a third service protection level, wherein the second feature extraction information comprises any one of the following:

6. The blockchain and big data based data processing method according to claim 3, wherein the second feature extraction information includes a non-aggressive behavior feature vector or an aggressive behavior feature vector;

when the number of the communication security protection models is two and the two pieces of first feature extraction information of one edge computing communication behavior are different, based on the protection screening degree of each communication security protection model, according to each piece of first feature extraction information of the one edge computing communication behavior, determining the feature extraction information of the one edge computing communication behavior as second feature extraction information of a fourth service protection level, wherein the second feature extraction information comprises any one of the following:

7. The blockchain and big data based data processing method according to claim 3, wherein the second feature extraction information includes a non-aggressive behavior feature vector or an aggressive behavior feature vector;

8. The blockchain and big data based data processing method according to claim 3, wherein the second feature extraction information includes an attack behavior feature vector;

9. An artificial intelligence information platform, comprising a processor, a machine-readable storage medium, and a network interface, wherein the machine-readable storage medium, the network interface, and the processor are connected via a bus system, the network interface is configured to be communicatively connected to at least one network communication device, the machine-readable storage medium is configured to store a program, instructions, or code, and the processor is configured to execute the program, instructions, or code in the machine-readable storage medium to perform the data processing method according to any one of claims 1 to 8 based on a block chain and big data.