CN112328984A - Data security management method and system applied to big data - Google Patents
Data security management method and system applied to big data Download PDFInfo
- Publication number
- CN112328984A CN112328984A CN202011328639.4A CN202011328639A CN112328984A CN 112328984 A CN112328984 A CN 112328984A CN 202011328639 A CN202011328639 A CN 202011328639A CN 112328984 A CN112328984 A CN 112328984A
- Authority
- CN
- China
- Prior art keywords
- data
- authority
- information
- data storage
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 35
- 238000013500 data storage Methods 0.000 claims abstract description 231
- 238000004806 packaging method and process Methods 0.000 claims abstract description 29
- 238000012795 verification Methods 0.000 claims abstract description 20
- 238000013075 data extraction Methods 0.000 claims abstract description 18
- 238000000034 method Methods 0.000 claims abstract description 13
- 230000010485 coping Effects 0.000 claims description 86
- 230000006872 improvement Effects 0.000 claims description 26
- 238000005192 partition Methods 0.000 claims description 24
- 238000000638 solvent extraction Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 230000002159 abnormal effect Effects 0.000 description 36
- 239000013598 vector Substances 0.000 description 36
- 230000009286 beneficial effect Effects 0.000 description 12
- 238000013475 authorization Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 244000205754 Colocasia esculenta Species 0.000 description 2
- 235000006481 Colocasia esculenta Nutrition 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001537 neural effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention provides a data security management method and system applied to big data, wherein the method comprises the following steps: receiving data acquisition request information of a data node; analyzing the data acquisition request information, and acquiring a data acquisition request of a data node and first permission information of the data acquisition request; performing security verification on the data acquisition request based on the first permission information; when the verification passes, analyzing the first authority information, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes; and respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner. The data security management method applied to the big data guarantees the data security on a big data network, and guarantees the security of the data in the transmission process through an encryption packaging mode.
Description
Technical Field
The invention relates to the technical field of big data, in particular to a data security management method and system applied to big data.
Background
At present, the current society is a society with high-speed development, developed science and technology and information circulation, people communicate with each other more and more closely, the life is more and more convenient, and big data is a product of the high-technology era. As the name implies, the big data is a large amount of data, is a data set with a large scale which greatly exceeds the capability range of the traditional database software tools in the aspects of acquisition, storage, management and analysis, and has the four characteristics of large data scale, rapid data circulation, various data types and low value density.
How to guarantee the security of data on a big data network is a prerequisite for the safe use of the big data network.
Disclosure of Invention
One of the objectives of the present invention is to provide a data security management method applied to big data, which ensures the data security on a big data network by means of authority verification, and ensures the security of data in the transmission process by means of encryption and encapsulation.
The embodiment of the invention provides a data security management method applied to big data, which comprises the following steps:
receiving data acquisition request information of a data node;
analyzing the data acquisition request information, and acquiring a data acquisition request of a data node and first permission information of the data acquisition request;
performing security verification on the data acquisition request based on the first permission information;
when the verification passes, analyzing the first authority information, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
and respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
Preferably, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request;
or the like, or, alternatively,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of a requirement information requirement;
acquiring a first authority value for data acquisition;
when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form a data acquisition request.
Preferably, when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and providing a plurality of coping strategies, including:
obtaining a classification label of data stored in a data storage node with authority of a data node in a first authority library as a first standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating and comparing a first similarity between the label and each first standard label, and extracting the first standard label corresponding to the first similarity greater than a preset first threshold;
calling a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table according to the extracted first standard label, and taking the first corresponding scheme as a corresponding strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; the data storage nodes in the big data network in the first classification label table are corresponding to classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity which is greater than a preset second threshold;
based on the second standard label, querying the first classification label table again, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring an authority acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding authority acquisition scheme as a coping strategy.
Preferably, when the first requirement authority value is larger than the first authority value, a prompt for changing the input requirement information is output, and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to a first demand permission value which is less than or equal to the first permission value in a second permission library as first standard information;
taking the requirement information input by the user and used for data acquisition as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from an authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as a coping strategy.
Preferably, the data security management method applied to big data further includes: associating a backup node for each data storage node, and backing up data in the data storage node to a standby node at regular time, specifically comprising:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual position;
acquiring a classification label of data stored in a data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on clustering and grouping results;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in the corresponding partition for each group of data as a backup node.
The invention also provides a data security management system applied to big data, which comprises:
the request acquisition module is used for receiving data acquisition request information of the data node;
the first analysis module is used for analyzing the data acquisition request information and acquiring the data acquisition request of the data node and first permission information of the data acquisition request;
the first verification module is used for performing security verification on the data acquisition request based on the first authority information;
the second analysis module is used for analyzing the first authority information when the verification is passed, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
and the packaging and grouping module is used for respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
Preferably, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request;
or the like, or, alternatively,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of a requirement information requirement;
acquiring a first authority value for data acquisition;
when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form a data acquisition request.
Preferably, when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and providing a plurality of coping strategies, including:
obtaining a classification label of data stored in a data storage node with authority of a data node in a first authority library as a first standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating and comparing a first similarity between the label and each first standard label, and extracting the first standard label corresponding to the first similarity greater than a preset first threshold;
calling a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table according to the extracted first standard label, and taking the first corresponding scheme as a corresponding strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; the data storage nodes in the big data network in the first classification label table are corresponding to classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity which is greater than a preset second threshold;
based on the second standard label, querying the first classification label table again, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring an authority acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding authority acquisition scheme as a coping strategy.
Preferably, when the first requirement authority value is larger than the first authority value, a prompt for changing the input requirement information is output, and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to a first demand permission value which is less than or equal to the first permission value in a second permission library as first standard information;
taking the requirement information input by the user and used for data acquisition as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from an authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as a coping strategy.
Preferably, the data security management system applied to big data further includes: the backup module is used for associating backup nodes for each data storage node and backing up data in the data storage nodes to the backup nodes at regular time, and the backup module executes the following operations:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual position;
acquiring a classification label of data stored in a data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on clustering and grouping results;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in the corresponding partition for each group of data as a backup node.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a data security management method applied to big data according to an embodiment of the present invention;
fig. 2 is a flowchart of a data node generating a data acquisition request according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a data node generating a data acquisition request according to another embodiment of the present invention;
fig. 4 is a schematic diagram of a data security management system applied to big data according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
An embodiment of the present invention provides a data security management method applied to big data, as shown in fig. 1, including:
step S1: receiving data acquisition request information of a data node;
step S2: analyzing the data acquisition request information, and acquiring a data acquisition request of a data node and first permission information of the data acquisition request;
step S3: performing security verification on the data acquisition request based on the first permission information;
step S4: when the verification passes, analyzing the first authority information, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
step S5: and respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
The working principle and the beneficial effects of the technical scheme are as follows:
the big data network is constructed by data nodes and data storage nodes, wherein the data nodes are positions for exchanging with external data, and the data storage nodes are positions for storing data; the same node in the big data network can be used as a data node and also can be used as a data storage node. When the node is used as a data node to carry out data acquisition operation, keywords, identifications or classification labels and the like of data to be acquired are packaged with the authority of the data acquisition operation to form data acquisition request information, and then the data acquisition request information is sent to the big data platform. The big data platform analyzes the data acquisition request information, determines first authority information and a data acquisition request contained in the data acquisition request information, verifies the data acquisition request based on the first authority information, and verifies whether the data acquisition request exceeds an authority allowable range of the first authority information; when exceeded, verification fails; when the data storage nodes are in the allowable range, analyzing the first authority information, and determining a plurality of data storage nodes which are taken as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes; and determining a data storage node which can open the data acquisition request of the data node based on the first permission information, wherein the first permission information is a permission code set of the data storage node of the big data platform to the data node, when the meaning indicated by the permission code is openable, the permission code is used for indicating that the data node can acquire data from the data storage node, so that the permission code with the openable meaning is extracted, namely the data storage node of the target of the data acquisition request can be determined, and the other way is that the first permission information is the permission value of the data acquisition request, the big data platform is pre-manufactured with a correspondence table of the permission value and the data node permitted by the permission value, and the data storage node of the target of the data acquisition request is determined according to the permission table. Respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner; at the moment, the data storage node is switched to process, decryption is carried out firstly, and then target data are extracted according to the decrypted data; and finally, integrating and sending the target data extracted by each data storage node to the data nodes. Furthermore, data transmission in each link of data acquisition is data subjected to encryption processing, so that the safety of the data in the data transmission link of the big data network is improved.
In one embodiment, as shown in fig. 2 and 3, the data node performs the following operations:
step S11: receiving demand information input by a user and used for data acquisition;
step S12: analyzing the demand information and determining a classification label of the target data;
step S13: inquiring a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with corresponding classification labels;
step S14: when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
step S15: when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
step S16: encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request;
or the like, or, alternatively,
step S21: receiving demand information input by a user and used for data acquisition;
step S22: analyzing the demand information and determining a classification label of the target data;
step S23: querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of a requirement information requirement;
step S24: acquiring a first authority value for data acquisition;
step S25: when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
step S26: and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form a data acquisition request.
The working principle and the beneficial effects of the technical scheme are as follows:
the data node may output the data acquisition request information through two schemes.
The first scheme is as follows: when a user sends a data acquisition request, the user inputs demand information at a data node, wherein the demand information can be one or combination of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of the target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the identifier is the keyword or the identifier, inquiring a preset classification label identification table according to the keyword or the identifier to determine a classification label; storing the keywords or the identifications and the classification labels in the classification label identification table in a one-to-one correspondence manner; inquiring a local first authority library stored in the data node, and determining a first data storage node set consisting of data storage nodes with storage data stored with corresponding classification labels; the method comprises the steps that a data storage node giving authority to a data node, a set of classification labels of data stored in the data storage node, authority information given to the data node by the data storage node and the like are stored in a first authority library; when the first data storage node set is empty, namely no data storage node with the authority of the data node in the first authority library stores data corresponding to the classification label, at the moment, a prompt for changing input demand information is output, and a plurality of coping strategies are given; the coping strategy comprises the following steps: and modifying the requirement information or the upgrading authority and the like, and synchronously outputting the conditions required by the upgrading authority when the coping strategy is the upgrading authority. When the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes; encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request; and the security of the data acquisition request information is ensured by encryption and packaging. The scheme is applied to a big data network with separate authority management; the authority management adopts an authority set, namely, the authority between each node is authorized pairwise, each node has an own authority set, a plurality of authorization codes are stored in the authority set, and one authorization code represents the authority configuration of other nodes to the node; and the authorization codes are in the permission set.
Scheme II: when a user sends a data acquisition request, the user inputs demand information at a data node, wherein the demand information can be one or combination of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of the target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the identifier is the keyword or the identifier, inquiring a preset classification label identification table according to the keyword or the identifier to determine a classification label; storing the keywords or the identifications and the classification labels in the classification label identification table in a one-to-one correspondence manner; inquiring a local second authority library stored in the data node, and determining a first requirement authority value of a requirement information requirement; the first requirement authority value and the requirement information are stored in a second authority library in a one-to-one correspondence mode; acquiring a first authority value for data acquisition; when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies; the coping strategy comprises the following steps: modifying the requirement information or upgrading authority and the like, and synchronously outputting the conditions required by the upgrading authority when the coping strategy is the upgrading authority; when the first requirement authority value is smaller than or equal to the first authority value, the requirement information and the first authority value are encrypted and packaged to form a data acquisition request; and the security of the data acquisition request information is ensured by encryption and packaging. The first authority value used by the data node for this data acquisition may be the own authority value allocated to the data node. The scheme is applied to a big data network with centralized authority management, namely, authorization among all nodes in the big data network is uniformly carried out by authority values, namely, the authority values are configured for all the nodes, and then the permission authority values of the data storage nodes are set according to the conditions of the data storage nodes; when the authority value of the node is larger than the permission authority value of the data storage node, the data acquisition request sent by the node can acquire the data from the data storage node, otherwise, the data acquisition cannot be performed.
In one embodiment, when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies, comprising:
obtaining a classification label of data stored in a data storage node with authority of a data node in a first authority library as a first standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating and comparing a first similarity between the label and each first standard label, and extracting the first standard label corresponding to the first similarity greater than a preset first threshold;
calling a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table according to the extracted first standard label, and taking the first corresponding scheme as a corresponding strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; the data storage nodes in the big data network in the first classification label table are corresponding to classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity which is greater than a preset second threshold;
based on the second standard label, querying the first classification label table again, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring the authority acquisition scheme table based on the data storage node corresponding to the second standard label to acquire an authority acquisition scheme, and taking the authority acquisition scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the embodiment are mainly divided into two types, one is a first coping scheme for providing a demand information modification scheme for a user to change demand information; the other is to provide a corresponding authority acquisition scheme for using the requirement information input by the user; through the coping strategy, when the demand information of the data acquisition is not matched with the authority, the user can make proper adjustment, and then the data acquisition is completed quickly.
In one embodiment, when the first requirement authority value is larger than the first authority value, a prompt for changing the input requirement information is output and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to a first demand permission value which is less than or equal to the first permission value in a second permission library as first standard information;
taking the requirement information input by the user and used for data acquisition as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from an authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the embodiment are mainly divided into two, one is a third coping scheme for providing a demand information modification scheme for a user to change demand information; the other is to provide a corresponding permission improvement scheme for using the requirement information input by the user; through the coping strategy, when the demand information of the user for data acquisition is not matched with the authority, the authority can be improved, and then the data acquisition is completed quickly.
In one embodiment, the data security management method applied to big data further comprises: associating a backup node for each data storage node, and backing up data in the data storage node to a standby node at regular time, specifically comprising:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual position;
acquiring a classification label of data stored in a data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on clustering and grouping results;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in the corresponding partition for each group of data as a backup node.
The working principle and the beneficial effects of the technical scheme are as follows:
the data in the data storage nodes are backed up through the associated backup nodes, the safety of the backup data is ensured through group backup and multi-data node backup, and the risk of data loss of the backup nodes is reduced; and partitioning is carried out according to the actual position, and the probability that the data nodes close to the actual position are abnormal due to practical reasons exists, so that a virtual map is constructed for partitioning and selecting, and the occurrence of the abnormality is avoided.
In one embodiment, the data security management method applied to big data further comprises:
the operating parameters of the data storage node are obtained,
substituting the operation parameters into a pre-established deep learning neural model, and predicting a first probability of the data storage node being abnormal;
when the first probability is larger than a preset probability value, backing up the data of the data storage node to an associated backup node;
or;
constructing an operation vector based on the operation parameters;
matching the operation vector with the abnormal vector by calculating the matching degree of the operation vector and the abnormal vector of a pre-established abnormal library, and determining a second probability of the data storage node being abnormal; the matching degree calculation formula is as follows:
wherein D isiRepresenting the matching degree between the operation vector and the ith abnormal vector in the abnormal library; y isjA value representing the jth data in the run vector; x is the number ofijA value representing the jth data of the ith exception vector within the exception library; the second probability is a probability value of the abnormal vector which has the highest corresponding matching degree and is greater than the preset first matching degree and is stored in the abnormal library;
when the second probability is larger than the preset probability value, backing up the data of the data storage node to the associated backup node;
the method comprises the following steps of establishing an exception library in advance, and executing the following operations:
acquiring historical operating parameter data of a data storage node:
constructing a historical operating vector based on historical operating parameters in the historical operating parameter data;
calculating the matching degree among the historical operation vectors, and classifying and grouping the historical operation parameter data based on the mode that the matching degree is greater than a preset second matching degree;
constructing an abnormal judgment data by one data group, namely constructing an abnormal judgment data in an abnormal library according to all historical operating parameter data in the same group; the abnormal judgment data is an abnormal vector and a probability value corresponding to the abnormal vector; the probability value is the ratio of historical operating parameter data of the data storage nodes in the group to the total historical operating parameter data in the group; the value of each datum in the anomaly vector is determined by:
in the formula (d)kThe value of the kth data of the anomaly vector; dk taro lThe value of the kth parameter in the ith historical operating vector in the data packet; beta is a preset weight; m is the number of historical operation vectors in the data packet; e through
And (4) determining.
The working principle and the beneficial effects of the technical scheme are as follows:
predicting the probability of the data storage node being abnormal through the operation parameters of the data storage node, when the probability is greater than a preset value, indicating that the data storage node has higher risk and needs to be backed up to a backup node, and when the risk is relieved, if the probability is abnormal, recovering the data of the data storage node through the data of the backup node; the security of the data stored in the data storage node can be effectively ensured.
The present invention also provides a data security management system applied to big data, as shown in fig. 4, including:
a request acquisition module 1, configured to receive data acquisition request information of a data node;
the first analysis module 2 is used for analyzing the data acquisition request information and acquiring the data acquisition request of the data node and first permission information of the data acquisition request;
the first verification module 3 is used for performing security verification on the data acquisition request based on the first authority information;
the second analysis module 4 is used for analyzing the first authority information when the verification is passed, and determining a plurality of data storage nodes which are used as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
and the encapsulation grouping module 5 is used for respectively encrypting and encapsulating the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
The working principle and the beneficial effects of the technical scheme are as follows:
the big data network is constructed by data nodes and data storage nodes, wherein the data nodes are positions for exchanging with external data, and the data storage nodes are positions for storing data; the same node in the big data network can be used as a data node and also can be used as a data storage node. When the node is used as a data node to carry out data acquisition operation, keywords, identifications or classification labels and the like of data to be acquired are packaged with the authority of the data acquisition operation to form data acquisition request information, and then the data acquisition request information is sent to the big data platform. The big data platform analyzes the data acquisition request information, determines first authority information and a data acquisition request contained in the data acquisition request information, verifies the data acquisition request based on the first authority information, and verifies whether the data acquisition request exceeds an authority allowable range of the first authority information; when exceeded, verification fails; when the data storage nodes are in the allowable range, analyzing the first authority information, and determining a plurality of data storage nodes which are taken as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes; and determining a data storage node which can open the data acquisition request of the data node based on the first permission information, wherein the first permission information is a permission code set of the data storage node of the big data platform to the data node, when the meaning indicated by the permission code is openable, the permission code is used for indicating that the data node can acquire data from the data storage node, so that the permission code with the openable meaning is extracted, namely the data storage node of the target of the data acquisition request can be determined, and the other way is that the first permission information is the permission value of the data acquisition request, the big data platform is pre-manufactured with a correspondence table of the permission value and the data node permitted by the permission value, and the data storage node of the target of the data acquisition request is determined according to the permission table. Respectively encrypting and packaging the data acquisition request and each piece of second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner; at the moment, the data storage node is switched to process, decryption is carried out firstly, and then target data are extracted according to the decrypted data; and finally, integrating and sending the target data extracted by each data storage node to the data nodes.
In one embodiment, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request;
or the like, or, alternatively,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of a requirement information requirement;
acquiring a first authority value for data acquisition;
when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form a data acquisition request.
The working principle and the beneficial effects of the technical scheme are as follows:
the data node may output the data acquisition request information through two schemes.
The first scheme is as follows: when a user sends a data acquisition request, the user inputs demand information at a data node, wherein the demand information can be one or combination of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of the target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the identifier is the keyword or the identifier, inquiring a preset classification label identification table according to the keyword or the identifier to determine a classification label; storing the keywords or the identifications and the classification labels in the classification label identification table in a one-to-one correspondence manner; inquiring a local first authority library stored in the data node, and determining a first data storage node set consisting of data storage nodes with storage data stored with corresponding classification labels; the method comprises the steps that a data storage node giving authority to a data node, a set of classification labels of data stored in the data storage node, authority information given to the data node by the data storage node and the like are stored in a first authority library; when the first data storage node set is empty, namely no data storage node with the authority of the data node in the first authority library stores data corresponding to the classification label, at the moment, a prompt for changing input demand information is output, and a plurality of coping strategies are given; the coping strategy comprises the following steps: and modifying the requirement information or the upgrading authority and the like, and synchronously outputting the conditions required by the upgrading authority when the coping strategy is the upgrading authority. When the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes; encrypting and packaging the demand information, the first data storage node set and the second permission set to form a data acquisition request; and the security of the data acquisition request information is ensured by encryption and packaging. The scheme is applied to a big data network with separate authority management; the authority management adopts an authority set, namely, the authority between each node is authorized pairwise, each node has an own authority set, a plurality of authorization codes are stored in the authority set, and one authorization code represents the authority configuration of other nodes to the node; and the authorization codes are in the permission set.
Scheme II: when a user sends a data acquisition request, the user inputs demand information at a data node, wherein the demand information can be one or combination of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of the target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the identifier is the keyword or the identifier, inquiring a preset classification label identification table according to the keyword or the identifier to determine a classification label; storing the keywords or the identifications and the classification labels in the classification label identification table in a one-to-one correspondence manner; inquiring a local second authority library stored in the data node, and determining a first requirement authority value of a requirement information requirement; the first requirement authority value and the requirement information are stored in a second authority library in a one-to-one correspondence mode; acquiring a first authority value for data acquisition; when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies; the coping strategy comprises the following steps: modifying the requirement information or upgrading authority and the like, and synchronously outputting the conditions required by the upgrading authority when the coping strategy is the upgrading authority; when the first requirement authority value is smaller than or equal to the first authority value, the requirement information and the first authority value are encrypted and packaged to form a data acquisition request; and the security of the data acquisition request information is ensured by encryption and packaging. The first authority value used by the data node for this data acquisition may be the own authority value allocated to the data node. The scheme is applied to a big data network with centralized authority management, namely, authorization among all nodes in the big data network is uniformly carried out by authority values, namely, the authority values are configured for all the nodes, and then the permission authority values of the data storage nodes are set according to the conditions of the data storage nodes; when the authority value of the node is larger than the permission authority value of the data storage node, the data acquisition request sent by the node can acquire the data from the data storage node, otherwise, the data acquisition cannot be performed.
In one embodiment, when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies, comprising:
obtaining a classification label of data stored in a data storage node with authority of a data node in a first authority library as a first standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating and comparing a first similarity between the label and each first standard label, and extracting the first standard label corresponding to the first similarity greater than a preset first threshold;
calling a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table according to the extracted first standard label, and taking the first corresponding scheme as a corresponding strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; the data storage nodes in the big data network in the first classification label table are corresponding to classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking a classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity which is greater than a preset second threshold;
based on the second standard label, querying the first classification label table again, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring an authority acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding authority acquisition scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the embodiment are mainly divided into two types, one is a first coping scheme for providing a demand information modification scheme for a user to change demand information; the other is to provide a corresponding authority acquisition scheme for using the requirement information input by the user; through the coping strategy, when the demand information of the data acquisition is not matched with the authority, the user can make proper adjustment, and then the data acquisition is completed quickly.
In one embodiment, when the first requirement authority value is larger than the first authority value, a prompt for changing the input requirement information is output and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to a first demand permission value which is less than or equal to the first permission value in a second permission library as first standard information;
taking the requirement information input by the user and used for data acquisition as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from an authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the embodiment are mainly divided into two, one is a third coping scheme for providing a demand information modification scheme for a user to change demand information; the other is to provide a corresponding permission improvement scheme for using the requirement information input by the user; through the coping strategy, when the demand information of the user for data acquisition is not matched with the authority, the authority can be improved, and then the data acquisition is completed quickly.
In one embodiment, the data security management system applied to big data further comprises: the backup module is used for associating backup nodes for each data storage node and backing up data in the data storage nodes to the backup nodes at regular time, and the backup module executes the following operations:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual position;
acquiring a classification label of data stored in a data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on clustering and grouping results;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in the corresponding partition for each group of data as a backup node.
The working principle and the beneficial effects of the technical scheme are as follows:
the data in the data storage nodes are backed up through the associated backup nodes, the safety of the backup data is ensured through group backup and multi-data node backup, and the risk of data loss of the backup nodes is reduced; and partitioning is carried out according to the actual position, and the probability that the data nodes close to the actual position are abnormal due to practical reasons exists, so that a virtual map is constructed for partitioning and selecting, and the occurrence of the abnormality is avoided.
In one embodiment, the data security management system applied to big data further comprises: the emergency module is used for judging whether the data storage node is in a high risk state or not, and backing up data to the backup node when the data storage node is in the high risk state;
the emergency module performs the following operations:
the operating parameters of the data storage node are obtained,
substituting the operation parameters into a pre-established deep learning neural model, and predicting a first probability of the data storage node being abnormal;
when the first probability is larger than a preset probability value, backing up the data of the data storage node to an associated backup node;
or;
constructing an operation vector based on the operation parameters;
matching the operation vector with the abnormal vector by calculating the matching degree of the operation vector and the abnormal vector of a pre-established abnormal library, and determining a second probability of the data storage node being abnormal; the matching degree calculation formula is as follows:
wherein D isiRepresenting the matching degree between the operation vector and the ith abnormal vector in the abnormal library; y isjA value representing the jth data in the run vector; x is the number ofijA value representing the jth data of the ith exception vector within the exception library; the second probability is a probability value of the abnormal vector which has the highest corresponding matching degree and is greater than the preset first matching degree and is stored in the abnormal library;
when the second probability is larger than the preset probability value, backing up the data of the data storage node to the associated backup node;
the method comprises the following steps of establishing an exception library in advance, and executing the following operations:
acquiring historical operating parameter data of a data storage node:
constructing a historical operating vector based on historical operating parameters in the historical operating parameter data;
calculating the matching degree among the historical operation vectors, and classifying and grouping the historical operation parameter data based on the mode that the matching degree is greater than a preset second matching degree;
constructing an abnormal judgment data by one data group, namely constructing an abnormal judgment data in an abnormal library according to all historical operating parameter data in the same group; the abnormal judgment data is an abnormal vector and a probability value corresponding to the abnormal vector; the probability value is the ratio of historical operating parameter data of the data storage nodes in the group to the total historical operating parameter data in the group; the value of each datum in the anomaly vector is determined by:
in the formula (d)kThe value of the kth data of the anomaly vector; dk taro lThe value of the kth parameter in the ith historical operating vector in the data packet; beta is a preset weight; m is the number of historical operation vectors in the data packet; e through
And (4) determining.
The working principle and the beneficial effects of the technical scheme are as follows:
predicting the probability of the data storage node being abnormal through the operation parameters of the data storage node, when the probability is greater than a preset value, indicating that the data storage node has higher risk and needs to be backed up to a backup node, and when the risk is relieved, if the probability is abnormal, recovering the data of the data storage node through the data of the backup node; the security of the data stored in the data storage node can be effectively ensured.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A data security management method applied to big data is characterized by comprising the following steps:
receiving data acquisition request information of a data node;
analyzing the data acquisition request information, and acquiring a data acquisition request of the data node and first permission information of the data acquisition request;
performing security verification on the data acquisition request based on the first permission information;
when the verification is passed, analyzing the first authority information, and determining a plurality of data storage nodes which are taken as data acquisition targets and second authority information of the data acquisition requests for the data storage nodes;
and respectively encrypting and packaging the data acquisition request and each second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
2. The data security management method applied to big data according to claim 1, wherein the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of data storage nodes with storage data corresponding to the classification labels;
when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
encrypting and packaging the requirement information, the first data storage node set and the second permission set to form the data acquisition request;
or the like, or, alternatively,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first authority value for data acquisition;
when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form the data acquisition request.
3. The data security management method applied to big data according to claim 2, wherein when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies includes:
acquiring a classification label of data stored in a data storage node with authority of the data node in the first authority library as a first standard label;
taking the classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a first similarity between the comparison label and each first standard label, and extracting the first standard label corresponding to the first similarity which is greater than a preset first threshold;
calling a first coping scheme corresponding to the first standard label in a prefabricated first coping scheme table according to the extracted first standard label, and taking the first coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; a corresponding relation table of all the data storage nodes in the big data network in the first classification label table and classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking the classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison label and each second standard label, and extracting the second standard label corresponding to the second similarity which is greater than a preset second threshold;
querying the first classification label table again based on the second standard label, and determining the data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of the data storage node;
and inquiring the authority acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding authority acquisition scheme as the coping strategy.
4. The data security management method applied to big data according to claim 2, wherein when the first requirement permission value is greater than the first permission value, a prompt to change the input requirement information is output and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to the first demand permission value which is less than or equal to the first permission value in the second permission library as first standard information;
the requirement information which is input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from the authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as the coping strategy.
5. The data security management method applied to big data according to claim 1, further comprising: associating a backup node for each data storage node, and backing up data in the data storage node to a standby node at regular time, specifically comprising:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual location;
obtaining a classification label of data stored in the data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on the clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in a corresponding partition for each group of data as the backup node.
6. A data security management system applied to big data is characterized by comprising:
the request acquisition module is used for receiving data acquisition request information of the data node;
the first analysis module is used for analyzing the data acquisition request information to acquire a data acquisition request of the data node and first permission information of the data acquisition request;
the first verification module is used for performing security verification on the data acquisition request based on the first permission information;
the second analysis module is used for analyzing the first authority information when the verification is passed, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests for the data storage nodes;
and the packaging and grouping module is used for respectively encrypting and packaging the data acquisition request and each second permission information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second permission information in a one-to-one correspondence manner.
7. The data security management system applied to big data according to claim 6, wherein the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of data storage nodes with storage data corresponding to the classification labels;
when the first data storage node set is empty, outputting a prompt for changing input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data nodes by the first data storage nodes;
encrypting and packaging the requirement information, the first data storage node set and the second permission set to form the data acquisition request;
or the like, or, alternatively,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first authority value for data acquisition;
when the first requirement authority value is larger than the first authority value, outputting a prompt for changing the input requirement information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form the data acquisition request.
8. The data security management system applied to big data according to claim 7, wherein when the first set of data storage nodes is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies includes:
acquiring a classification label of data stored in a data storage node with authority of the data node in the first authority library as a first standard label;
taking the classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a first similarity between the comparison label and each first standard label, and extracting the first standard label corresponding to the first similarity which is greater than a preset first threshold;
calling a first coping scheme corresponding to the first standard label in a prefabricated first coping scheme table according to the extracted first standard label, and taking the first coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a first classification label table stored in advance; a corresponding relation table of all the data storage nodes in the big data network in the first classification label table and classification labels of data stored in the data storage nodes;
acquiring a classification label in the first classification label table as a second standard label;
taking the classification label obtained by analyzing the demand information as a comparison label;
respectively calculating a second similarity between the comparison label and each second standard label, and extracting the second standard label corresponding to the second similarity which is greater than a preset second threshold;
querying the first classification label table again based on the second standard label, and determining the data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of the data storage node;
and inquiring the authority acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding authority acquisition scheme as the coping strategy.
9. The data security management system applied to big data according to claim 7, wherein when the first requirement authority value is greater than the first authority value, a prompt to change the input requirement information is output and a plurality of coping strategies are given; the method comprises the following steps:
acquiring demand information corresponding to the first demand permission value which is less than or equal to the first permission value in the second permission library as first standard information;
the requirement information which is input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity of the comparison information and each piece of first standard information, extracting the first standard information of which the third similarity is greater than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the presence of a gas in the gas,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring an authority improvement scheme from the authority improvement scheme table based on the first requirement authority value; and taking the authority improvement scheme as the coping strategy.
10. The data security management system applied to big data according to claim 6, further comprising: the backup module is used for associating backup nodes for each data storage node and backing up data in the data storage nodes to the standby nodes at regular time, and the backup module executes the following operations:
acquiring the actual position of each data storage node in the big data network;
constructing a virtual map based on the actual location;
obtaining a classification label of data stored in the data storage node to be stored and associated;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on the clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and enabling partitions except the partition where the data storage node to be stored and associated is located to correspond to each group of data after data grouping one by one;
and selecting at least one data storage node in a corresponding partition for each group of data as the backup node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011328639.4A CN112328984B (en) | 2020-11-24 | 2020-11-24 | Data security management method and system applied to big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011328639.4A CN112328984B (en) | 2020-11-24 | 2020-11-24 | Data security management method and system applied to big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112328984A true CN112328984A (en) | 2021-02-05 |
| CN112328984B CN112328984B (en) | 2024-02-09 |
Family
ID=74322285
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011328639.4A Active CN112328984B (en) | 2020-11-24 | 2020-11-24 | Data security management method and system applied to big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112328984B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113535664A (en) * | 2021-09-14 | 2021-10-22 | 深圳兆瑞优品科技有限公司 | Database data synchronization method based on data page preloading |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120091507A (en) * | 2011-01-14 | 2012-08-20 | 동국대학교 경주캠퍼스 산학협력단 | Data access privilege managing method and apparatus |
| US20130227706A1 (en) * | 2012-02-29 | 2013-08-29 | Beijing Founder Apabi Technology Ltd. | Method, apparatus and system for controlling read rights of digital contents |
| CN106055967A (en) * | 2016-05-24 | 2016-10-26 | 福建星海通信科技有限公司 | SAAS platform user organization permission management method and system |
| CN107103252A (en) * | 2017-04-27 | 2017-08-29 | 电子科技大学 | Data access control method based on block chain |
| CN108346034A (en) * | 2018-02-02 | 2018-07-31 | 深圳市鹰硕技术有限公司 | A kind of meeting intelligent management and system |
| US20180262350A1 (en) * | 2016-08-19 | 2018-09-13 | Tencent Technology (Shenzhen) Company Limited | Network node encryption method and apparatus |
| CN109255084A (en) * | 2018-08-28 | 2019-01-22 | 腾讯科技(深圳)有限公司 | Electronic bill querying method, device, storage medium and computer equipment |
| CN110266681A (en) * | 2019-06-17 | 2019-09-20 | 西安纸贵互联网科技有限公司 | Data safe processing system and data safety processing method based on block chain |
| WO2019179277A1 (en) * | 2018-03-19 | 2019-09-26 | 华为技术有限公司 | Data access rights control method and device |
| CN110688666A (en) * | 2019-10-08 | 2020-01-14 | 卓尔购信息科技(武汉)有限公司 | Data encryption and storage method in distributed storage |
-
2020
- 2020-11-24 CN CN202011328639.4A patent/CN112328984B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120091507A (en) * | 2011-01-14 | 2012-08-20 | 동국대학교 경주캠퍼스 산학협력단 | Data access privilege managing method and apparatus |
| US20130227706A1 (en) * | 2012-02-29 | 2013-08-29 | Beijing Founder Apabi Technology Ltd. | Method, apparatus and system for controlling read rights of digital contents |
| CN106055967A (en) * | 2016-05-24 | 2016-10-26 | 福建星海通信科技有限公司 | SAAS platform user organization permission management method and system |
| US20180262350A1 (en) * | 2016-08-19 | 2018-09-13 | Tencent Technology (Shenzhen) Company Limited | Network node encryption method and apparatus |
| CN107103252A (en) * | 2017-04-27 | 2017-08-29 | 电子科技大学 | Data access control method based on block chain |
| CN108346034A (en) * | 2018-02-02 | 2018-07-31 | 深圳市鹰硕技术有限公司 | A kind of meeting intelligent management and system |
| WO2019179277A1 (en) * | 2018-03-19 | 2019-09-26 | 华为技术有限公司 | Data access rights control method and device |
| CN109255084A (en) * | 2018-08-28 | 2019-01-22 | 腾讯科技(深圳)有限公司 | Electronic bill querying method, device, storage medium and computer equipment |
| CN110266681A (en) * | 2019-06-17 | 2019-09-20 | 西安纸贵互联网科技有限公司 | Data safe processing system and data safety processing method based on block chain |
| CN110688666A (en) * | 2019-10-08 | 2020-01-14 | 卓尔购信息科技(武汉)有限公司 | Data encryption and storage method in distributed storage |
Non-Patent Citations (3)
| Title |
|---|
| ZHITAO GUAN等: "Achieving Efficient and Secure Data Acquisition for Cloud-supported Internet of Things in Smart Grid", IEEE INTERNET OF THINGS JOURNAL, vol. 4, no. 6, pages 1934 - 1944, XP011674211, DOI: 10.1109/JIOT.2017.2690522 * |
| 刘震;王文桥;: "基于区块链的医疗信息共享平台设计与实现", 医疗卫生装备, no. 08, pages 42 - 45 * |
| 李樱;刘守训;王永滨;杨成;隋爱娜;: "面向可管理和可控制的P2P内容存取的DRM系统", 东南大学学报(自然科学版), no. 1, pages 65 - 69 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113535664A (en) * | 2021-09-14 | 2021-10-22 | 深圳兆瑞优品科技有限公司 | Database data synchronization method based on data page preloading |
| CN113535664B (en) * | 2021-09-14 | 2021-12-31 | 深圳兆瑞优品科技有限公司 | Database data synchronization method based on data page preloading |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112328984B (en) | 2024-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112131317B (en) | Data storage safety system based on block chain technology | |
| Kabulov et al. | Using algorithmic modeling to control user access based on functioning table | |
| CN109903034B (en) | Rule matching method and device, computer readable storage medium and computer equipment | |
| CN114880675B (en) | Business vulnerability analysis method and server based on intelligent cloud computing | |
| CN112328984A (en) | Data security management method and system applied to big data | |
| CN114501458A (en) | WIA-PA protocol fuzz test data generation method based on extended finite-state machine | |
| CN115080546B (en) | Enterprise data diagnosis system based on big data | |
| CN114744309A (en) | BMS-based battery safety management method, device, equipment and storage medium | |
| CN111553689A (en) | Matching correlation method and system based on quadratic hash | |
| CN114238474A (en) | Data processing method, device and equipment based on drainage system and storage medium | |
| CN116226138B (en) | Block chain-based information vulnerability processing method and device | |
| CN113836806A (en) | PHM model construction method, system, storage medium and electronic equipment | |
| CN115346300B (en) | Work ticket access method, device, medium and electronic equipment | |
| CN114598480B (en) | Method and system for processing machine data of network security operation platform | |
| CN112328663A (en) | Data discovery method and system applied to big data | |
| CN116432193A (en) | Financial database data protection transformation method and financial data protection system thereof | |
| CN111708996B (en) | Enterprise internal management consultation information sharing system based on Internet | |
| CN115147020A (en) | Decoration data processing method, device, equipment and storage medium | |
| CN115118513A (en) | Network data access security control method and system | |
| CN114239041A (en) | Data safety protection system based on internet | |
| CN111553705A (en) | Distributed recording block chain method and system | |
| CN112580084A (en) | New energy data anomaly detection method based on low-carbon economy | |
| CN115829186B (en) | ERP management method based on artificial intelligence and data processing AI system | |
| CN117675206B (en) | Comprehensive management service platform based on smart city government affair data and data management method | |
| CN109583950B (en) | Mining platform for two-account customers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |