CN112328984B - Data security management method and system applied to big data - Google Patents

Data security management method and system applied to big data Download PDF

Info

Publication number
CN112328984B
CN112328984B CN202011328639.4A CN202011328639A CN112328984B CN 112328984 B CN112328984 B CN 112328984B CN 202011328639 A CN202011328639 A CN 202011328639A CN 112328984 B CN112328984 B CN 112328984B
Authority
CN
China
Prior art keywords
data
authority
information
data storage
storage node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011328639.4A
Other languages
Chinese (zh)
Other versions
CN112328984A (en
Inventor
卢启伟
张淮清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Eaglesoul Technology Co Ltd
Original Assignee
Shenzhen Eaglesoul Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Eaglesoul Technology Co Ltd filed Critical Shenzhen Eaglesoul Technology Co Ltd
Priority to CN202011328639.4A priority Critical patent/CN112328984B/en
Publication of CN112328984A publication Critical patent/CN112328984A/en
Application granted granted Critical
Publication of CN112328984B publication Critical patent/CN112328984B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a data security management method and a system applied to big data, wherein the method comprises the following steps: receiving data acquisition request information of a data node; analyzing the data acquisition request information to acquire a data acquisition request of a data node and first authority information of the data acquisition request; performing security verification on the data acquisition request based on the first authority information; when the verification is passed, the first authority information is analyzed, and a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests to the data storage nodes are determined; and respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner. The data security management method applied to big data ensures the data security on the big data network, and ensures the security of the data in the transmission process by means of encryption packaging.

Description

Data security management method and system applied to big data
Technical Field
The invention relates to the technical field of big data, in particular to a data security management method and system applied to big data.
Background
At present, the society is a society with high development speed, developed technology, information circulation and more intimate communication among people, and life is more and more convenient, and big data is the product of the high-tech age. Big data is a large amount of data as the name implies, and is a data set which is large enough to greatly exceed the capability range of the traditional database software tool in the aspects of acquisition, storage, management and analysis, and has four characteristics of massive data size, rapid data circulation, various data types and low value density.
How to secure data on a big data network is a prerequisite for the safe use of the big data network.
Disclosure of Invention
The invention aims to provide a data security management method applied to big data, which ensures the data security on a big data network in a permission verification mode and ensures the security of the data in a transmission process in an encryption packaging mode.
The data security management method applied to big data provided by the embodiment of the invention comprises the following steps:
receiving data acquisition request information of a data node;
analyzing the data acquisition request information to acquire a data acquisition request of a data node and first authority information of the data acquisition request;
Performing security verification on the data acquisition request based on the first authority information;
when the verification is passed, the first authority information is analyzed, and a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests to the data storage nodes are determined;
and respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
Preferably, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with the corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
Encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request;
or alternatively, the first and second heat exchangers may be,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first weight value for the data acquisition;
when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
and when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request.
Preferably, when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies, including:
acquiring a classification tag of data stored in a data storage node with authority of a data node in a first authority library as a first standard tag;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting first standard tags corresponding to the first similarity being larger than a preset first threshold;
According to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; the corresponding relation table of all data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity of the comparison tag and each second standard tag, and extracting second standard tags corresponding to which the second similarity is larger than a preset second threshold value;
querying the first classification label table again based on the second standard label, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding permission acquisition scheme as a coping strategy.
Preferably, when the first demand authority value is greater than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; comprising the following steps:
Acquiring requirement information corresponding to a first requirement authority value smaller than or equal to a first authority value in a second authority library as first standard information;
the method comprises the steps that demand information input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity between the comparison information and each piece of first standard information, extracting first standard information with the third similarity larger than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from a right improvement scheme table based on the first requirement right value; the permission improvement scheme is taken as a coping strategy.
Preferably, the data security management method applied to big data further comprises: associating backup nodes for each data storage node, and backing up the data in the data storage node to the backup nodes at regular time, wherein the method specifically comprises the following steps:
acquiring actual positions of all data storage nodes in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of data stored in a data storage node to be stored with the association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on a clustering and grouping result;
Partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the associated data storage node to be stored is located are in one-to-one correspondence with each group of data after data grouping;
at least one data storage node is selected as a backup node within the corresponding partition for each set of data.
The invention also provides a data security management system applied to big data, comprising:
the request acquisition module is used for receiving data acquisition request information of the data node;
the first analysis module is used for analyzing the data acquisition request information and acquiring a data acquisition request of a data node and first authority information of the data acquisition request;
the first verification module is used for carrying out security verification on the data acquisition request based on the first authority information;
the second analyzing module is used for analyzing the first authority information when verification passes, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of data acquisition requests on the data storage nodes;
and the packaging grouping module is used for respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
Preferably, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with the corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request;
or alternatively, the first and second heat exchangers may be,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first weight value for the data acquisition;
when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
And when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request.
Preferably, when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies, including:
acquiring a classification tag of data stored in a data storage node with authority of a data node in a first authority library as a first standard tag;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting first standard tags corresponding to the first similarity being larger than a preset first threshold;
according to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; the corresponding relation table of all data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
The classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity of the comparison tag and each second standard tag, and extracting second standard tags corresponding to which the second similarity is larger than a preset second threshold value;
querying the first classification label table again based on the second standard label, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding permission acquisition scheme as a coping strategy.
Preferably, when the first demand authority value is greater than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; comprising the following steps:
acquiring requirement information corresponding to a first requirement authority value smaller than or equal to a first authority value in a second authority library as first standard information;
the method comprises the steps that demand information input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity between the comparison information and each piece of first standard information, extracting first standard information with the third similarity larger than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
And/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from a right improvement scheme table based on the first requirement right value; the permission improvement scheme is taken as a coping strategy.
Preferably, the data security management system applied to big data further includes: the backup module is used for associating backup nodes for each data storage node, backing up the data in the data storage node to the backup node at regular time, and the backup module executes the following operations:
acquiring actual positions of all data storage nodes in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of data stored in a data storage node to be stored with the association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on a clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the associated data storage node to be stored is located are in one-to-one correspondence with each group of data after data grouping;
at least one data storage node is selected as a backup node within the corresponding partition for each set of data.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of a data security management method applied to big data in an embodiment of the present invention;
FIG. 2 is a flow chart of a data node generating a data acquisition request according to an embodiment of the present invention;
FIG. 3 is a flow chart of generating a data acquisition request by a data node according to yet another embodiment of the present invention;
fig. 4 is a schematic diagram of a data security management system applied to big data in an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
The embodiment of the invention provides a data security management method applied to big data, as shown in fig. 1, comprising the following steps:
step S1: receiving data acquisition request information of a data node;
step S2: analyzing the data acquisition request information to acquire a data acquisition request of a data node and first authority information of the data acquisition request;
step S3: performing security verification on the data acquisition request based on the first authority information;
step S4: when the verification is passed, the first authority information is analyzed, and a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests to the data storage nodes are determined;
step S5: and respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
The working principle and the beneficial effects of the technical scheme are as follows:
the large data network is constructed by a plurality of data nodes and data storage nodes, wherein the data nodes are positions for exchanging external data, and the data storage nodes are positions for storing data; the same node in the big data network can be used as a data node or a data storage node. When the node is used as a data node to perform data acquisition operation, keywords, identification or classification labels and the like of data to be acquired and the authority of the data acquisition operation are packaged to form data acquisition request information, and then the data acquisition request information is sent to a large data platform. The large data platform analyzes the data acquisition request information, determines first authority information and a data acquisition request contained in the data acquisition request information, verifies the data acquisition request based on the first authority information, and verifies whether the data acquisition request exceeds an authority allowable range of the first authority information; when the verification is exceeded, the verification is not passed; when the first authority information is within the allowable range, determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes; the method comprises the steps of determining a data storage node capable of opening a data acquisition request of the data node based on first authority information, wherein the first authority information is an authority code set of the data storage node of a large data platform to the data node, when the meaning of the authority code refers to openability, the data node can acquire data from the data storage node, and thus, the data storage node with the meaning of openability is extracted, namely, the data storage node of a target of the data acquisition request can be determined, the first authority information is an authority value of the data acquisition request, the large data platform is provided with an authority value corresponding table corresponding to the data node permitted by the authority value in advance, and the data storage node of the target of the data acquisition request is determined according to the authority value table. Respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner; at this time, transferring to a data storage node for processing, decrypting first, and then extracting target data according to the decrypted data; and finally, integrating and transmitting the target data extracted by each data storage node to the data nodes. Furthermore, the data transmission in each link of data acquisition is data subjected to encryption processing, so that the safety of the data in the data transmission link of the large data network is improved.
In one embodiment, as shown in fig. 2 and 3, the data node performs the following operations:
step S11: receiving demand information input by a user and used for data acquisition;
step S12: analyzing the demand information and determining a classification label of the target data;
step S13: querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with the corresponding classification labels;
step S14: when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
step S15: when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
step S16: encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request;
or alternatively, the first and second heat exchangers may be,
step S21: receiving demand information input by a user and used for data acquisition;
step S22: analyzing the demand information and determining a classification label of the target data;
step S23: inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
Step S24: acquiring a first weight value for the data acquisition;
step S25: when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
step S26: and when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request.
The working principle and the beneficial effects of the technical scheme are as follows:
the data node may output the data acquisition request information through two schemes.
Scheme one: when a user sends a data acquisition request, inputting demand information at a data node, wherein the demand information can be one or more of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the mark is the keyword, inquiring a preset classification label identification table according to the keyword or the mark to determine a classification label; storing keywords or identifications in the classification tag identification table in one-to-one correspondence with the classification tags; querying a first authority library stored locally at the data node, and determining a first data storage node set consisting of data storage nodes with storage data stored with corresponding classification labels; the first authority library stores a data storage node giving authority to the data node, a set of classification labels of data stored in the data storage node, authority information given to the data node by the data storage node and the like; when the first data storage node set is empty, namely, the data storage nodes with the authority of the data nodes in the first authority library do not store the data corresponding to the classification labels, at the moment, outputting a prompt for changing the input demand information and giving out a plurality of coping strategies; the coping strategies include: and modifying the requirement information or the upgrade permission and the like, and synchronously outputting the condition required by the upgrade permission when the coping strategy is the upgrade permission. When the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node; encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request; and the security of the data acquisition request information is ensured through encryption packaging. The scheme is applied to a big data network with authority discrete management; the authority management adopts an authority set, namely the authorities among all nodes are authorized in pairs, all nodes have own authority sets, a plurality of authorization codes are stored in the authority sets, and one authorization code represents the authority configuration of one other node to the node; how many other nodes authorize the node, and how many authorization codes are in the permission set.
Scheme II: when a user sends a data acquisition request, inputting demand information at a data node, wherein the demand information can be one or more of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the mark is the keyword, inquiring a preset classification label identification table according to the keyword or the mark to determine a classification label; storing keywords or identifications in the classification tag identification table in one-to-one correspondence with the classification tags; querying a local second authority library stored in the data node, and determining a first requirement authority value of the requirement information requirement; storing the first requirement authority value and the requirement information in a second authority library in one-to-one correspondence; acquiring a first weight value for the data acquisition; when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; the coping strategies include: modifying the requirement information or the upgrade permission and the like, and synchronously outputting the condition required by the upgrade permission when the coping strategy is the upgrade permission; when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request; and the security of the data acquisition request information is ensured through encryption packaging. The first authority value used by the data node for this data acquisition may be an authority value assigned to the data node itself. The scheme is applied to a large data network with centralized authority management, namely, authority among all nodes in the large data network is uniformly performed by authority values, namely, each node is configured with the authority value, and then the permission authority value of the data storage node is set according to the condition of the data storage node; when the authority value of the node is larger than the permission authority value of the data storage node, the data acquisition request sent by the node can acquire the data from the data storage node, otherwise, the data cannot be acquired.
In one embodiment, outputting a prompt to alter the incoming demand information and giving a plurality of coping strategies when the first set of data storage nodes is empty, comprising:
acquiring a classification tag of data stored in a data storage node with authority of a data node in a first authority library as a first standard tag;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting first standard tags corresponding to the first similarity being larger than a preset first threshold;
according to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; the corresponding relation table of all data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity of the comparison tag and each second standard tag, and extracting second standard tags corresponding to which the second similarity is larger than a preset second threshold value;
Querying the first classification label table again based on the second standard label, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, acquiring the permission acquisition scheme, and taking the permission acquisition scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the present embodiment are mainly divided into two types, one is a first coping scheme for providing a requirement information modification scheme for changing requirement information by a user; the other is to provide a corresponding rights acquisition scheme for using the requirement information input by the user; the user can properly adjust when the demand information of the data acquisition is not matched with the authority by coping with the strategy, so that the data acquisition is completed rapidly.
In one embodiment, when the first demand weight value is greater than the first weight value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; comprising the following steps:
acquiring requirement information corresponding to a first requirement authority value smaller than or equal to a first authority value in a second authority library as first standard information;
The method comprises the steps that demand information input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity between the comparison information and each piece of first standard information, extracting first standard information with the third similarity larger than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from a right improvement scheme table based on the first requirement right value; the permission improvement scheme is taken as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the present embodiment are mainly divided into two types, one is a third coping scheme for providing a requirement information modification scheme for changing requirement information by a user; the other is to provide a corresponding permission improvement scheme for using the requirement information input by the user; the user can improve the authority when the requirement information of the data acquisition is not matched with the authority by coping with the strategy, so that the data acquisition is completed rapidly.
In one embodiment, the data security management method applied to big data further includes: associating backup nodes for each data storage node, and backing up the data in the data storage node to the backup nodes at regular time, wherein the method specifically comprises the following steps:
Acquiring actual positions of all data storage nodes in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of data stored in a data storage node to be stored with the association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on a clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the associated data storage node to be stored is located are in one-to-one correspondence with each group of data after data grouping;
at least one data storage node is selected as a backup node within the corresponding partition for each set of data.
The working principle and the beneficial effects of the technical scheme are as follows:
the data in the data storage node is backed up through the associated backup node, and the safety of the backup data is ensured through grouping backup and multi-data node backup, so that the risk of data loss of the backup node is reduced; the data nodes with similar actual positions are partitioned according to the actual positions, and the probability of abnormality occurrence simultaneously occurs due to the actual reasons, so that a virtual map is constructed to select the partitions, and the occurrence of the abnormality is avoided.
In one embodiment, the data security management method applied to big data further includes:
the operating parameters of the data storage node are obtained,
substituting the operation parameters into a pre-established deep learning neural model, and predicting a first probability of abnormality of the data storage node;
when the first probability is larger than a preset probability value, backing up the data of the data storage node to the associated backup node;
or;
constructing an operation vector based on the operation parameters;
matching the operation vector with an abnormal vector of a pre-established abnormal library by calculating the matching degree of the operation vector and the abnormal vector, and determining a second probability of abnormality of the data storage node; the matching degree calculation formula is as follows:
wherein D is i Representing the matching degree between the running vector and the ith abnormal vector in the abnormal library; y is j A value representing the j-th data in the run vector; x is x ij A value representing the j-th data of the i-th anomaly vector in the anomaly library; the second probability is a probability value of an abnormal vector which corresponds to the highest matching degree and is larger than the preset first matching degree and stored in an abnormal library;
when the second probability is larger than a preset probability value, backing up the data of the data storage node to the associated backup node;
Wherein, the pre-establishing exception library performs the following operations:
acquiring historical operation parameter data of a data storage node:
constructing a historical operating vector based on the historical operating parameters in the historical operating parameter data;
calculating the matching degree between each historical operation vector, and classifying and grouping the historical operation parameter data based on a mode that the matching degree is larger than a preset second matching degree;
constructing an abnormality judgment data by a data packet, namely constructing an abnormality judgment data in an abnormality library according to all historical operation parameter data in the same packet; the anomaly judgment data is an anomaly vector and a probability value corresponding to the anomaly vector; the probability value is the ratio of the historical operation parameter data of the data storage node in the packet to the total historical operation parameter data in the packet; the value of each data in the anomaly vector is determined by:
wherein d k A value of the kth data which is an anomaly vector; d, d k-tarnish l The value of the kth parameter in the ith historical operating vector in the data packet; beta is a preset weight; m is the number of historical operation vectors in the data packet; e throughAnd (5) determining.
The working principle and the beneficial effects of the technical scheme are as follows:
predicting the probability of abnormality of the data storage node through the operation parameters of the data storage node, when the probability is larger than a preset value, indicating that the data storage node has higher risk, backing up the data to the backup node, and when the risk is relieved, recovering the data of the data storage node through the data of the backup node if the abnormality occurs; the security of the data stored in the data storage node can be effectively ensured.
The present invention also provides a data security management system applied to big data, as shown in fig. 4, including:
the request acquisition module 1 is used for receiving data acquisition request information of the data node;
the first analysis module 2 is used for analyzing the data acquisition request information and acquiring a data acquisition request of a data node and first authority information of the data acquisition request;
a first verification module 3, configured to perform security verification on the data acquisition request based on the first permission information;
a second parsing module 4, configured to parse the first authority information when the verification passes, and determine a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests for the data storage nodes;
and the packaging grouping module 5 is used for respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
The working principle and the beneficial effects of the technical scheme are as follows:
the large data network is constructed by a plurality of data nodes and data storage nodes, wherein the data nodes are positions for exchanging external data, and the data storage nodes are positions for storing data; the same node in the big data network can be used as a data node or a data storage node. When the node is used as a data node to perform data acquisition operation, keywords, identification or classification labels and the like of data to be acquired and the authority of the data acquisition operation are packaged to form data acquisition request information, and then the data acquisition request information is sent to a large data platform. The large data platform analyzes the data acquisition request information, determines first authority information and a data acquisition request contained in the data acquisition request information, verifies the data acquisition request based on the first authority information, and verifies whether the data acquisition request exceeds an authority allowable range of the first authority information; when the verification is exceeded, the verification is not passed; when the first authority information is within the allowable range, determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes; the method comprises the steps of determining a data storage node capable of opening a data acquisition request of the data node based on first authority information, wherein the first authority information is an authority code set of the data storage node of a large data platform to the data node, when the meaning of the authority code refers to openability, the data node can acquire data from the data storage node, and thus, the data storage node with the meaning of openability is extracted, namely, the data storage node of a target of the data acquisition request can be determined, the first authority information is an authority value of the data acquisition request, the large data platform is provided with an authority value corresponding table corresponding to the data node permitted by the authority value in advance, and the data storage node of the target of the data acquisition request is determined according to the authority value table. Respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner; at this time, transferring to a data storage node for processing, decrypting first, and then extracting target data according to the decrypted data; and finally, integrating and transmitting the target data extracted by each data storage node to the data nodes.
In one embodiment, the data node performs the following operations:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of the data storage nodes with storage data stored with the corresponding classification labels;
when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request;
or alternatively, the first and second heat exchangers may be,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first weight value for the data acquisition;
when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
And when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request.
The working principle and the beneficial effects of the technical scheme are as follows:
the data node may output the data acquisition request information through two schemes.
Scheme one: when a user sends a data acquisition request, inputting demand information at a data node, wherein the demand information can be one or more of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the mark is the keyword, inquiring a preset classification label identification table according to the keyword or the mark to determine a classification label; storing keywords or identifications in the classification tag identification table in one-to-one correspondence with the classification tags; querying a first authority library stored locally at the data node, and determining a first data storage node set consisting of data storage nodes with storage data stored with corresponding classification labels; the first authority library stores a data storage node giving authority to the data node, a set of classification labels of data stored in the data storage node, authority information given to the data node by the data storage node and the like; when the first data storage node set is empty, namely, the data storage nodes with the authority of the data nodes in the first authority library do not store the data corresponding to the classification labels, at the moment, outputting a prompt for changing the input demand information and giving out a plurality of coping strategies; the coping strategies include: and modifying the requirement information or the upgrade permission and the like, and synchronously outputting the condition required by the upgrade permission when the coping strategy is the upgrade permission. When the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node; encrypting and packaging the demand information, the first data storage node set and the second authority set to form a data acquisition request; and the security of the data acquisition request information is ensured through encryption packaging. The scheme is applied to a big data network with authority discrete management; the authority management adopts an authority set, namely the authorities among all nodes are authorized in pairs, all nodes have own authority sets, a plurality of authorization codes are stored in the authority sets, and one authorization code represents the authority configuration of one other node to the node; how many other nodes authorize the node, and how many authorization codes are in the permission set.
Scheme II: when a user sends a data acquisition request, inputting demand information at a data node, wherein the demand information can be one or more of keywords, identifiers and classification labels; the data node analyzes the demand information and determines a classification label of target data of the user; when the user inputs the classification label, the classification label can be directly obtained; when the keyword or the mark is the keyword, inquiring a preset classification label identification table according to the keyword or the mark to determine a classification label; storing keywords or identifications in the classification tag identification table in one-to-one correspondence with the classification tags; querying a local second authority library stored in the data node, and determining a first requirement authority value of the requirement information requirement; storing the first requirement authority value and the requirement information in a second authority library in one-to-one correspondence; acquiring a first weight value for the data acquisition; when the first demand authority value is larger than the first authority value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; the coping strategies include: modifying the requirement information or the upgrade permission and the like, and synchronously outputting the condition required by the upgrade permission when the coping strategy is the upgrade permission; when the first demand authority value is smaller than or equal to the first authority value, encrypting and packaging the demand information and the first authority value to form a data acquisition request; and the security of the data acquisition request information is ensured through encryption packaging. The first authority value used by the data node for this data acquisition may be an authority value assigned to the data node itself. The scheme is applied to a large data network with centralized authority management, namely, authority among all nodes in the large data network is uniformly performed by authority values, namely, each node is configured with the authority value, and then the permission authority value of the data storage node is set according to the condition of the data storage node; when the authority value of the node is larger than the permission authority value of the data storage node, the data acquisition request sent by the node can acquire the data from the data storage node, otherwise, the data cannot be acquired.
In one embodiment, outputting a prompt to alter the incoming demand information and giving a plurality of coping strategies when the first set of data storage nodes is empty, comprising:
acquiring a classification tag of data stored in a data storage node with authority of a data node in a first authority library as a first standard tag;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting first standard tags corresponding to the first similarity being larger than a preset first threshold;
according to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; the corresponding relation table of all data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity of the comparison tag and each second standard tag, and extracting second standard tags corresponding to which the second similarity is larger than a preset second threshold value;
Querying the first classification label table again based on the second standard label, and determining a data storage node corresponding to the second standard label;
acquiring a permission acquisition scheme table of a data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding permission acquisition scheme as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the present embodiment are mainly divided into two types, one is a first coping scheme for providing a requirement information modification scheme for changing requirement information by a user; the other is to provide a corresponding rights acquisition scheme for using the requirement information input by the user; the user can properly adjust when the demand information of the data acquisition is not matched with the authority by coping with the strategy, so that the data acquisition is completed rapidly.
In one embodiment, when the first demand weight value is greater than the first weight value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies; comprising the following steps:
acquiring requirement information corresponding to a first requirement authority value smaller than or equal to a first authority value in a second authority library as first standard information;
the method comprises the steps that demand information input by a user and used for data acquisition is used as comparison information;
Respectively calculating third similarity between the comparison information and each piece of first standard information, extracting first standard information with the third similarity larger than a preset third threshold value to produce a third coping scheme, and taking the third coping scheme as a coping strategy;
and/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from a right improvement scheme table based on the first requirement right value; the permission improvement scheme is taken as a coping strategy.
The working principle and the beneficial effects of the technical scheme are as follows:
the coping strategies in the present embodiment are mainly divided into two types, one is a third coping scheme for providing a requirement information modification scheme for changing requirement information by a user; the other is to provide a corresponding permission improvement scheme for using the requirement information input by the user; the user can improve the authority when the requirement information of the data acquisition is not matched with the authority by coping with the strategy, so that the data acquisition is completed rapidly.
In one embodiment, the data security management system applied to big data further includes: the backup module is used for associating backup nodes for each data storage node, backing up the data in the data storage node to the backup node at regular time, and the backup module executes the following operations:
Acquiring actual positions of all data storage nodes in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of data stored in a data storage node to be stored with the association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on a clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the associated data storage node to be stored is located are in one-to-one correspondence with each group of data after data grouping;
at least one data storage node is selected as a backup node within the corresponding partition for each set of data.
The working principle and the beneficial effects of the technical scheme are as follows:
the data in the data storage node is backed up through the associated backup node, and the safety of the backup data is ensured through grouping backup and multi-data node backup, so that the risk of data loss of the backup node is reduced; the data nodes with similar actual positions are partitioned according to the actual positions, and the probability of abnormality occurrence simultaneously occurs due to the actual reasons, so that a virtual map is constructed to select the partitions, and the occurrence of the abnormality is avoided.
In one embodiment, the data security management system applied to big data further includes: the emergency module is used for judging whether the data storage node is in a high-risk state or not, and backing up the data to the backup node when the data storage node is in the high-risk state;
the emergency module performs the following operations:
the operating parameters of the data storage node are obtained,
substituting the operation parameters into a pre-established deep learning neural model, and predicting a first probability of abnormality of the data storage node;
when the first probability is larger than a preset probability value, backing up the data of the data storage node to the associated backup node;
or;
constructing an operation vector based on the operation parameters;
matching the operation vector with an abnormal vector of a pre-established abnormal library by calculating the matching degree of the operation vector and the abnormal vector, and determining a second probability of abnormality of the data storage node; the matching degree calculation formula is as follows:
wherein D is i Representing the matching degree between the running vector and the ith abnormal vector in the abnormal library; y is j A value representing the j-th data in the run vector; x is x ij A value representing the j-th data of the i-th anomaly vector in the anomaly library; the second probability is a probability value of an abnormal vector which corresponds to the highest matching degree and is larger than the preset first matching degree and stored in an abnormal library;
When the second probability is larger than a preset probability value, backing up the data of the data storage node to the associated backup node;
wherein, the pre-establishing exception library performs the following operations:
acquiring historical operation parameter data of a data storage node:
constructing a historical operating vector based on the historical operating parameters in the historical operating parameter data;
calculating the matching degree between each historical operation vector, and classifying and grouping the historical operation parameter data based on a mode that the matching degree is larger than a preset second matching degree;
constructing an abnormality judgment data by a data packet, namely constructing an abnormality judgment data in an abnormality library according to all historical operation parameter data in the same packet; the anomaly judgment data is an anomaly vector and a probability value corresponding to the anomaly vector; the probability value is the ratio of the historical operation parameter data of the data storage node in the packet to the total historical operation parameter data in the packet; the value of each data in the anomaly vector is determined by:
wherein d k A value of the kth data which is an anomaly vector; d, d k-tarnish l The value of the kth parameter in the ith historical operating vector in the data packet; beta is a preset weight; m is the number of historical operation vectors in the data packet; e through And (5) determining.
The working principle and the beneficial effects of the technical scheme are as follows:
predicting the probability of abnormality of the data storage node through the operation parameters of the data storage node, when the probability is larger than a preset value, indicating that the data storage node has higher risk, backing up the data to the backup node, and when the risk is relieved, recovering the data of the data storage node through the data of the backup node if the abnormality occurs; the security of the data stored in the data storage node can be effectively ensured.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (10)

1. A data security management method applied to big data, characterized by comprising:
receiving data acquisition request information of a data node;
analyzing the data acquisition request information to acquire a data acquisition request of the data node and first authority information of the data acquisition request;
performing security verification on the data acquisition request based on the first authority information;
When the verification is passed, analyzing the first authority information, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
and respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and transmitting the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
2. The data security management method applied to big data according to claim 1, wherein the data node performs the operations of:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of data storage nodes with storage data corresponding to the classification labels;
when the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
Encrypting and packaging the demand information, the first data storage node set and the second authority set to form the data acquisition request;
or alternatively, the first and second heat exchangers may be,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first weight value for the data acquisition;
when the first demand weight value is larger than the first weight value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form the data acquisition request.
3. The data security management method applied to big data according to claim 2, wherein when the first data storage node set is empty, outputting a hint for changing the input demand information and giving a plurality of coping strategies, comprising:
acquiring a classification tag of data stored in a data storage node with authority of the data node in the first authority library as a first standard tag;
The classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting the first standard tags corresponding to the first similarity being larger than a preset first threshold;
according to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; a corresponding relation table of all the data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity being larger than a preset second threshold;
querying a first classification tag table again based on the second standard tag, and determining the data storage node corresponding to the second standard tag;
Acquiring a permission acquisition scheme table of the data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding permission acquisition scheme as the coping strategy.
4. The data security management method applied to big data according to claim 2, wherein when the first demand authority is greater than the first authority, a prompt for changing the input demand information is output and a plurality of coping strategies are given; comprising the following steps:
acquiring requirement information corresponding to the first requirement authority value smaller than or equal to the first authority value in the second authority library as first standard information;
the requirement information input by a user and used for data acquisition is used as comparison information;
respectively calculating third similarity between the comparison information and each piece of first standard information, extracting the first standard information with the third similarity larger than a preset third threshold value to produce a third corresponding scheme, and taking the third corresponding scheme as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from the right improvement scheme table based on the first requirement right value; and taking the permission improvement scheme as the coping strategy.
5. The data security management method applied to big data according to claim 1, further comprising: associating backup nodes for each data storage node, and backing up the data in the data storage node to the backup nodes at regular time, wherein the method specifically comprises the following steps:
acquiring the actual position of each data storage node in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of the data stored in the data storage node to be stored in association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on the clustering and grouping result;
partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the data storage node to be stored and associated are located are in one-to-one correspondence with each group of data after data grouping;
and selecting at least one data storage node in a corresponding partition for each group of data as the backup node.
6. A data security management system for big data, comprising:
the request acquisition module is used for receiving data acquisition request information of the data node;
The first analyzing module is used for analyzing the data acquisition request information and acquiring a data acquisition request of the data node and first authority information of the data acquisition request;
the first verification module is used for carrying out security verification on the data acquisition request based on the first authority information;
the second analyzing module is used for analyzing the first authority information when verification passes, and determining a plurality of data storage nodes serving as data acquisition targets and second authority information of the data acquisition requests on the data storage nodes;
and the packaging grouping module is used for respectively encrypting and packaging the data acquisition requests and the second authority information to obtain a plurality of data extraction requests, and sending the data extraction requests to the data storage nodes corresponding to the second authority information in a one-to-one correspondence manner.
7. The data security management system applied to big data according to claim 6, wherein the data node performs the operations of:
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
querying a first authority library of the data nodes based on the classification labels, and determining a first data storage node set consisting of data storage nodes with storage data corresponding to the classification labels;
When the first data storage node set is empty, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
when the first data storage node set is not empty, acquiring a second authority set of second authority information configured to the data node by the first data storage node;
encrypting and packaging the demand information, the first data storage node set and the second authority set to form the data acquisition request;
or alternatively, the first and second heat exchangers may be,
receiving demand information input by a user and used for data acquisition;
analyzing the demand information and determining a classification label of the target data;
inquiring a second authority library of the data node based on the classification label, and determining a first requirement authority value of the requirement information requirement;
acquiring a first weight value for the data acquisition;
when the first demand weight value is larger than the first weight value, outputting a prompt for changing the input demand information and giving a plurality of coping strategies;
and when the first requirement authority value is smaller than or equal to the first authority value, encrypting and packaging the requirement information and the first authority value to form the data acquisition request.
8. The data security management system applied to big data according to claim 7, wherein when the first data storage node set is empty, outputting a hint to alter the incoming demand information and giving a plurality of coping strategies, comprising:
acquiring a classification tag of data stored in a data storage node with authority of the data node in the first authority library as a first standard tag;
the classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating first similarity between the comparison tag and each first standard tag, and extracting the first standard tags corresponding to the first similarity being larger than a preset first threshold;
according to the extracted first standard label, a first corresponding scheme corresponding to the first standard label in a prefabricated first corresponding scheme table is called, and the first corresponding scheme is used as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a first classification tag table stored in advance; a corresponding relation table of all the data storage nodes in the big data network and the classification labels of the data stored in the data storage nodes in the first classification label table;
acquiring a classification label in the first classification label table as a second standard label;
The classification label obtained by analyzing the demand information is used as a comparison label;
respectively calculating second similarity between the comparison tag and each second standard tag, and extracting the second standard tags corresponding to the second similarity being larger than a preset second threshold;
querying a first classification tag table again based on the second standard tag, and determining the data storage node corresponding to the second standard tag;
acquiring a permission acquisition scheme table of the data storage node;
and inquiring the permission acquisition scheme table based on the data storage node corresponding to the second standard label, and taking the corresponding permission acquisition scheme as the coping strategy.
9. The data security management system applied to big data according to claim 7, wherein when the first demand authority is greater than the first authority, a prompt for changing the input demand information is output and a plurality of coping strategies are given; comprising the following steps:
acquiring requirement information corresponding to the first requirement authority value smaller than or equal to the first authority value in the second authority library as first standard information;
the requirement information input by a user and used for data acquisition is used as comparison information;
Respectively calculating third similarity between the comparison information and each piece of first standard information, extracting the first standard information with the third similarity larger than a preset third threshold value to produce a third corresponding scheme, and taking the third corresponding scheme as a corresponding strategy;
and/or the number of the groups of groups,
acquiring a preset authority improvement scheme table for improving the authority value;
acquiring a right improvement scheme from the right improvement scheme table based on the first requirement right value; and taking the permission improvement scheme as the coping strategy.
10. The data security management system applied to big data according to claim 6, further comprising: the backup module is used for associating backup nodes for each data storage node and backing up the data in the data storage node to the backup nodes at regular time, and the backup module executes the following operations:
acquiring the actual position of each data storage node in a big data network;
constructing a virtual map based on the actual location;
acquiring a classification label of the data stored in the data storage node to be stored in association;
clustering and grouping the classification labels, and grouping the data stored in the data storage nodes based on the clustering and grouping result;
Partitioning the virtual map, so that the number of data storage nodes in each partition is the same or the error does not exceed a preset error value, and the partitions except the partition where the data storage node to be stored and associated are located are in one-to-one correspondence with each group of data after data grouping;
and selecting at least one data storage node in a corresponding partition for each group of data as the backup node.
CN202011328639.4A 2020-11-24 2020-11-24 Data security management method and system applied to big data Active CN112328984B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011328639.4A CN112328984B (en) 2020-11-24 2020-11-24 Data security management method and system applied to big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011328639.4A CN112328984B (en) 2020-11-24 2020-11-24 Data security management method and system applied to big data

Publications (2)

Publication Number Publication Date
CN112328984A CN112328984A (en) 2021-02-05
CN112328984B true CN112328984B (en) 2024-02-09

Family

ID=74322285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011328639.4A Active CN112328984B (en) 2020-11-24 2020-11-24 Data security management method and system applied to big data

Country Status (1)

Country Link
CN (1) CN112328984B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113535664B (en) * 2021-09-14 2021-12-31 深圳兆瑞优品科技有限公司 Database data synchronization method based on data page preloading

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120091507A (en) * 2011-01-14 2012-08-20 동국대학교 경주캠퍼스 산학협력단 Data access privilege managing method and apparatus
CN106055967A (en) * 2016-05-24 2016-10-26 福建星海通信科技有限公司 SAAS platform user organization permission management method and system
CN107103252A (en) * 2017-04-27 2017-08-29 电子科技大学 Data access control method based on block chain
CN108346034A (en) * 2018-02-02 2018-07-31 深圳市鹰硕技术有限公司 A kind of meeting intelligent management and system
CN109255084A (en) * 2018-08-28 2019-01-22 腾讯科技(深圳)有限公司 Electronic bill querying method, device, storage medium and computer equipment
CN110266681A (en) * 2019-06-17 2019-09-20 西安纸贵互联网科技有限公司 Data safe processing system and data safety processing method based on block chain
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN110688666A (en) * 2019-10-08 2020-01-14 卓尔购信息科技(武汉)有限公司 Data encryption and storage method in distributed storage

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103294935B (en) * 2012-02-29 2016-03-09 北大方正集团有限公司 A kind of control method of digital content read right, Apparatus and system
CN106302476B (en) * 2016-08-19 2019-06-25 腾讯科技(深圳)有限公司 Network node encryption method and network node encryption device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120091507A (en) * 2011-01-14 2012-08-20 동국대학교 경주캠퍼스 산학협력단 Data access privilege managing method and apparatus
CN106055967A (en) * 2016-05-24 2016-10-26 福建星海通信科技有限公司 SAAS platform user organization permission management method and system
CN107103252A (en) * 2017-04-27 2017-08-29 电子科技大学 Data access control method based on block chain
CN108346034A (en) * 2018-02-02 2018-07-31 深圳市鹰硕技术有限公司 A kind of meeting intelligent management and system
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN109255084A (en) * 2018-08-28 2019-01-22 腾讯科技(深圳)有限公司 Electronic bill querying method, device, storage medium and computer equipment
CN110266681A (en) * 2019-06-17 2019-09-20 西安纸贵互联网科技有限公司 Data safe processing system and data safety processing method based on block chain
CN110688666A (en) * 2019-10-08 2020-01-14 卓尔购信息科技(武汉)有限公司 Data encryption and storage method in distributed storage

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Achieving Efficient and Secure Data Acquisition for Cloud-supported Internet of Things in Smart Grid;Zhitao Guan等;IEEE Internet of Things Journal;第4卷(第6期);第1934-1944页 *
基于区块链的医疗信息共享平台设计与实现;刘震;王文桥;;医疗卫生装备(08);第42-45页 *
面向可管理和可控制的P2P内容存取的DRM系统;李樱;刘守训;王永滨;杨成;隋爱娜;;东南大学学报(自然科学版)(第S1期);第65-69页 *

Also Published As

Publication number Publication date
CN112328984A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN112131317B (en) Data storage safety system based on block chain technology
Bertsimas et al. Moment problems and semidefinite optimization
CN112328984B (en) Data security management method and system applied to big data
CN114640523B (en) Computer data security encryption method and system
CN114880675B (en) Business vulnerability analysis method and server based on intelligent cloud computing
CN115080546B (en) Enterprise data diagnosis system based on big data
CN117478439B (en) Network and information security encryption system and method
CN111553689A (en) Matching correlation method and system based on quadratic hash
CN104021436A (en) Borrowing management system for data of production field
CN111553693A (en) Associated certificate storage method and system based on secondary hash
CN115346300B (en) Work ticket access method, device, medium and electronic equipment
CN114611127B (en) Database data security management system
CN114598480B (en) Method and system for processing machine data of network security operation platform
CN116432193A (en) Financial database data protection transformation method and financial data protection system thereof
CN112328663A (en) Data discovery method and system applied to big data
CN107968789A (en) A kind of internet of things data transmission method and security gateway equipment
CN114386077A (en) Electronic bidding document multilayer encryption and decryption system for electronic bidding
CN106204405A (en) A kind of high security school bus information processing system
CN111553705A (en) Distributed recording block chain method and system
CN117891614B (en) Big data analysis platform based on cloud service
Wang et al. Research on Deep Detection Technology of Abnormal Behavior of Power Industrial Control System
CN112687032B (en) Method and system for monitoring work task by using mechanical lock
CN117077210B (en) Financial data query method and system
CN115396374B (en) Routing system and method special for intelligent priority data forwarding
CN117148775B (en) Remote monitoring method, system, equipment and medium for pipeline production process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant