CN112398868A

CN112398868A - Communication data processing method and system based on block chain and cloud computing

Info

Publication number: CN112398868A
Application number: CN202011355018.5A
Authority: CN
Inventors: 郝鹏
Original assignee: Individual
Current assignee: Individual
Priority date: 2020-05-20
Filing date: 2020-05-20
Publication date: 2021-02-23
Also published as: CN111641614A; CN112511533A; CN111641614B

Abstract

The embodiment of the disclosure provides a communication data processing method and system based on a block chain and cloud computing, and in consideration of the fact that a certain edge computing communication limit range exists in the process of edge computing due to the consideration of various business safety, and a part of external interference requests need to be protected in a communication channel, a communication safety protection control for industrial edge computing communication authority behaviors of network communication equipment is generated by combining the communication channel to be protected and the current edge computing communication limit range, so that the edge computing communication behaviors between the network communication equipment and an edge computing platform are processed based on the communication safety protection control, various business safety risks possibly existing in the process of edge computing can be effectively analyzed, and the data safety is improved conveniently.

Description

Communication data processing method and system based on block chain and cloud computing

Technical Field

The disclosure relates to the technical field of edge computing and communication safety protection, in particular to a communication data processing method and system based on a block chain and cloud computing.

Background

The edge computing reduces the hosting of the application program centralized in the data center to the edge of the network, is closer to consumers and data sources, has the characteristics of ultra-low time delay, ultra-high bandwidth and the like, and is an item carrier platform combining information technology and communication technology services.

In the conventional scheme, the monitoring processing of the edge computing communication behavior between the network communication device and the edge computing platform cannot be performed, so that various service security risks may exist in the edge computing process.

Disclosure of Invention

In order to overcome at least the above-mentioned deficiencies in the prior art, the present disclosure aims to provide a method and a system for processing communication data based on blockchain and cloud computing, which allow for a certain edge computing communication limitation range in the edge computing process due to various business safety considerations, and a part of external interference requests need to be protected in a communication channel, so that a communication security protection control for the industrial edge computing communication authority behavior of the network communication equipment is generated by combining the communication channel to be protected and the current edge computing communication limit range, processing edge computing communication behavior between the network communication device and the edge computing platform based on the communication security protection control, various service safety risks possibly existing in the edge calculation process can be effectively analyzed, and therefore data safety is improved conveniently.

In a first aspect, the present disclosure provides a communication data processing method based on a blockchain and cloud computing, which is applied to an edge computing platform communicatively connected to a network communication device, and the method includes:

acquiring edge computing communication authority behaviors and edge computing communication service boundary information of the network communication equipment when registering edge computing service from a pre-configured block chain, generating a communication channel to be protected according to the edge computing communication service boundary information, and determining a current edge computing communication limit range according to the edge computing communication authority behaviors;

threat situation processing is carried out on unregistered communication access information contained in the communication channel to be protected, and threat situation information of a communication service object is obtained; the communication service object is a communication access object of a communication service node containing a preset characteristic vector identifier in the unregistered communication access information;

determining a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, and performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information contained in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter to generate a communication safety protection control aiming at industrial edge computing communication authority behaviors of the network communication equipment;

and processing the edge computing communication behavior between the network communication equipment and the edge computing platform based on the communication safety protection control.

In a possible implementation manner of the first aspect, the step of generating a communication channel to be protected according to the edge-computed communication service boundary information includes:

acquiring a plurality of target communication service boundaries corresponding to the network communication equipment, service types and service separation nodes of the plurality of target communication service boundaries corresponding to the network communication equipment from the edge calculation communication service boundary information;

determining a corresponding protection communication channel region according to the position information of the service separation node corresponding to the network communication equipment on the target communication service boundary;

and selecting a corresponding protection communication channel from a protection communication channel region as the communication channel to be protected according to the service type corresponding to the service separation node.

In a possible implementation manner of the first aspect, the step of determining a current edge computing communication restriction range according to the edge computing communication authority behavior includes:

performing at least one behavior prediction on the edge computing communication authority behaviors, extracting a first behavior prediction feature vector in behavior prediction information obtained by the behavior prediction, and obtaining at least one communication restriction node of an edge computing communication restriction object according to the extracted first behavior prediction feature vector;

performing behavior prediction at least once on unregistered communication access information contained in the communication channel to be protected, extracting a second behavior prediction characteristic vector in behavior prediction information obtained by the behavior prediction, and obtaining an associated communication restriction node of at least one edge calculation communication restriction object according to the extracted second behavior prediction characteristic vector;

obtaining source information of a target communication restriction node in the communication restriction node of each edge calculation communication restriction object in the at least one edge calculation communication restriction object, and determining source communication restriction information of the source information of each communication restriction node in the associated communication restriction node of the edge calculation communication restriction object and determining source communication restriction information of the source information of the target communication restriction node;

determining the association degree of the source communication restriction information of the source information of each communication restriction node and the source communication restriction information of the source information of the target communication restriction node, sequencing the association degrees corresponding to the source information of each communication restriction node, and selecting similar source information of the communication restriction node from the source information of each communication restriction node according to the sequencing result;

performing fusion processing on the source information of at least one similar communication restriction node to obtain the source information of a fusion communication restriction node, performing fusion processing on the communication restriction node of the edge calculation communication restriction object and the associated communication restriction node of the first edge calculation communication restriction object, and obtaining a restriction range matrix according to a fusion processing result; the limited range matrix comprises limited ranges corresponding to the communication limiting nodes;

determining limitation range information corresponding to a communication limitation node in the source information of the target communication limitation node from the limitation range matrix, performing vector calculation on the source communication limitation information corresponding to the source information of the converged communication limitation node and a limitation range feature vector corresponding to the limitation range information, and taking a result of the vector calculation as a communication limitation feature of a key communication limitation node of the source information of the target communication limitation node;

and determining to calculate a communication limitation range for the current edge according to the limitation range identified by the communication limitation characteristics of the key communication limitation node.

In a possible implementation manner of the first aspect, the step of performing threat situation processing on unregistered communication access information included in the communication channel to be protected to obtain threat situation information of a communication service object includes:

carrying out threat situation detection on unregistered communication access information contained in the communication channel to be protected to obtain the threat situation of each communication service node in the unregistered communication access information;

converting each communication service object in the unregistered communication access information into a communication service object set;

and determining threat situation information of each communication service object according to the threat situation of the communication service node included by each communication service object in the communication service object set.

In a possible implementation manner of the first aspect, the step of performing threat situation detection on unregistered communication access information included in the communication channel to be protected to obtain a threat situation of each communication service node in the unregistered communication access information includes:

acquiring characteristic information of each communication service node in the unregistered communication access information;

determining the threat situation of each communication service node in the unregistered communication access information according to the feature information of each communication service node in the unregistered communication access information and a threat situation detection model;

the configuration mode of the threat situation detection model comprises the following steps:

acquiring a threat situation data training sequence, wherein the threat situation data training sequence comprises the characteristic information of a plurality of communication service nodes and the threat situation corresponding to the characteristic information of each communication service node;

constructing a preset artificial intelligence neural network, and determining the preset artificial intelligence neural network as a current artificial intelligence neural network;

based on the current artificial intelligence neural network, performing prediction operation on the characteristic information of the communication service nodes in the threat situation data training sequence, and determining the predicted threat situation corresponding to the characteristic information of the communication service nodes;

determining a difference function value based on the predicted threat situation and the threat situation corresponding to the characteristic information of the communication service node;

when the difference function value is larger than a preset threshold value, performing back propagation on the basis of the difference function value, updating the current artificial intelligence neural network to obtain an updated artificial intelligence neural network, and re-determining the updated artificial intelligence neural network as the current artificial intelligence neural network;

repeating the steps: based on the current artificial intelligence neural network, performing prediction operation on the characteristic information of the communication service nodes in the threat situation data training sequence, and determining the predicted threat situation corresponding to the characteristic information of the communication service nodes;

and when the difference function value is smaller than or equal to the preset threshold value, determining the current artificial intelligence neural network as the threat situation detection model.

In a possible implementation manner of the first aspect, the step of determining a boundary protection parameter according to the current edge computing communication limitation range and threat situation information of the communication service object, performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information included in the communication channel to be protected based on the current edge computing communication limitation range and the boundary protection parameter, and generating a communication security protection control for an industrial edge computing communication authority behavior of the network communication device includes:

acquiring a multi-service type candidate threat situation corresponding to the current edge computing communication limit range from threat situation information of the communication service object, and extracting characteristic information of the multi-service type candidate threat situation to determine a corresponding boundary protection parameter, wherein the boundary protection parameter comprises a multi-service type boundary protection parameter component;

according to the multi-service type boundary protection parameter component, determining a target protection strategy which is suitable for a communication authority boundary corresponding to unregistered communication access information contained in the communication channel to be protected at present from multiple preset protection strategies;

and carrying out boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information contained in the communication channel to be protected according to the target protection strategy and the current edge computing communication limit range, and generating a communication safety protection control aiming at the industrial edge computing communication authority behavior of the network communication equipment.

In a possible implementation manner of the first aspect, the multiple protection policies include a multi-service protection policy and a single-service protection policy;

the step of determining a target protection policy currently suitable for a communication authority boundary corresponding to unregistered communication access information contained in the communication channel to be protected from a plurality of preset protection policies according to the multi-service type boundary protection parameter component includes:

determining a first deviation degree of the multi-service type protection strategy and a second deviation degree of the single-service type protection strategy according to the multi-service type boundary protection parameter component;

if the first deviation degree is larger than the second deviation degree, the multi-service type protection strategy is used as a target protection strategy suitable for the current user;

and if the first deviation degree is smaller than the second deviation degree, taking the single-service type protection strategy as a target protection strategy suitable for the current user.

In a possible implementation manner of the first aspect, the multi-service type boundary protection parameter component includes current edge calculation communication protection data and historical edge calculation communication protection data, where the current edge calculation communication protection data includes a current protection data area, a current protection service type, and a current protection level, and the historical edge calculation communication protection data includes a historical edge calculation communication protection object sequence configured for protection and a situation score of each historical edge calculation communication protection object in the historical edge calculation communication protection object sequence;

the step of determining a first deviation degree of the multi-service type protection strategy and a second deviation degree of the single-service type protection strategy according to the multi-service type boundary protection parameter component comprises:

determining a target data configuration area where the current protection data area is located according to a plurality of preset data configuration areas;

acquiring a first current region deviation degree of a multi-service type protection strategy and a second current region deviation degree of a single-service type protection strategy corresponding to the target data configuration region from a preset region deviation degree database;

determining a first current service deviation degree of the multi-service type protection strategy and a second current service deviation degree of the single-service type protection strategy according to the current protection service type;

determining a target protection grade range where the current protection grade is located according to a plurality of preset protection grade ranges;

acquiring a first current protection level deviation degree of a multi-service type protection strategy and a second current protection level deviation degree of a single-service type protection strategy corresponding to the target protection level range from a preset protection level deviation degree database;

determining a first current deviation degree of the multi-service type protection strategy according to the first current region deviation degree, the first current service deviation degree and the first current protection grade deviation degree;

determining a second current deviation degree of the single-service type protection strategy according to the second current region deviation degree, the second current service deviation degree and the second current protection grade deviation degree;

calculating a communication protection object sequence according to the historical edge, and counting a protection data type proportion of a first type communication protection object and a protection data type proportion of a second type communication protection object, wherein the first type communication protection object is a communication protection object matched with the multi-service type protection strategy, and the second type communication protection object is a communication protection object matched with the single-service type protection strategy;

calculating the situation score of each communication protection object according to the history edges in the communication protection object sequence, and calculating the overall situation score of the first type communication protection object and the overall situation score of the second type communication protection object;

calculating a first historical deviation degree of the multi-service type protection strategy according to the protection data type proportion and the overall situation score of the first type communication protection object;

calculating a second historical deviation degree of the single-service type protection strategy according to the protection data type proportion and the overall situation score of the second type communication protection object;

and determining a first deviation degree of the multi-service type protection strategy according to the first current deviation degree and the first historical deviation degree, and determining a second deviation degree of the single-service type protection strategy according to the second current deviation degree and the second historical deviation degree.

In a possible implementation manner of the first aspect, the processing, based on the communication security protection control, an edge computing communication behavior between the network communication device and the edge computing platform includes:

processing an edge computing communication behavior between the network communication device and the edge computing platform based on at least two communication security protection models in the communication security protection control for analyzing communication behavior data of the edge computing communication behavior.

In a possible implementation manner of the first aspect, the processing, based on at least two communication security protection models in the communication security protection control, an edge computing communication behavior between the network communication device and the edge computing platform for analyzing communication behavior data of the edge computing communication behavior includes:

based on the communication safety protection control, respectively detecting a preset number of edge calculation communication behaviors through at least two communication safety protection models in the communication safety protection control;

according to the detection result of each edge computing communication behavior of each communication safety protection model, determining a first feature extraction result of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior;

and determining the feature extraction result of each edge computing communication behavior as a second feature extraction result of a preset service protection level according to the respective first feature extraction result of each edge computing communication behavior, so as to analyze the communication behavior data of the edge computing communication behavior.

In a second aspect, the present disclosure provides a communication data processing apparatus based on a blockchain and cloud computing, applied to an edge computing platform communicatively connected to a network communication device, the apparatus including:

the acquisition module is used for acquiring edge computing communication authority behaviors and edge computing communication service boundary information of the network communication equipment when registering edge computing service from a pre-configured block chain, generating a communication channel to be protected according to the edge computing communication service boundary information, and determining a current edge computing communication limit range according to the edge computing communication authority behaviors;

the situation processing module is used for carrying out threat situation processing on unregistered communication access information contained in the communication channel to be protected to obtain threat situation information of a communication service object; the communication service object is a communication access object of a communication service node containing a preset characteristic vector identifier in the unregistered communication access information;

a generating module, configured to determine a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, perform boundary protection configuration on a communication permission boundary corresponding to unregistered communication access information included in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter, and generate a communication security protection control for an industrial edge computing communication permission behavior of the network communication device;

and the behavior processing module is used for processing the edge computing communication behavior between the network communication equipment and the edge computing platform based on the communication safety protection control.

In a third aspect, the present disclosure provides a communication data processing system based on a blockchain and cloud computing, including an edge computing platform and a network communication device communicatively connected to the edge computing platform;

the edge computing platform is used for acquiring edge computing communication authority behaviors and edge computing communication service boundary information of the network communication equipment when registering edge computing service from a pre-configured block chain, generating a communication channel to be protected according to the edge computing communication service boundary information, and determining a current edge computing communication limit range according to the edge computing communication authority behaviors;

the edge computing platform is used for carrying out threat situation processing on unregistered communication access information contained in the communication channel to be protected to obtain threat situation information of a communication service object; the communication service object is a communication access object of a communication service node containing a preset characteristic vector identifier in the unregistered communication access information;

the edge computing platform is used for determining a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information contained in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter, and generating a communication safety protection control aiming at industrial edge computing communication authority behaviors of the network communication equipment;

and the edge computing platform is used for processing the edge computing communication behavior between the network communication equipment and the edge computing platform based on the communication safety protection control.

In a fourth aspect, an embodiment of the present disclosure further provides an edge computing platform, where the edge computing platform includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is configured to be communicatively connected to at least one network communication device, the machine-readable storage medium is configured to store a program, an instruction, or code, and the processor is configured to execute the program, the instruction, or the code in the machine-readable storage medium to perform the communication data processing method based on blockchain and cloud computing in the first aspect or any one of possible designs of the first aspect.

In a fifth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, where instructions are stored, and when executed, cause a computer to perform the method for processing communication data based on blockchain and cloud computing in the first aspect or any one of the possible designs of the first aspect.

Based on any one of the above aspects, in the present disclosure, it is considered that a certain edge computing communication limitation range exists in an edge computing process due to consideration of various business safety, and protection needs to be performed on a communication channel for a part of external interference requests, so that a communication security protection control for an industrial edge computing communication authority behavior of the network communication device is generated in combination with the communication channel to be protected and the current edge computing communication limitation range, so that an edge computing communication behavior between the network communication device and the edge computing platform is processed based on the communication security protection control, and various business safety risks possibly existing in the edge computing process can be effectively analyzed, thereby facilitating improvement of data security.

Drawings

To more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings may be obtained from the drawings without inventive effort.

Fig. 1 is a schematic view of an application scenario of a communication data processing system based on a blockchain and cloud computing according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart of a communication data processing method based on a blockchain and cloud computing according to an embodiment of the present disclosure;

fig. 3 is a functional module schematic diagram of a communication data processing apparatus based on a blockchain and cloud computing according to an embodiment of the present disclosure;

fig. 4 is a block diagram illustrating a structure of an edge computing platform for implementing the above communication data processing method based on a blockchain and cloud computing according to an embodiment of the present disclosure.

Detailed Description

The present disclosure is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the device embodiments or the system embodiments.

Fig. 1 is an interaction diagram of a communication data processing system 10 based on a blockchain and cloud computing according to an embodiment of the present disclosure. The blockchain and cloud computing based communication data processing system 10 may include an edge computing platform 100 and a network communication device 200 communicatively coupled to the edge computing platform 100. The blockchain and cloud computing based communication data processing system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the blockchain and cloud computing based communication data processing system 10 may also include only a portion of the components shown in fig. 1 or may also include other components.

In this embodiment, the network communication device 200 is used to provide network communication services for a user terminal, and the user terminal may include a mobile device, a tablet computer, a laptop computer, and the like, or any combination thereof. In some embodiments, the mobile device may include a smart home device, a wearable device, a smart mobile device, a virtual reality device, an augmented reality device, or the like, or any combination thereof. In some embodiments, the smart home devices may include control devices of smart electrical devices, smart monitoring devices, smart televisions, smart cameras, and the like, or any combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart lace, smart glass, a smart helmet, a smart watch, a smart garment, a smart backpack, a smart accessory, or the like, or any combination thereof. In some embodiments, the smart mobile device may include a smartphone, a personal digital assistant, a gaming device, and the like, or any combination thereof. In some embodiments, the virtual reality device and/or the augmented reality device may include a virtual reality helmet, virtual reality glass, a virtual reality patch, an augmented reality helmet, augmented reality glass, an augmented reality patch, or the like, or any combination thereof. For example, the virtual reality device and/or augmented reality device may include various virtual reality products and the like.

In this embodiment, the edge computing platform 100 and the network communication device 200 in the communication data processing system 10 based on the blockchain and the cloud computing may cooperatively perform the communication data processing method based on the blockchain and the cloud computing described in the following method embodiment, and for a specific step part of the edge computing platform 100 and the network communication device 200, reference may be made to the detailed description of the following method embodiment.

In order to solve the technical problem in the foregoing background, fig. 2 is a schematic flowchart of a communication data processing method based on a blockchain and cloud computing according to an embodiment of the present disclosure, where the communication data processing method based on a blockchain and cloud computing according to the present embodiment may be executed by the edge computing platform 100 shown in fig. 1, and the communication data processing method based on a blockchain and cloud computing is described in detail below.

Step S110, obtaining, from a block chain configured in advance, an edge computing communication authority behavior and edge computing communication service boundary information of the network communication device 200 when registering edge computing service, generating a communication channel to be protected according to the edge computing communication service boundary information, and determining a current edge computing communication limitation range according to the edge computing communication authority behavior.

And step S120, carrying out threat situation processing on unregistered communication access information contained in the communication channel to be protected to obtain threat situation information of the communication service object.

Step S130, determining a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, and performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information included in the to-be-protected communication channel based on the current edge computing communication limit range and the boundary protection parameter, so as to generate a communication security protection control for the industrial edge computing communication authority behavior of the network communication device 200.

Step S140, processing an edge computing communication behavior between the network communication device 200 and the edge computing platform 100 based on the communication security protection control.

In this embodiment, the edge computing communication permission behavior may refer to permission behavior configured when network communication is performed in the edge computing process (for example, an XX data invoking permission behavior). The edge calculation communication service boundary information may refer to a communication service boundary when network communication is performed in an edge calculation process, and the communication service boundary may be used to separate different communication services.

In this embodiment, the communication service object may be a communication access object of a communication service node that includes a preset feature vector identifier in the unregistered communication access information. The preset feature vector identifier may be used to calibrate a communication service node where a set monitoring communication service exists.

Based on the above design, in the embodiment, it is considered that a certain edge computing communication limit range exists in the edge computing process due to consideration of various business safety, and protection needs to be performed on a communication channel for a part of external interference requests, so that a communication security protection control for an industrial edge computing communication authority behavior of the network communication device 200 is generated in combination with the communication channel to be protected and the current edge computing communication limit range, and thus, the edge computing communication behavior between the network communication device 200 and the edge computing platform 100 is processed based on the communication security protection control, and various business safety risks possibly existing in the edge computing process can be effectively analyzed, so that data safety is improved.

In a possible implementation manner, for step S110, in the process of generating the communication channel to be protected according to the edge calculation communication traffic boundary information, the following exemplary sub-steps may be implemented, and are described in detail below.

Substep S111 obtains a plurality of target communication service boundaries corresponding to the network communication device 200, and service types and service separation nodes of the plurality of target communication service boundaries corresponding to the network communication device 200 from the edge calculation communication service boundary information.

And a substep S112, determining a corresponding protection communication channel region according to the position information of the service separation node corresponding to the network communication device 200 at the target communication service boundary.

And a substep S113, selecting a corresponding protection communication channel from the protection communication channel region as a communication channel to be protected according to the service type corresponding to the service separation node.

In one possible implementation manner, regarding step S110, in the process of determining the current edge-computing communication limit range according to the edge-computing communication authority behavior, the following exemplary sub-steps may be implemented, and the following detailed description is provided.

And a substep S114, performing at least one behavior prediction on the edge computing communication authority behaviors, extracting a first behavior prediction feature vector in behavior prediction information obtained by the behavior prediction, and obtaining a communication restriction node of at least one edge computing communication restriction object according to the extracted first behavior prediction feature vector.

And a substep S115, performing at least one behavior prediction on unregistered communication access information contained in the communication channel to be protected, extracting a second behavior prediction characteristic vector from the behavior prediction information obtained by the behavior prediction, and obtaining at least one associated communication restriction node of the edge computing communication restriction object according to the extracted second behavior prediction characteristic vector.

In the substep S116, source information of a target communication restriction node in the communication restriction node of each edge calculation communication restriction object in the at least one edge calculation communication restriction object is obtained, and source communication restriction information of the source information of each communication restriction node in the associated communication restriction node of the edge calculation communication restriction object and source communication restriction information of the source information of the target communication restriction node are determined.

In the substep S117, the association degree between the source communication restriction information of the source information of each communication restriction node and the source communication restriction information of the source information of the destination communication restriction node is determined, the association degrees corresponding to the source information of each communication restriction node are sorted, and similar source information of the communication restriction node is selected from the source information of each communication restriction node according to the sorting result.

And a substep S118, performing fusion processing on the source information of at least one similar communication restriction node to obtain source information of a fusion communication restriction node, performing fusion processing on the communication restriction node of the edge calculation communication restriction object and the related communication restriction node of the first edge calculation communication restriction object, and obtaining a restriction range matrix according to a fusion processing result. The limitation range matrix comprises limitation ranges corresponding to the communication limitation nodes.

And a substep S119, determining the limited range information corresponding to the communication limiting node in the source information of the target communication limiting node from the limited range matrix, performing vector calculation on the source communication limiting information corresponding to the source information of the fusion communication limiting node and the limited range characteristic vector corresponding to the limited range information, and taking the result of the vector calculation as the communication limiting characteristic of the key communication limiting node of the source information of the target communication limiting node.

And a substep S1191 of determining a communication limit range for the current edge based on the limit range identified by the communication limit characteristics of the critical communication limit node.

In a possible implementation manner, for step S120, in the process of performing threat situation processing on unregistered communication access information included in the communication channel to be protected to obtain threat situation information of the communication service object, the process may be implemented by the following exemplary sub-steps, which are described in detail below.

And a substep S121, performing threat situation detection on the unregistered communication access information contained in the communication channel to be protected to obtain the threat situation of each communication service node in the unregistered communication access information.

And a substep S122, converting each communication service object in the unregistered communication access information into a set of communication service objects.

And a substep S123 of determining threat situation information of each communication service object according to the threat situation of the communication service node included in each communication service object in the communication service object set.

Exemplarily, in the sub-step S121, it can be implemented by the following exemplary embodiments:

and a substep S1211 of obtaining characteristic information of each communication service node in the unregistered communication access information.

And a substep S1212, determining the threat situation of each communication service node in the unregistered communication access information according to the feature information of each communication service node in the unregistered communication access information and the threat situation detection model.

The configuration mode of the threat situation detection model can be specifically realized through the following implementation modes:

(1) and acquiring a threat situation data training sequence, wherein the threat situation data training sequence comprises the characteristic information of a plurality of communication service nodes and the threat situation corresponding to the characteristic information of each communication service node.

(2) And constructing a preset artificial intelligence neural network, and determining the preset artificial intelligence neural network as the current artificial intelligence neural network.

(3) And based on the current artificial intelligence neural network, performing prediction operation on the characteristic information of the communication service node in the threat situation data training sequence, and determining the predicted threat situation corresponding to the characteristic information of the communication service node.

(4) And determining a difference function value based on the predicted threat situation and the threat situation corresponding to the characteristic information of the communication service node.

(5) And when the difference function value is larger than the preset threshold value, performing back propagation based on the difference function value, updating the current artificial intelligence neural network to obtain an updated artificial intelligence neural network, and re-determining the updated artificial intelligence neural network as the current artificial intelligence neural network.

(6) Repeating the steps: and based on the current artificial intelligence neural network, performing prediction operation on the characteristic information of the communication service node in the threat situation data training sequence, and determining the predicted threat situation corresponding to the characteristic information of the communication service node.

(7) And when the difference function value is smaller than or equal to a preset threshold value, determining the current artificial intelligence neural network as a threat situation detection model.

In one possible implementation, step S130 can be implemented by the following exemplary sub-steps, which are described in detail below.

And a substep S131, obtaining the multi-service type candidate threat situation corresponding to the current edge computing communication limit range from the threat situation information of the communication service object, and extracting the characteristic information of the multi-service type candidate threat situation to determine a corresponding boundary protection parameter, wherein the boundary protection parameter comprises a multi-service type boundary protection parameter component.

And a substep S132, determining a target protection strategy suitable for a communication authority boundary corresponding to unregistered communication access information contained in a communication channel to be protected currently from a plurality of preset protection strategies according to the multi-service type boundary protection parameter component.

And a substep S133, performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information included in the communication channel to be protected according to the target protection policy and the current edge computing communication limitation range, and generating a communication security protection control for the industrial edge computing communication authority behavior of the network communication device 200.

The multiple protection policies may include a multi-service protection policy and a single-service protection policy.

In sub-step S132, a first bias degree of the multi-service type protection policy and a second bias degree of the single-service type protection policy may be determined according to the multi-service type boundary protection parameter component. And if the first deviation degree is greater than the second deviation degree, taking the multi-service protection strategy as a target protection strategy suitable for the user at present. And if the first deviation degree is smaller than the second deviation degree, using the single-service type protection strategy as a target protection strategy suitable for the user currently.

In a possible implementation manner, the multi-service type boundary protection parameter component may specifically include current edge calculation communication protection data and historical edge calculation communication protection data, the current edge calculation communication protection data may specifically include a current protection data area, a current protection service type, and a current protection level, and the historical edge calculation communication protection data may specifically include a historical edge calculation communication protection object sequence configured for protection and a situation score of each historical edge calculation communication protection object in the historical edge calculation communication protection object sequence.

In determining a first bias degree of a multi-service type protection policy and a second bias degree of a single-service type protection policy according to a multi-service type boundary protection parameter component, the following exemplary embodiments may be implemented:

(1) and determining a target data configuration area where the current protection data area is located according to a plurality of preset data configuration areas.

(2) And acquiring a first current region deviation degree of the multi-service type protection strategy and a second current region deviation degree of the single-service type protection strategy corresponding to the target data configuration region from a preset region deviation degree database.

(3) And determining a first current business deviation degree of the multi-business protection strategy and a second current business deviation degree of the single-business protection strategy according to the current protection business type.

(4) And determining a target protection grade range where the current protection grade is located according to a plurality of preset protection grade ranges.

(5) And acquiring a first current protection grade deviation degree of the multi-service type protection strategy and a second current protection grade deviation degree of the single-service type protection strategy corresponding to the target protection grade range from a preset protection grade deviation degree database.

(6) And determining the first current deviation degree of the multi-service type protection strategy according to the first current region deviation degree, the first current service deviation degree and the first current protection grade deviation degree.

(7) And determining a second current deviation degree of the single-service type protection strategy according to the second current region deviation degree, the second current service deviation degree and the second current protection grade deviation degree.

(8) And calculating a communication protection object sequence according to the historical edge, and counting the protection data type proportion of a first type communication protection object and the protection data type proportion of a second type communication protection object, wherein the first type communication protection object is a communication protection object matched with a multi-service type protection strategy, and the second type communication protection object is a communication protection object matched with a single-service type protection strategy.

(9) And calculating the situation score of each historical edge in the communication protection object sequence according to the historical edges, and calculating the overall situation score of the first type of communication protection object and the overall situation score of the second type of communication protection object.

(10) And calculating a first historical deviation degree of the multi-service type protection strategy according to the protection data type proportion and the overall situation score of the first type communication protection object.

(11) And calculating a second historical deviation degree of the single-service type protection strategy according to the protection data type proportion and the overall situation score of the second type communication protection object.

(12) And determining a first deviation degree of the multi-service type protection strategy according to the first current deviation degree and the first historical deviation degree, and determining a second deviation degree of the single-service type protection strategy according to the second current deviation degree and the second historical deviation degree.

In one possible implementation, for step S140, the edge computing communication behavior between the network communication device 200 and the edge computing platform 100 may be processed based on at least two communication security protection models in the communication security protection control, so as to analyze the communication behavior data of the edge computing communication behavior.

For example, step S140 may include the following sub-steps:

in the substep S141, based on the communication security protection control, the preset number of edge calculation communication behaviors may be detected by at least two communication security protection models in the communication security protection control, respectively.

And a substep S142, determining a first feature extraction result of each edge computing communication behavior under each communication safety protection model through a preset feature extraction strategy of the communication behavior according to the detection result of each communication safety protection model for each edge computing communication behavior.

And a substep S143, determining the feature extraction result of each edge computing communication behavior as a second feature extraction result of a preset service protection level according to each first feature extraction result of each edge computing communication behavior, so as to analyze the communication behavior data of the edge computing communication behavior.

Based on the substeps, edge calculation communication behaviors are detected one by one through at least two communication security protection models, and then the result of detection one by one is analyzed by matching with a feature extraction strategy of a preset communication behavior, so that a first feature extraction result of each edge calculation communication behavior under each communication security protection model is finally obtained, thereby effectively avoiding the situation that the edge calculation communication behavior feature extraction is ambiguous due to a single communication security protection model, and greatly improving the reliability of the edge calculation communication behavior feature extraction; by creatively introducing the concept of the service protection grade, according to the first feature extraction result of each edge computing communication behavior under each communication safety protection model, re-determining the final feature extraction result of each edge computing communication behavior as the second feature extraction result of the preset service protection grade, the reliability of the edge computing communication behavior feature extraction result is reevaluated by adopting a mechanism similar to recommendation of various communication safety protection models, so that the edge computing communication behavior feature extraction result with high reliability and the edge computing communication behavior feature extraction result with two half-module edges can be effectively distinguished, and moreover, the method can provide sample edge calculation communication behavior data of various service protection grades, is beneficial to subsequently calculating the communication behavior data based on the sample edges of different service protection grades, and carries out personalized analysis on the actual edge calculation communication behavior data of different requirements.

In a possible implementation manner, determining the first feature extraction result of each edge computing communication behavior under each communication security protection model may include any one of the following:

and determining the first feature extraction result as a non-attack behavior feature vector.

And determining the first feature extraction result as an attack behavior feature vector.

And determining the first feature extraction result as a fusion attack behavior feature vector.

The non-attack behavior feature vector is an edge computing communication behavior which comprises at least one continuous feature vector segment and the at least one continuous feature vector segment meets a preset condition.

The attack behavior feature vector computes the communication behavior for edges that do not include consecutive feature vector segments.

The fusion attack behavior feature vector is an edge computing communication behavior which comprises at least one continuous feature vector segment and does not meet a preset condition.

The continuous feature vector is segmented into edge computing communication behavior segments comprising a plurality of continuous target edge computing communication behavior nodes, and the target edge computing communication behavior nodes are edge computing communication behavior nodes corresponding to communication safety protection targets indicated by the communication safety protection control.

In a possible implementation manner, determining the feature extraction result of each edge computing communication behavior as the second feature extraction result of the predetermined service protection level according to the respective first feature extraction result of each edge computing communication behavior includes any one of the following:

and when the first feature extraction results of one edge computing communication behavior are the same, determining the feature extraction result of one edge computing communication behavior as the second feature extraction result of the first service protection level or the second service protection level or the third service protection level according to the first feature extraction results of one edge computing communication behavior.

And when the first feature extraction results of one edge computing communication behavior are different, determining the feature extraction result of one edge computing communication behavior as a second feature extraction result of a second service protection level according to the first feature extraction results of one edge computing communication behavior.

And when the first feature extraction results of one edge computing communication behavior are different, determining the protection screening degree of each communication safety protection model, and determining the feature extraction result of one edge computing communication behavior as the second feature extraction result of a third service protection level or a fourth service protection level according to each first feature extraction result of one edge computing communication behavior based on the protection screening degree of each communication safety protection model.

The first service protection level is higher than the second service protection level, the second service protection level is higher than the third service protection level, and the third service protection level is higher than the fourth service protection level.

In one possible implementation, the second feature extraction result includes a non-aggressive behavior feature vector or an aggressive behavior feature vector.

When the first feature extraction results of one edge computing communication behavior are the same, determining the feature extraction result of one edge computing communication behavior as the second feature extraction result of the first service protection level, the second service protection level or the third service protection level according to the first feature extraction results of one edge computing communication behavior, wherein the second feature extraction results comprise any one of the following:

and if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is the same, determining the characteristic extraction result of the edge computing communication behavior as the non-attack behavior characteristic vector of the first service protection level.

And if the number of the continuous characteristic vector segments detected by each communication safety protection model aiming at one edge computing communication behavior is different, determining the characteristic extraction result of the edge computing communication behavior as the non-attack behavior characteristic vector of the second service protection level.

And when all the first feature extraction results of one edge computing communication behavior are attack behavior feature vectors, determining that the feature extraction result of the edge computing communication behavior is the attack behavior feature vector of the first service protection level.

And when all the first feature extraction results of one edge computing communication behavior are the fusion attack behavior feature vectors, determining that the feature extraction result of the edge computing communication behavior is the attack behavior feature vector of the third service protection level.

When the number of the communication security protection models is two and two first feature extraction results of one edge computing communication behavior are different, determining the feature extraction result of one edge computing communication behavior as a second feature extraction result of a third service protection level according to each first feature extraction result of one edge computing communication behavior based on the protection screening degree of each communication security protection model, wherein the second feature extraction result comprises any one of the following:

and when the first feature extraction result of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction result of the second communication security protection model aiming at the edge calculation communication behavior is a fusion attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, determining the feature extraction result of the edge calculation communication behavior as the non-attack behavior feature vector of a third service protection level.

And when the first feature extraction result of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction result of the second communication security protection model aiming at the edge calculation communication behavior is a fusion attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, determining the feature extraction result of the edge calculation communication behavior as an attack behavior feature vector of a third service protection level.

When the number of the communication security protection models is two and the two first feature extraction results of one edge computing communication behavior are different, determining the feature extraction result of one edge computing communication behavior as the second feature extraction result of the fourth service protection level according to each first feature extraction result of one edge computing communication behavior based on the protection screening degree of each communication security protection model, wherein the second feature extraction result comprises any one of the following:

and when the first feature extraction result of the first communication security protection model aiming at one edge calculation communication behavior is a non-attack behavior feature vector, the first feature extraction result of the second communication security protection model aiming at the edge calculation communication behavior is an attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, determining the feature extraction result of the edge calculation communication behavior as the non-attack behavior feature vector of a fourth service protection level.

And when the first feature extraction result of the first communication security protection model for computing the communication behavior aiming at one edge is a non-attack behavior feature vector, the first feature extraction result of the second communication security protection model for computing the communication behavior aiming at the one edge is an attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, determining the feature extraction result of the one edge computing communication behavior as the attack behavior feature vector of a fourth service protection level.

And when the first feature extraction result of the first communication security protection model aiming at one edge calculation communication behavior is an attack behavior feature vector, the first feature extraction result of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, determining the feature extraction result of the edge calculation communication behavior as the attack behavior feature vector of a fourth service protection level.

And when the first feature extraction result of the first communication security protection model for computing the communication behavior aiming at one edge is an attack behavior feature vector, the first feature extraction result of the second communication security protection model for computing the communication behavior aiming at the one edge is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, determining the feature extraction result of the one edge computing communication behavior as the non-attack behavior feature vector of a fourth service protection level.

and when the first feature extraction result of the first communication security protection model aiming at one edge calculation communication behavior is a fusion attack behavior feature vector, the first feature extraction result of the second communication security protection model aiming at the edge calculation communication behavior is a non-attack behavior feature vector, and the protection screening degree of the first communication security protection model is higher than that of the second communication security protection model, determining the feature extraction result of the edge calculation communication behavior as an attack behavior feature vector of a third service protection level.

The first communication security protection model calculates a first feature extraction result of a communication behavior aiming at one edge to be a fusion attack behavior feature vector, the second communication security protection model calculates the first feature extraction result of the communication behavior aiming at the edge to be a non-attack behavior feature vector, the protection screening degree of the first communication security protection model is lower than that of the second communication security protection model, and the feature extraction result of the edge calculation communication behavior is determined to be the non-attack behavior feature vector of a third service protection level.

In one possible implementation, the second feature extraction result includes an attack behavior feature vector.

When the number of the communication security protection models is two and two first feature extraction results of one edge computing communication behavior are different, determining the feature extraction result of one edge computing communication behavior as a second feature extraction result of a second service protection level according to each first feature extraction result of one edge computing communication behavior, wherein the second feature extraction result comprises any one of the following:

and when the first feature extraction result of the first communication security protection model for computing the communication behavior aiming at one edge is an attack behavior feature vector, the first feature extraction result of the second communication security protection model for computing the communication behavior aiming at the edge is a fusion attack behavior feature vector, and the feature extraction result of the edge computing communication behavior is determined as the attack behavior feature vector of the second service protection level.

And when the first feature extraction result of the first communication security protection model for computing the communication behavior aiming at one edge is a fusion attack behavior feature vector, the first feature extraction result of the second communication security protection model for computing the communication behavior aiming at the edge is an attack behavior feature vector, and the feature extraction result of the edge computing communication behavior is determined as the attack behavior feature vector of the second service protection level.

Fig. 3 is a schematic functional module diagram of a communication data processing apparatus 300 based on a block chain and cloud computing according to an embodiment of the present disclosure, and this embodiment may divide the functional modules of the communication data processing apparatus 300 based on the block chain and cloud computing according to a method embodiment executed by the edge computing platform 100, that is, the following functional modules corresponding to the communication data processing apparatus 300 based on the block chain and cloud computing may be used to execute each method embodiment executed by the edge computing platform 100. The communication data processing apparatus 300 based on the blockchain and cloud computing may include an obtaining module 310, a situation processing module 320, a generating module 330, and a behavior processing module 340, and the functions of the functional modules of the communication data processing apparatus 300 based on the blockchain and cloud computing are described in detail below.

An obtaining module 310, configured to obtain, from a preconfigured block chain, an edge computing communication permission behavior and edge computing communication service boundary information of the network communication device 200 when registering edge computing service, generate a to-be-protected communication channel according to the edge computing communication service boundary information, and determine a current edge computing communication limitation range according to the edge computing communication permission behavior. The obtaining module 310 may be configured to perform the step S110, and the detailed implementation of the obtaining module 310 may refer to the detailed description of the step S110.

The situation processing module 320 is configured to perform threat situation processing on unregistered communication access information included in the communication channel to be protected to obtain threat situation information of a communication service object; and the communication service object is a communication access object of a communication service node containing a preset characteristic vector identifier in the unregistered communication access information. The situation processing module 320 may be configured to execute the step S120, and the detailed implementation manner of the situation processing module 320 may refer to the detailed description of the step S120.

A generating module 330, configured to determine a boundary protection parameter according to the current edge computing communication limit range and the threat situation information of the communication service object, perform boundary protection configuration on a communication permission boundary corresponding to unregistered communication access information included in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter, and generate a communication security protection control for an industrial edge computing communication permission behavior of the network communication device 200. The generating module 330 may be configured to execute the step S130, and the detailed implementation of the generating module 330 may refer to the detailed description of the step S130.

A behavior processing module 340, configured to process an edge computing communication behavior between the network communication device 200 and the edge computing platform 100 based on the communication security protection control. The behavior processing module 340 may be configured to execute the step S140, and as for a detailed implementation of the behavior processing module 340, reference may be made to the detailed description of the step S140.

It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the obtaining module 310 may be a processing element separately set up, or may be implemented by being integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the processing element of the apparatus calls and executes the functions of the obtaining module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).

Fig. 4 shows a hardware structure diagram of the edge computing platform 100 for implementing the control device according to the embodiment of the present disclosure, and as shown in fig. 4, the edge computing platform 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, the at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the obtaining module 310, the situation processing module 320, the generating module 330, and the behavior processing module 340 included in the communication data processing apparatus 300 based on blockchain and cloud computing shown in fig. 3), so that the processor 110 may execute the communication data processing method based on blockchain and cloud computing according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control a transceiving action of the transceiver 140, so as to transceive data with the aforementioned network communication device 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned various method embodiments executed by the edge computing platform 100, which implement principles and technical effects are similar, and details of this embodiment are not described herein again.

In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The machine-readable storage medium 120 may comprise high-speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.

The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

In addition, the embodiment of the disclosure also provides a readable storage medium, in which computer execution instructions are stored, and when a processor executes the computer execution instructions, the communication data processing method based on the block chain and the cloud computing is implemented.

The readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.

Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present disclosure, and not for limiting the same; while the present disclosure has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims

1. A communication data processing method based on a block chain and cloud computing is applied to an edge computing platform which is in communication connection with a network communication device, and the method comprises the following steps:

processing an edge computing communication behavior between the network communication device and the edge computing platform based on the communication security protection control;

the edge computing communication authority behavior refers to authority behavior configured when network communication is carried out in the edge computing process, the edge computing communication service boundary information refers to a communication service boundary when network communication is carried out in the edge computing process, and the communication service boundary is used for separating different communication services;

the preset feature vector identification is used for calibrating a communication service node with a set monitoring communication service;

the step of processing the edge computing communication behavior between the network communication device and the edge computing platform based on the communication security protection control includes:

processing an edge computing communication behavior between the network communication device and the edge computing platform based on at least two communication security protection models in the communication security protection control for analyzing communication behavior data of the edge computing communication behavior;

the step of processing the edge computing communication behavior between the network communication device and the edge computing platform based on at least two communication security protection models in the communication security protection control for analyzing the communication behavior data of the edge computing communication behavior includes:

and determining the feature extraction result of each edge computing communication behavior as a second feature extraction result of a preset service protection level according to the first feature extraction result of each edge computing communication behavior, so as to analyze the communication behavior data of the edge computing communication behavior.

2. The communication data processing method based on the block chain and the cloud computing according to claim 1, wherein the step of generating a communication channel to be protected according to the edge computing communication service boundary information includes:

3. The communication data processing method based on the blockchain and cloud computing according to claim 1, wherein the step of determining the current edge computing communication limitation range according to the edge computing communication authority behavior comprises:

4. The communication data processing method based on the blockchain and the cloud computing according to claim 1, wherein the step of performing threat situation processing on the unregistered communication access information included in the communication channel to be protected to obtain threat situation information of the communication service object includes:

5. The communication data processing method based on the blockchain and the cloud computing according to claim 4, wherein the step of detecting the threat situation of the unregistered communication access information included in the communication channel to be protected to obtain the threat situation of each communication service node in the unregistered communication access information includes:

6. The communication data processing method based on the blockchain and the cloud computing according to claim 1, wherein the step of determining a boundary protection parameter according to the current edge computing communication limit range and threat situation information of the communication service object, performing boundary protection configuration on a communication authority boundary corresponding to unregistered communication access information included in the communication channel to be protected based on the current edge computing communication limit range and the boundary protection parameter, and generating a communication security protection control for an industrial edge computing communication authority behavior of the network communication device includes:

7. The communication data processing method based on blockchain and cloud computing according to claim 6, wherein the plurality of protection policies include a multi-service protection policy and a single-service protection policy;

8. The method according to claim 6, wherein the multi-service type boundary protection parameter component includes current edge calculation communication protection data and historical edge calculation communication protection data, the current edge calculation communication protection data includes a current protection data region, a current protection service type and a current protection level, the historical edge calculation communication protection data includes a historical edge calculation communication protection object sequence of protected configuration and a situation score of each historical edge calculation communication protection object in the historical edge calculation communication protection object sequence;

9. The communication data processing system based on the blockchain and the cloud computing is characterized by comprising an edge computing platform and a network communication device which is in communication connection with the edge computing platform;

the edge computing platform is used for processing edge computing communication behaviors between the network communication equipment and the edge computing platform based on the communication safety protection control;

the method for processing the edge computing communication behavior between the network communication device and the edge computing platform based on the communication security protection control comprises:

the method for processing the edge computing communication behavior between the network communication device and the edge computing platform based on at least two communication security protection models in the communication security protection control so as to analyze the communication behavior data of the edge computing communication behavior includes:

10. An edge computing platform, comprising a processor, a machine-readable storage medium, and a network interface, wherein the machine-readable storage medium, the network interface, and the processor are connected by a bus system, the network interface is configured to be communicatively connected to at least one network communication device, the machine-readable storage medium is configured to store a program, an instruction, or code, and the processor is configured to execute the program, the instruction, or code in the machine-readable storage medium to perform the method for processing communication data based on blockchain and cloud computing according to any one of claims 1 to 9.