CN112528306A - Data access method based on big data and artificial intelligence and cloud computing server - Google Patents

Data access method based on big data and artificial intelligence and cloud computing server Download PDF

Info

Publication number
CN112528306A
CN112528306A CN202011498372.3A CN202011498372A CN112528306A CN 112528306 A CN112528306 A CN 112528306A CN 202011498372 A CN202011498372 A CN 202011498372A CN 112528306 A CN112528306 A CN 112528306A
Authority
CN
China
Prior art keywords
data
access
data access
network environment
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011498372.3A
Other languages
Chinese (zh)
Inventor
彭楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011498372.3A priority Critical patent/CN112528306A/en
Publication of CN112528306A publication Critical patent/CN112528306A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

According to the data access method based on big data and artificial intelligence and the cloud computing server, a network environment parameter set of a data access network environment of a data access request end can be analyzed, so that a dynamically changed data access network environment is considered, then data access authority characteristics and data access non-authority characteristics are considered, further, analysis of the data access request end is achieved from the access authority angle, then a matched data access path is determined, data access security verification of the data access request can be achieved based on the data access path, verification is not simply and mechanically achieved through secret key verification or signature authentication, and a corresponding data access interface provided with a security protection mechanism is opened based on a security verification result. Therefore, the reliability and high timeliness of the security check result can be guaranteed, and the data security of the cloud computing server when the corresponding data access interface is opened for the data access request end to access data is guaranteed.

Description

Data access method based on big data and artificial intelligence and cloud computing server
Technical Field
The application relates to the technical field of big data and artificial intelligence, in particular to a data access method based on big data and artificial intelligence and a cloud computing server.
Background
With the rapid development of communication technology, the big data era turns to something else. At present, depending on big data technology, business handling and interaction of many industries can be carried out on line, so that the business handling efficiency is improved, and a business handling party and a business processing party are facilitated.
The main implementation of online business transaction is through data interaction. And thus may involve data access and data calls between multiple ends. However, there may be some insecurity factors in the communication network environment, and therefore, how to ensure the security of data access and data call between multiple ends is a technical problem to be solved at present.
Disclosure of Invention
The first aspect of the application discloses a data access method based on big data and artificial intelligence, which is applied to a cloud computing server in communication connection with a data access request terminal, and the method comprises the following steps: acquiring a network environment parameter set matched with a data access network environment of the data access request terminal, wherein the network environment parameters comprise access security evaluation information in different data network states; analyzing a network state updating track in the data access request terminal based on a network environment parameter set matched with a data access network environment of the data access request terminal, and determining a state track characteristic of the network state updating track in the data access request terminal; splitting the data access authority characteristics and the data access non-authority characteristics of the network environment parameters through a network state updating track in the data access request terminal; keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic integration on the data access authority characteristics in the network environment parameters to form a new network environment parameter set; analyzing the data access request end through the new network environment parameter set, and determining a data access path matched with the data access request end so as to realize data access security check on different data access requests through the data access request end and determine a corresponding security check result; and starting a corresponding data access interface based on the security check result.
A second aspect of the present application discloses a cloud computing server, comprising a processing engine, a network module, and a memory; the processing engine and the memory communicate via the network module, and the processing engine reads the computer program from the memory and runs it to perform the method of the first aspect.
A third aspect of the present application discloses a computer-readable signal medium having stored thereon a computer program which, when executed, implements the method of the first aspect.
Compared with the prior art, the data access method based on big data and artificial intelligence and the cloud computing server provided by the embodiment of the invention have the following technical effects: the method can analyze the network environment parameter set of the data access network environment of the data access request end, thereby considering the dynamically changed data access network environment, then considering the data access authority characteristics and the data access non-authority characteristics, further realizing the analysis of the data access request end from the access authority angle, and then determining the adaptive data access path, thus realizing the data access security check of the data access request based on the data access path, rather than simply and mechanically carrying out the check through key verification or signature authentication, and opening the corresponding data access interface provided with a security protection mechanism based on the security check result. Therefore, the reliability and high timeliness of the security check result can be guaranteed, and the data security of the cloud computing server when the corresponding data access interface is opened for the data access request end to access data is guaranteed.
In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
The methods, systems, and/or processes of the figures are further described in accordance with the exemplary embodiments. These exemplary embodiments will be described in detail with reference to the drawings. These exemplary embodiments are non-limiting exemplary embodiments in which reference numerals represent similar mechanisms throughout the various views of the drawings.
FIG. 1 is a block diagram of an exemplary big data and artificial intelligence based data access system, shown in accordance with some embodiments of the present invention.
Fig. 2 is a schematic diagram of the hardware and software components in an exemplary cloud computing server, according to some embodiments of the invention.
FIG. 3 is a flow diagram illustrating an exemplary big data and artificial intelligence based data access method and/or process according to some embodiments of the invention.
FIG. 4 is a block diagram of an exemplary big data and artificial intelligence based data access device, according to some embodiments of the invention.
Detailed Description
The inventor researches and analyzes common data access and data call security verification technologies, and finds that the common data security verification technologies are mostly realized through a key verification or signature authentication mode, but the inventor finds that the verification modes are easy to crack or counterfeit, so that the reliability of the data security verification technologies is greatly reduced, in addition, as the number of online terminals is increased day by day, the state change of a data network environment is more frequent, the common data security verification technologies do not consider a dynamically changed data network environment, and thus the security of data access and data call between multiple ends is difficult to ensure.
In view of the above, the inventor innovatively provides a data access method and a cloud computing server based on big data and artificial intelligence, which can analyze a network environment parameter set of a data access network environment of a data access request terminal, thereby considering a dynamically changing data access network environment, then considering data access permission characteristics and data access non-permission characteristics, further realizing analysis of the data access request terminal from an access permission perspective, and then determining an adapted data access path, thereby being capable of realizing data access security verification of the data access request based on the data access path, rather than simply and mechanically performing verification through key verification or signature authentication. Therefore, the reliability and high timeliness of the security check result can be guaranteed, and the data security of the cloud computing server when the corresponding data access interface is opened for the data access request end to access data is guaranteed.
In order to better understand the technical solutions of the present invention, the following detailed descriptions of the technical solutions of the present invention are provided with the accompanying drawings and the specific embodiments, and it should be understood that the specific features in the embodiments and the examples of the present invention are the detailed descriptions of the technical solutions of the present invention, and are not limitations of the technical solutions of the present invention, and the technical features in the embodiments and the examples of the present invention may be combined with each other without conflict.
In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant guidance. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, systems, compositions, and/or circuits have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the invention.
These and other features, functions, methods of execution, and combination of functions and elements of related elements in the structure and economies of manufacture disclosed in the present application may become more apparent upon consideration of the following description with reference to the accompanying drawings, all of which form a part of this application. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended as a definition of the limits of the application. It should be understood that the drawings are not to scale. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended as a definition of the limits of the invention. It should be understood that the drawings are not to scale.
Flowcharts are used herein to illustrate the implementations performed by systems according to embodiments of the present application. It should be expressly understood that the processes performed by the flowcharts may be performed out of order. Rather, these implementations may be performed in the reverse order or simultaneously. In addition, at least one other implementation may be added to the flowchart. One or more implementations may be deleted from the flowchart.
Fig. 1 is a block diagram illustrating an exemplary big data and artificial intelligence based data access system 300, according to some embodiments of the invention, the big data and artificial intelligence based data access system 300 may include a cloud computing server 100 and a data access requesting end 200.
In some embodiments, as shown in fig. 2, the cloud computing server 100 may include a processing engine 110, a network module 120, and a memory 130, the processing engine 110 and the memory 130 communicating through the network module 120.
Processing engine 110 may process the relevant information and/or data to perform one or more of the functions described herein. For example, in some embodiments, processing engine 110 may include at least one processing engine (e.g., a single core processing engine or a multi-core processor). By way of example only, the Processing engine 110 may include a Central Processing Unit (CPU), an Application-Specific Integrated Circuit (ASIC), an Application-Specific Instruction Set Processor (ASIP), a Graphics Processing Unit (GPU), a Physical Processing Unit (PPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), a Programmable Logic Device (PLD), a controller, a microcontroller Unit, a Reduced Instruction Set Computer (RISC), a microprocessor, or the like, or any combination thereof.
Network module 120 may facilitate the exchange of information and/or data. In some embodiments, the network module 120 may be any type of wired or wireless network or combination thereof. Merely by way of example, the Network module 120 may include a cable Network, a wired Network, a fiber optic Network, a telecommunications Network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth Network, a Wireless personal Area Network, a Near Field Communication (NFC) Network, and the like, or any combination thereof. In some embodiments, the network module 120 may include at least one network access point. For example, the network module 120 may include wired or wireless network access points, such as base stations and/or network access points.
The Memory 130 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 130 is used for storing a program, and the processing engine 110 executes the program after receiving the execution instruction.
It is to be understood that the configuration shown in fig. 2 is merely illustrative, and that the cloud computing server 100 may also include more or fewer components than shown in fig. 2, or have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
Fig. 3 is a flowchart illustrating an exemplary big data and artificial intelligence based data access method and/or process, which is applied to the cloud computing server 100 in fig. 1, and may specifically include the following steps S11-S14, according to some embodiments of the present invention.
Step S11, acquiring a network environment parameter set matching with the data access network environment of the data access request terminal.
For example, the data access request terminal may be a mobile phone, a tablet computer, a notebook computer, a laptop computer, etc., and is not limited herein. The data access network environment may be a communication network environment in which the data access requesting terminal is located. The network environment parameters comprise access security evaluation information in different data network states, the data network states can be dynamically updated, and the access security evaluation information is generated after the cloud computing server identifies the different data network states.
Step S12, analyzing the network status update trajectory in the data access request terminal based on the network environment parameter set matched with the data access network environment of the data access request terminal, and determining the status trajectory feature of the network status update trajectory in the data access request terminal.
For example, the network status update track is used to represent a dynamic change situation of the network status where the data access request end is located, the form of the update track may be a list, a curve, and the like, and is not limited herein, and the status track feature may be represented in the form of a feature vector or in the form of a feature value sequence, and is not limited herein.
Step S13, splitting the data access authority characteristics and the data access non-authority characteristics of the network environment parameters through the network state updating track in the data access request terminal; keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic integration on the data access authority characteristics in the network environment parameters to form a new network environment parameter set.
For example, data access rights characteristics are associated with access rights, which may be related to data security issues. The data access non-authority characteristics can be some procedural data characteristics, are irrelevant to access authority and basically do not relate to the problem of data security, and the data access non-authority characteristics can be removed by splitting the data access authority characteristics and the data access non-authority characteristics, so that the simplicity of a new network environment parameter set is ensured.
Step S14, analyzing the data access request terminal through the new network environment parameter set, and determining a data access path adapted to the data access request terminal, so as to implement data access security check on different data access requests through the data access request terminal, and determine a corresponding security check result; and starting a corresponding data access interface based on the security check result.
For example, the data access path may include an access path corresponding to the data access request terminal in a previous access behavior, or may also include an access path corresponding to the data access request terminal in a data access after the data access. The data access request can be initiated by the data access request terminal to the cloud computing server. The security check result is used for representing whether different data access requests have security risks such as data tampering and data damage in the cloud computing server. The data access interface is used for data access of the data access request terminal, and different data access interfaces are provided with safety protection mechanisms, such as intercepting certain operation behaviors of the data access request terminal.
It can be understood that, through the above steps S11-S14, the network environment parameter set of the data access network environment of the data access request end can be analyzed, so as to consider the dynamically changing data access network environment, then consider the data access permission feature and the data access non-permission feature, further implement the analysis of the data access request end from the access permission perspective, and then determine the adapted data access path, so that the data access security check of the data access request can be implemented based on the data access path, instead of simply and mechanically performing the check through the key verification or the signature authentication, and open the corresponding data access interface provided with the security protection mechanism based on the security check result. Therefore, the reliability and high timeliness of the security check result can be guaranteed, and the data security of the cloud computing server when the corresponding data access interface is opened for the data access request end to access data is guaranteed.
In the following, some alternative embodiments will be described, which should be understood as examples and not as technical features essential for implementing the present solution.
In some examples, the obtaining of the network environment parameter set matching the data access network environment of the data access request end described in step S11 may include the following steps S111 to S113.
Step S111, obtaining network environment classification information corresponding to the network environment tag in the data access network environment of the data access request terminal.
For example, the network environment tags are used to distinguish different data access network environments, and the network environment classification information may be used to classify a large number of network environment tags in order.
Step S112, carrying out classification information correction processing on the network environment classification information; and determining corresponding network environment description characteristics through a network environment analysis thread based on the processing result of the classification information correction, and intercepting the network environment classification information comprising the identifiable tags.
For example, the classification information correction process may be to remove duplicated classification information or erroneous classification information in the network environment classification information. The network environment analysis thread may be a pre-built convolutional neural network model, and the building process is the prior art and is not described here. The network environment description features can be used for realizing fine differentiation of different network environments, the network environment description features can be feature vectors or feature value sequences, and the identifiable tags have identifiability.
Step S113, processing the network environment classification information including the identifiable tag through the data access processing record of the data access request end, and forming a corresponding classification parameter processing result as any network environment parameter in the network environment parameter set matched with the data access network environment of the data access request end.
In this way, by executing the above steps S111 to S113, the determination of the network environment parameters can be implemented based on different network environment tags, so that the integrity and diversity of the network environment parameter set can be ensured.
In some other examples, the method may further include: determining a corresponding data network security index set according to the network environment parameters matched with the data access network environment of the data access request terminal; and analyzing the data access security record of the data access request terminal through the data network security index set so as to realize the network security judgment of the data network state corresponding to the determined data security protection event through the data access security record. Therefore, network security judgment can be realized through data access security records, and therefore security monitoring of the whole data access network is realized.
In some examples, in order to reduce the noise ratio of the state trace feature and thus improve the identification accuracy of the state trace feature, the parsing the network state update trace in the data access request terminal and determining the state trace feature of the network state update trace in the data access request terminal based on the network environment parameter set matched with the data access network environment of the data access request terminal, which is described in step S12, may include the following steps S121 to S124.
Step S121, determining corresponding non-updated network environment parameters and updated network environment parameters based on the network environment parameter set matched with the data access network environment of the data access request terminal.
And step S122, recombining different un-updated network environment parameters in the network environment parameter set and data access authority features in the updated network environment parameters through the feature recombination model corresponding to the network state updating track to form recombination authority features.
For example, the feature reconstruction model may be a classifier, and training of the classifier is prior art and will not be described herein. The reorganization right feature has a higher feature relevance than the previous data access right feature.
And S123, performing feature recognition processing on the recombination authority features through the feature recognition model corresponding to the network state updating track.
For example, the feature recognition model may be a deep neural network model or other algorithm capable of feature recognition.
Step S124, on the premise of obtaining the feature identification records of different feature identification results with the same access permission level, determining the state track feature of the network state update track in the data access request terminal.
It can be understood that by implementing the above steps S121 to S124, a slave group of data access authority features can be implemented, so that the state track feature of the network state update track in the data access request end can be determined on the premise of obtaining feature identification records of different feature identification results of the same access authority level. Therefore, the noise ratio of the state track characteristics can be reduced, and the recognition accuracy of the state track characteristics is improved.
On the basis of the above, the method may further include the following steps S125 to S128.
Step S125, determining a corresponding first classification parameter processing result based on the non-updated network environment parameter.
Step S126, determining a corresponding second classification parameter processing result based on the updated network environment parameter.
Step S127, when determining the state track characteristic of the network state update track in the data access request end, determining a third classification parameter processing result matched with the reorganization authority characteristic through the data access processing record of the data access request end.
Step S128, comparing the first classification parameter processing result or the second classification parameter processing result with the third classification parameter processing result to monitor a feature update record of the data access non-permission feature in different non-updated network environment parameters and the updated network environment parameters.
For example, the first classification parameter processing result, the second classification parameter processing result, and the third classification parameter processing result have different classification confidence levels. Through the steps S125 to S128, the feature update records of the data access non-permission features in different non-updated network environment parameters and the updated network environment parameters can be reliably monitored in real time, so that the update condition of the data access non-permission features is determined at the first time, and the possible conversion from the data access non-permission features to the data access permission features is avoided from being missed.
In some examples, the step S13 is to keep the data access non-permission feature in the network environment parameter unchanged, perform feature integration on the data access permission feature in the network environment parameter, and form a new network environment parameter set, and this is implemented by one of the following two implementation manners.
In the first implementation mode, the data access non-authority features in the network environment parameters are kept unchanged, and the data access authority features in the network environment parameters are subjected to feature elimination processing to form a new network environment parameter set.
In a second implementation manner, the data access non-permission features in the network environment parameters are kept unchanged, and feature clustering processing or feature reconstruction processing is performed on the data access permission features in the network environment parameters to form a new network environment parameter set.
Therefore, the mode of forming a new network environment parameter set can be flexibly selected in different scenes.
In some examples, the parsing of the data access request end through the new network environment parameter set and determining a data access path adapted to the data access request end as described in step S14 to implement data access security check on different data access requests through the data access request end and determine a corresponding security check result may further include the following steps S141 to S143.
Step S141, analyzing the data access request terminal according to the new network environment parameter set, and determining the data access path of the interactive data set in the data access request terminal.
For example, the interactive dataset may be a dataset of multi-terminal interactions.
And step S142, analyzing the data access request terminal according to the new network environment parameter set, and determining a data access path of a self-use data set in the data access request terminal.
For example, a self-contained data set is only used by a data access requester.
And step S143, performing data access security verification on different data access requests based on the data access path of the interactive data set and the data access path of the self-use data set, and determining corresponding security verification results.
For example, the data access path may be a call path of a corresponding execution function or hook function when the data access request terminal uses and calls data.
Therefore, the interactive data set and the self-used data set in the data access request end can be distinguished, so that the data access security verification is carried out on the data access request based on different dimensions, the confidence of the security verification result can be improved, and the security verification result cannot be easily tampered.
Further, the performing, in step S1431, data access security check on different data access requests based on the data access path of the interactive data set and the data access path of the self-use data set to determine a corresponding security check result may include the following steps S14311 to S14316.
Step S14311 is to construct a first access path node matrix corresponding to the data access path of the interactive data set, and construct a second access path node matrix corresponding to the data access path of the self-use data set, where the first access path node matrix and the second access path node matrix respectively include a plurality of access path node elements with different access heat degrees.
Step S14312, extract initial access heat variation data of any access path node element of the data access path of the interactive data set in the first access path node matrix, and determine the access path node element with the minimum access heat in the second access path node matrix as a target access path node element.
Step S14313, map the initial access heat change data to the target access path node element according to the data access request and the access request verification result, obtain initial access heat mapping data in the target access path node element, and generate an access path conversion list between the data access path of the interactive data set and the data access path of the self-use data set according to the initial access heat change data and the initial access heat mapping data.
Step S14314, obtaining access heat data to be processed in the target access path node element by using the initial access heat mapping data as reference heat data, mapping the access heat data to be processed to an access path node element where the initial access heat change data is located according to an access path conversion sequence corresponding to the access path conversion list, obtaining target access heat data corresponding to the access heat data to be processed in the access path node element where the initial access heat change data is located, and determining the reference heat data of the target access heat data as target access heat change data.
Step S14315, obtain a data mapping record in which the initial access heat change data is mapped to the target access path node element.
Step S14316, according to the access heat degree similarity between the target access heat degree data and the historical access heat degree data corresponding to the multiple data mapping execution functions on the data mapping record, sequentially acquiring security check index data corresponding to the target access heat degree change data in the second access path node matrix layer by layer until the importance coefficient of the access path node element where the acquired security check index data is located is consistent with the importance coefficient of the target access heat degree change data in the first access path node matrix, stopping acquiring the security check index data in the next access path node element, and establishing a security check indication relationship between the target access heat degree change data and the security check index data acquired last time; and performing data access security verification on different data access requests through the security verification indication relation to obtain the security verification result.
In this way, the determination of the security check indication relationship can be realized by executing the above steps S14311 to S14316, so that different data access requests are differentially checked based on the check indication logic corresponding to the security check indication relationship, and thus, it can be ensured that the obtained security check result can reflect data security from multiple dimensions.
Further, the parsing the data access request according to the new network environment parameter set and determining the data access path of the interactive data set in the data access request, which are described in step S141, may include steps S1411 to S1413.
Step S1411, processing the new network environment parameter set through the interactive data set in the data access request end to determine an interactive object original list of the interactive data set.
Step S1412, in response to the original list of the interactive objects in the interactive data set, processing the new network environment parameter set through the interactive data set, and determining an updated list of the interactive objects in the interactive data set.
Step S1413, according to the interactive object update list of the interactive data set, iteratively updating the data transmission trajectory of the interactive data set through the new network environment parameter set to extract the data access path of the interactive data packet corresponding to each group of data interaction list in the new network environment parameter set; wherein the interactive data packet is a subset of the interactive data set.
For example, the interactive object may be other data access requestors. The iteration update may set the iteration number or the termination condition in advance according to the actual service requirement, which is not described herein.
By such design, the data access path can be completely determined based on the steps S1411 to S1413, and the omission of partial path nodes is avoided.
Further, the processing the new network environment parameter set by the interactive data set in response to the original list of the interactive objects of the interactive data set in step S1412 to determine an updated list of the interactive objects of the interactive data set may further include: substituting different network environment parameters in the new network environment parameter set into the list updating algorithm model corresponding to the interactive data set; and determining the interactive object updating list corresponding to the interactive data set when the list updating algorithm model meets corresponding set conditions. For example, the list updating algorithm model may be a regression verification model or a tree model, and is not limited herein.
Further, the updating the list according to the interactive object of the interactive data set and iteratively updating the data transmission trajectory of the interactive data set through the new network environment parameter set, which are described in step S1412, to extract the data access path of the interactive data packet corresponding to each group of data interaction list in the new network environment parameter set includes: determining a list updating algorithm model corresponding to the interactive data set; updating a list according to the interactive objects of the interactive data set, and performing iterative updating on the data transmission track of the interactive data set; and extracting the data access path of the interactive data group corresponding to each group of data interactive list in the new network environment parameter set based on the interactive path in the interactive data set until the list updating algorithm model of the interactive data set reaches the corresponding set condition.
In practical implementation, the inventor finds that, in order to ensure that the opened data access interface can monitor and intercept some abnormal operation behaviors, different timing conditions need to be considered, and for this purpose, the opening of the corresponding data access interface based on the security check result described in step S14 may include the following steps S14 a-S14 f.
Step S14a, acquiring a target access authority distribution list corresponding to the security verification result of the current time period; the target access authority distribution list comprises a target mapping relation between an access authority category corresponding to a security verification result of the current time period and an access authority grade value; and the access authority grade value is used for representing the security grade of the access authority corresponding to the security verification result of the current time period.
Step S14b, obtaining a preset access right distribution list corresponding to the target access right distribution list, and extracting an initial access right rank value in the preset access right distribution list.
Step S14c, obtaining a target access right level value in the target access right distribution list, and calculating a level difference between the initial access right level value and the target access right level value at the same data access frequency.
Step S14d, determining a distribution relationship between the level difference and each data access frequency, and determining the distribution relationship as an access interface distribution index corresponding to the security verification result in the current time period.
Step S14e, when a distribution index call request corresponding to the access interface distribution index is acquired, globally correcting the target access permission distribution list according to the access interface distribution index and the distribution index call request to complete correction of the access permission level value corresponding to the security check result in the current time period, updating the preset access permission distribution list according to the distribution index call request to obtain an updated preset access permission distribution list, and globally correcting the security check result according to the updated preset access permission distribution list; the globally corrected target access authority distribution list comprises access authority grade values corresponding to security verification results after the access authority grade values are corrected; the target access authority distribution list and the preset access authority distribution list both comprise mapping relations between access authority categories and access authority grade values.
Step S14f, determining a candidate data access interface set corresponding to the updated preset access authority distribution list according to the globally corrected security check result, and screening and starting a target data access interface that satisfies the preset time sequence condition corresponding to the current time period from the candidate data access interface set.
It can be understood that by implementing the steps S14 a-S14 f, the target access right distribution lists corresponding to the security verification results in different time periods can be analyzed, so as to determine a candidate data access interface set by combining the access right distribution, and thus, the target data access interfaces meeting the preset time sequence condition can be screened and started. The preset time sequence condition can be a condition that the monitoring and intercepting time consumption of the abnormal operation behaviors does not exceed a set time length, and the design can ensure that the started data access interface can monitor and intercept some abnormal operation behaviors.
In some other examples, before the step S14a of obtaining the target access right distribution list corresponding to the security check result of the current time period, one of the following two schemes may be implemented arbitrarily.
The first scheme is that a preset correction instruction for a security verification result is received, access authority level values on all data access frequencies are set according to the preset correction instruction, and a preset access authority distribution list is generated according to the mapping relation between all the data access frequencies and the access authority level values.
And in the second scheme, the initial access authority category and the initial access authority grade value in the security verification result with the verification result updating identifier are obtained, an initial access authority distribution list is generated according to the mapping relation between the initial access authority category and the initial access authority grade value, and the initial access authority distribution list is determined as a preset access authority distribution list.
Further, in step S14a, a target access right distribution list corresponding to the security check result of the current time period is obtained, which includes: and acquiring a target mapping relation between the access authority category corresponding to the security verification result of the current time period and the access authority grade value, and generating a target access authority distribution list corresponding to the security verification result of the current time period based on the target mapping relation.
Further, when the distribution index call request corresponding to the access interface distribution index is acquired as described in step S14e, globally correcting the target access right distribution list according to the access interface distribution index and the distribution index call request to complete the correction of the access right level value corresponding to the security check result in the current time period, updating the preset access right distribution list according to the distribution index call request to obtain an updated preset access right distribution list, and globally correcting the security check result according to the updated preset access right distribution list, which may include the following steps S14e 1-S14 e 3.
Step S14e1, obtaining a real-time call request corresponding to the access interface distribution index, where the real-time call request includes an access right evaluation value on at least one data access frequency.
Step S14e2, correcting at least one access right level value in the target access right distribution list according to the access interface distribution index and the access right evaluation value on the at least one data access frequency, and obtaining a globally corrected target access right distribution list.
Step S14e3, according to the access right evaluation value on the at least one data access frequency, adjusting a mapping relationship between the access right level value and the access right category in the preset access right distribution list, and updating the preset access right distribution list according to the mapping relationship, so as to perform global correction on the security verification result according to the updated preset access right distribution list; and the globally corrected target access authority distribution list is the same as the updated preset access authority distribution list.
In an alternative embodiment, the splitting of the data access permission feature and the data access non-permission feature of the network environment parameter through the network status update track in the data access request terminal, which is described in step S13, may include the following steps (1) to (3).
(1) And determining the state description information of the network state updating track in different set period step lengths.
(2) And setting a state attribute feature set of the state description information corresponding to each set period step.
(3) And splitting the data access authority feature and the data access non-authority feature of the network environment parameter according to the state attribute feature set corresponding to each set time period step length, determining a first feature, corresponding to the network environment parameter, of which the similarity with the state attribute feature set reaches a set similarity, as the data access authority feature, and determining a first feature, corresponding to the network environment parameter, of which the similarity with the state attribute feature set does not reach the set similarity, as the data access non-authority feature.
In this way, based on the above steps (1) to (3), it can be ensured that the data access non-permission feature is not confused with the data access permission feature.
In an alternative embodiment, the step S14f of screening out and turning on the target data access interface from the candidate data access interface set, which meets the preset timing condition corresponding to the current time period, may include the following steps S14f 1-S14 f 4.
And step S14f1, acquiring the access interface call records of the candidate data access interface set and the time sequence characteristics of each access interface.
Step S14f2, when it is determined that the candidate data access interface set includes the real-time feature tag according to the access interface call record, determining the association degree between each access interface time sequence feature under the delay feature tag of the candidate data access interface set and each access interface time sequence feature under the real-time feature tag of the candidate data access interface set according to the access interface time sequence feature under the real-time feature tag of the candidate data access interface set and the feature identification degree thereof, and adjusting the access interface time sequence feature under the delay feature tag of the candidate data access interface set and associated with the access interface time sequence feature under the real-time feature tag to be under the corresponding real-time feature tag.
Step S14f3, under the condition that the current delay characteristic label of the candidate data access interface set contains a plurality of access interface time sequence characteristics, determining the association degree between the access interface time sequence characteristics under the current delay characteristic label of the candidate data access interface set according to the access interface time sequence characteristics under the real-time characteristic label of the candidate data access interface set and the characteristic identification degree thereof, and calibrating the access interface time sequence characteristics under the current delay characteristic label according to the association degree between the access interface time sequence characteristics; and setting a time sequence description value for each type of access interface time sequence feature obtained by the calibration according to the access interface time sequence feature and the feature identification degree under the real-time feature tag of the candidate data access interface set, and adjusting the time sequence feature of each type of access interface to the real-time feature tag corresponding to the time sequence description value.
And S14f4, screening out target data access interfaces meeting the preset time sequence condition corresponding to the current time period from the candidate data access interface set based on the time sequence characteristics of the access interfaces under the real-time characteristic label, and starting the target data access interfaces.
In an alternative embodiment, the step S14f2 of determining the association degree between each access interface timing characteristic under the delay characteristic tag of the candidate data access interface set and each access interface timing characteristic under the real-time characteristic tag of the candidate data access interface set according to the access interface timing characteristics under the real-time characteristic tag of the candidate data access interface set and the characteristic identification degree thereof, and adjusting the access interface timing characteristic under the delay characteristic tag of the candidate data access interface set and the access interface timing characteristic under the real-time characteristic tag to be under the corresponding real-time characteristic tag may include the steps S14f21 and S14f 22.
And step S14f21, calculating a correlation coefficient corresponding to the correlation comparison result between each access interface time sequence feature under the delay feature label of the candidate data access interface set and the feature vector of each access interface time sequence feature under the real-time feature label of the candidate data access interface set.
Step S14f22 is to respectively determine whether the correlation coefficient corresponding to each correlation comparison result reaches the first coefficient threshold, and adjust the access interface timing characteristic under the delay characteristic tag where the correlation coefficient corresponding to the correlation comparison result reaches the first coefficient threshold to the corresponding real-time characteristic tag.
For example, the feature vector of the access interface timing feature is: and matching feature sequences of the access interface time sequence feature matching time sequence description values are counted according to the access interface time sequence features under the real-time feature labels of the candidate data access interface sets and the feature identification degrees of the access interface time sequence features. The first coefficient threshold may be set in advance, and is not limited herein.
FIG. 4 is a block diagram illustrating an exemplary big data and artificial intelligence based data access device 140, the big data and artificial intelligence based data access device 140 including the following functional modules, according to some embodiments of the present invention.
A parameter obtaining module 141, configured to obtain a network environment parameter set matched with a data access network environment of the data access request end, where the network environment parameter includes access security evaluation information in different data network states.
A track analysis module 142, configured to analyze the network state update track in the data access request end based on a network environment parameter set matched with the data access network environment of the data access request end, and determine a state track characteristic of the network state update track in the data access request end.
The feature integration module 143 is configured to split the data access permission feature and the data access non-permission feature of the network environment parameter through a network state update trajectory in the data access request terminal; keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic integration on the data access authority characteristics in the network environment parameters to form a new network environment parameter set.
The access checking module 144 is configured to analyze the data access request end through the new network environment parameter set, and determine a data access path adapted to the data access request end, so as to implement data access security checking on different data access requests through the data access request end, and determine a corresponding security checking result; and starting a corresponding data access interface based on the security check result.
For a description of the above-described device embodiments, reference is made to the description of the method embodiments.
Based on the same inventive concept, the embodiment of the system is also provided.
A1. A data access method based on big data and artificial intelligence comprises a cloud computing server and a data access request end which are communicated with each other; wherein the cloud computing server is to:
acquiring a network environment parameter set matched with a data access network environment of the data access request terminal, wherein the network environment parameters comprise access security evaluation information in different data network states;
analyzing a network state updating track in the data access request terminal based on a network environment parameter set matched with a data access network environment of the data access request terminal, and determining a state track characteristic of the network state updating track in the data access request terminal;
splitting the data access authority characteristics and the data access non-authority characteristics of the network environment parameters through a network state updating track in the data access request terminal; keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic integration on the data access authority characteristics in the network environment parameters to form a new network environment parameter set;
analyzing the data access request end through the new network environment parameter set, and determining a data access path matched with the data access request end so as to realize data access security check on different data access requests through the data access request end and determine a corresponding security check result; and starting a corresponding data access interface based on the security check result.
For a description of the above system embodiments, reference is made to the description of the method embodiments.
It should be understood that, for technical terms that are not noun-explained in the above, a person skilled in the art can deduce and unambiguously determine the meaning of the present invention from the above disclosure, for example, for some values, coefficients, weights, indexes, factors and other terms, a person skilled in the art can deduce and determine from the logical relationship between the above and the below, and the value range of these values can be selected according to the actual situation, for example, 0 to 1, for example, 1 to 10, and for example, 50 to 100, which is not limited herein.
The skilled person can unambiguously determine some preset, reference, predetermined, set and target technical features/terms, such as threshold values, threshold intervals, threshold ranges, etc., from the above disclosure. For some technical characteristic terms which are not explained, the technical solution can be clearly and completely implemented by those skilled in the art by reasonably and unambiguously deriving the technical solution based on the logical relations in the previous and following paragraphs. Prefixes of unexplained technical feature terms, such as "first", "second", "previous", "next", "current", "history", "latest", "best", "target", "specified", and "real-time", etc., can be unambiguously derived and determined from the context. Suffixes of technical feature terms not to be explained, such as "list", "feature", "sequence", "set", "matrix", "unit", "element", "track", and "list", etc., can also be derived and determined unambiguously from the foregoing and the following.
The foregoing disclosure of embodiments of the present invention will be apparent to those skilled in the art. It should be understood that the process of deriving and analyzing technical terms, which are not explained, by those skilled in the art based on the above disclosure is based on the contents described in the present application, and thus the above contents are not an inventive judgment of the overall scheme.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific terminology to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various portions of this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of at least one embodiment of the present application may be combined as appropriate.
In addition, those skilled in the art will recognize that the various aspects of the application may be illustrated and described in terms of several patentable species or contexts, including any new and useful combination of procedures, machines, articles, or materials, or any new and useful modifications thereof. Accordingly, various aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as a "unit", "component", or "system". Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in at least one computer readable medium.
A computer readable signal medium may comprise a propagated data signal with computer program code embodied therein, for example, on a baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, and the like, or any suitable combination. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code on a computer readable signal medium may be propagated over any suitable medium, including radio, electrical cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the execution of aspects of the present application may be written in any combination of one or more programming languages, including object oriented programming, such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, or similar conventional programming languages, such as the "C" programming language, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, dynamic programming languages, such as Python, Ruby, and Groovy, or other programming languages. The programming code may execute entirely on the user's computer, as a stand-alone software package, partly on the user's computer, partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order of the process elements and sequences described herein, the use of numerical letters, or other designations are not intended to limit the order of the processes and methods unless otherwise indicated in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it should be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware means, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
It should also be appreciated that in the foregoing description of embodiments of the present application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of at least one embodiment of the invention. However, this method of disclosure is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.

Claims (10)

1. A data access method based on big data and artificial intelligence is applied to a cloud computing server in communication connection with a data access request terminal, and comprises the following steps:
acquiring a network environment parameter set matched with a data access network environment of the data access request terminal, wherein the network environment parameters comprise access security evaluation information in different data network states;
analyzing a network state updating track in the data access request terminal based on a network environment parameter set matched with a data access network environment of the data access request terminal, and determining a state track characteristic of the network state updating track in the data access request terminal;
splitting the data access authority characteristics and the data access non-authority characteristics of the network environment parameters through a network state updating track in the data access request terminal; keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic integration on the data access authority characteristics in the network environment parameters to form a new network environment parameter set;
analyzing the data access request end through the new network environment parameter set, and determining a data access path matched with the data access request end so as to realize data access security check on different data access requests through the data access request end and determine a corresponding security check result; and starting a corresponding data access interface based on the security check result.
2. The method of claim 1, wherein the obtaining a set of network environment parameters matching a data access network environment of the data access request end comprises:
acquiring network environment classification information corresponding to a network environment label in a data access network environment of the data access request terminal;
carrying out classification information correction processing on the network environment classification information; determining corresponding network environment description characteristics through a network environment analysis thread based on a processing result of classification information correction, and intercepting network environment classification information including identifiable tags;
processing the network environment classification information including the identifiable tags through the data access processing records of the data access request terminal to form a corresponding classification parameter processing result as any network environment parameter in a network environment parameter set matched with the data access network environment of the data access request terminal;
wherein the method further comprises:
determining a corresponding data network security index set according to the network environment parameters matched with the data access network environment of the data access request terminal;
and analyzing the data access security record of the data access request terminal through the data network security index set so as to realize the network security judgment of the data network state corresponding to the determined data security protection event through the data access security record.
3. The method according to claim 1, wherein the analyzing the network status update trail in the data access request terminal based on the network environment parameter set matched with the data access network environment of the data access request terminal to determine the status trail characteristics of the network status update trail in the data access request terminal comprises:
determining corresponding non-updated network environment parameters and updated network environment parameters based on a network environment parameter set matched with the data access network environment of the data access request terminal;
recombining different non-updated network environment parameters in the network environment parameter set and data access authority features in the updated network environment parameters through the feature recombination model corresponding to the network state updating track to form recombination authority features;
updating a feature recognition model corresponding to the track through the network state, and performing feature recognition processing on the recombination authority features;
on the premise of obtaining the feature identification records of different feature identification results with the same access authority level, determining the state track feature of a network state updating track in the data access request terminal;
wherein the method further comprises:
determining a corresponding first classification parameter processing result based on the network environment parameter which is not updated;
determining a corresponding second classification parameter processing result based on the updated network environment parameter;
when the state track characteristic of the network state updating track in the data access request terminal is determined, determining a third classification parameter processing result matched with the recombination authority characteristic through the data access processing record of the data access request terminal;
comparing the first classification parameter processing result or the second classification parameter processing result with the third classification parameter processing result to monitor different non-updated network environment parameters and feature update records of data access non-permission features in the updated network environment parameters.
4. The method according to any one of claims 1 to 3, wherein the keeping the data access non-permission feature in the network environment parameter unchanged, and performing feature integration on the data access permission feature in the network environment parameter to form a new network environment parameter set comprises:
keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic elimination processing on the data access authority characteristics in the network environment parameters to form a new network environment parameter set;
alternatively, the first and second electrodes may be,
keeping the data access non-authority characteristics in the network environment parameters unchanged, and performing characteristic clustering processing or characteristic reconstruction processing on the data access authority characteristics in the network environment parameters to form a new network environment parameter set.
5. The method according to claim 1, wherein the parsing the data access request end through the new network environment parameter set to determine a data access path adapted to the data access request end, so as to implement data access security check on different data access requests through the data access request end, and determine a corresponding security check result includes:
analyzing the data access request terminal according to the new network environment parameter set, and determining a data access path of an interactive data set in the data access request terminal;
analyzing the data access request terminal according to the new network environment parameter set, and determining a data access path of a self-use data set in the data access request terminal;
performing data access security verification on different data access requests based on the data access path of the interactive data set and the data access path of the self-use data set, and determining corresponding security verification results;
based on the data access path of the interactive data set and the data access path of the self-use data set, performing data access security check on different data access requests, and determining a corresponding security check result, including:
constructing a first access path node matrix corresponding to a data access path of an interactive data set, and constructing a second access path node matrix corresponding to a data access path of a self-use data set, wherein the first access path node matrix and the second access path node matrix respectively comprise a plurality of access path node elements with different access heat degrees;
extracting initial access heat change data of any access path node element of a data access path of the interactive data set in the first access path node matrix, and determining the access path node element with the minimum access heat in the second access path node matrix as a target access path node element;
mapping the initial access heat change data to the target access path node element according to the data access request and an access request verification result, obtaining initial access heat mapping data in the target access path node element, and generating an access path conversion list between a data access path of the interactive data set and a data access path of the self-use data set according to the initial access heat change data and the initial access heat mapping data;
acquiring to-be-processed access heat data in the target access path node element by taking the initial access heat mapping data as reference heat data, mapping the to-be-processed access heat data to the access path node element where the initial access heat change data is located according to an access path conversion sequence corresponding to the access path conversion list, acquiring target access heat data corresponding to the to-be-processed access heat data in the access path node element where the initial access heat change data is located, and determining the reference heat data of the target access heat data as target access heat change data;
acquiring a data mapping record for mapping the initial access heat change data to the target access path node element;
according to the access heat degree similarity between the target access heat degree data and historical access heat degree data corresponding to a plurality of data mapping execution functions on the data mapping record, sequentially acquiring security check index data corresponding to the target access heat degree change data in the second access path node matrix layer by layer until the importance coefficient of an access path node element where the acquired security check index data is located is consistent with the importance coefficient of the target access heat degree change data in the first access path node matrix, stopping acquiring the security check index data in the next access path node element, and establishing a security check indication relationship between the target access heat degree change data and the security check index data acquired last time; and performing data access security verification on different data access requests through the security verification indication relation to obtain the security verification result.
6. The method of claim 5, wherein the parsing the data access request according to the new set of network environment parameters to determine a data access path of an interactive data set in the data access request comprises:
processing the new network environment parameter set through an interactive data set in the data access request terminal to determine an interactive object original list of the interactive data set;
responding to an original list of the interactive objects of the interactive data set, processing the new network environment parameter set through the interactive data set, and determining an updated list of the interactive objects of the interactive data set;
updating a list according to the interactive objects of the interactive data set, and iteratively updating the data transmission track of the interactive data set through the new network environment parameter set so as to extract the data access path of the interactive data group corresponding to each group of data interactive list in the new network environment parameter set; wherein the interactive data packet is a subset of the interactive data set;
wherein said determining an updated list of interactive objects of said interactive dataset by processing said new set of network environment parameters through said interactive dataset in response to said original list of interactive objects of said interactive dataset comprises:
substituting different network environment parameters in the new network environment parameter set into the list updating algorithm model corresponding to the interactive data set;
determining the interactive object updating list corresponding to the interactive data set when the list updating algorithm model meets corresponding set conditions;
wherein, the updating a list according to the interactive object of the interactive data set, and iteratively updating the data transmission track of the interactive data set through the new network environment parameter set to extract the data access path of the interactive data packet corresponding to each group of data interactive list in the new network environment parameter set includes:
determining a list updating algorithm model corresponding to the interactive data set;
updating a list according to the interactive objects of the interactive data set, and performing iterative updating on the data transmission track of the interactive data set;
and extracting the data access path of the interactive data group corresponding to each group of data interactive list in the new network environment parameter set based on the interactive path in the interactive data set until the list updating algorithm model of the interactive data set reaches the corresponding set condition.
7. The method of any of claims 1-6, wherein opening the corresponding data access interface based on the security check result comprises:
acquiring a target access authority distribution list corresponding to a security verification result of the current time period; the target access authority distribution list comprises a target mapping relation between an access authority category corresponding to a security verification result of the current time period and an access authority grade value; the access authority grade value is used for representing the security grade of the access authority corresponding to the security verification result of the current time period;
acquiring a preset access authority distribution list corresponding to the target access authority distribution list, and extracting an initial access authority grade value in the preset access authority distribution list;
acquiring a target access authority grade value in the target access authority distribution list, and calculating a grade difference value between the initial access authority grade value and the target access authority grade value under the same data access frequency;
determining a distribution relation between the grade difference and each data access frequency, and determining the distribution relation as an access interface distribution index corresponding to the security verification result of the current time period;
when a distribution index calling request corresponding to the access interface distribution index is acquired, globally correcting the target access authority distribution list according to the access interface distribution index and the distribution index calling request so as to finish correcting the access authority level value corresponding to the security verification result of the current time period, updating the preset access authority distribution list according to the distribution index calling request to obtain an updated preset access authority distribution list, and globally correcting the security verification result according to the updated preset access authority distribution list; the globally corrected target access authority distribution list comprises access authority grade values corresponding to security verification results after the access authority grade values are corrected; the target access authority distribution list and the preset access authority distribution list both comprise mapping relations between access authority categories and access authority grade values;
and determining a candidate data access interface set corresponding to the updated preset access authority distribution list according to the globally corrected security check result, screening a target data access interface meeting a preset time sequence condition corresponding to the current time period from the candidate data access interface set, and starting the target data access interface.
8. The method of claim 7,
before the obtaining of the target access right distribution list corresponding to the security verification result of the current time period, the method further includes:
receiving a preset correction instruction for a security check result, setting access authority level values on each data access frequency according to the preset correction instruction, and generating a preset access authority distribution list according to the mapping relation between each data access frequency and the access authority level values;
or
Acquiring an initial access authority category and an initial access authority grade value in a security verification result with a verification result updating identifier, generating an initial access authority distribution list according to a mapping relation between the initial access authority category and the initial access authority grade value, and determining the initial access authority distribution list as a preset access authority distribution list;
the obtaining of the target access right distribution list corresponding to the security verification result of the current time period includes: acquiring a target mapping relation between the access authority category corresponding to the security verification result of the current time period and the access authority level value, and generating a target access authority distribution list corresponding to the security verification result of the current time period based on the target mapping relation;
when a distribution index calling request corresponding to the access interface distribution index is obtained, globally correcting the target access permission distribution list according to the access interface distribution index and the distribution index calling request to complete correction of an access permission level value corresponding to a security verification result of the current time period, updating the preset access permission distribution list according to the distribution index calling request to obtain an updated preset access permission distribution list, and globally correcting the security verification result according to the updated preset access permission distribution list, including:
acquiring a real-time calling request corresponding to the access interface distribution index, wherein the real-time calling request comprises an access authority evaluation value on at least one data access frequency;
correcting at least one access authority grade value in the target access authority distribution list according to the access interface distribution index and the access authority evaluation value on the at least one data access frequency, and obtaining a globally corrected target access authority distribution list;
adjusting a mapping relation between the access authority level value and the access authority category in the preset access authority distribution list according to the access authority evaluation value on the at least one data access frequency, updating the preset access authority distribution list according to the mapping relation, and performing global correction on a security verification result according to the updated preset access authority distribution list; and the globally corrected target access authority distribution list is the same as the updated preset access authority distribution list.
9. A cloud computing server comprising a processing engine, a network module, and a memory; the processing engine and the memory communicate through the network module, the processing engine reading a computer program from the memory and operating to perform the method of any of claims 1-8.
10. A computer-readable signal medium, on which a computer program is stored which, when executed, implements the method of any one of claims 1-8.
CN202011498372.3A 2020-12-17 2020-12-17 Data access method based on big data and artificial intelligence and cloud computing server Withdrawn CN112528306A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011498372.3A CN112528306A (en) 2020-12-17 2020-12-17 Data access method based on big data and artificial intelligence and cloud computing server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011498372.3A CN112528306A (en) 2020-12-17 2020-12-17 Data access method based on big data and artificial intelligence and cloud computing server

Publications (1)

Publication Number Publication Date
CN112528306A true CN112528306A (en) 2021-03-19

Family

ID=75001269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011498372.3A Withdrawn CN112528306A (en) 2020-12-17 2020-12-17 Data access method based on big data and artificial intelligence and cloud computing server

Country Status (1)

Country Link
CN (1) CN112528306A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051543A (en) * 2021-04-01 2021-06-29 郭洪铜 Cloud service security verification method and cloud service system in big data environment
CN115630839A (en) * 2022-11-01 2023-01-20 苏州泽达兴邦医药科技有限公司 Production intelligent feedback regulation and control system based on data mining

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051543A (en) * 2021-04-01 2021-06-29 郭洪铜 Cloud service security verification method and cloud service system in big data environment
CN115630839A (en) * 2022-11-01 2023-01-20 苏州泽达兴邦医药科技有限公司 Production intelligent feedback regulation and control system based on data mining
CN115630839B (en) * 2022-11-01 2023-11-10 苍南县求是中医药创新研究院 Intelligent feedback production regulation and control system based on data mining

Similar Documents

Publication Publication Date Title
CN111177714B (en) Abnormal behavior detection method and device, computer equipment and storage medium
US11580222B2 (en) Automated malware analysis that automatically clusters sandbox reports of similar malware samples
CN112437439A (en) Hot spot sharing method based on artificial intelligence and feature analysis and big data cloud platform
CN111695903B (en) Information flow analysis method based on block chain and mobile internet and cloud computing platform
CN112487495B (en) Data processing method based on big data and cloud computing and big data server
CN112488713A (en) Safety identification method and system based on block chain big data and cloud service platform
CN112286906B (en) Information security processing method based on block chain and cloud computing center
CN112528306A (en) Data access method based on big data and artificial intelligence and cloud computing server
CN115238828A (en) Chromatograph fault monitoring method and device
CN115396212A (en) Training method and device for detection model, computer equipment and storage medium
CN112214781A (en) Remote sensing image big data processing method and system based on block chain
CN112486955B (en) Data maintenance method based on big data and artificial intelligence and big data server
CN112417460B (en) Payment data processing method based on big data and block chain and cloud server
CN112686667A (en) Data processing method based on big data and block chain and cloud service platform
CN112330312B (en) Data processing method based on block chain payment and facial recognition and big data platform
CN112437132B (en) Service resource sharing method based on cloud computing and digital upgrading and cloud server
CN112486969B (en) Data cleaning method applied to big data and deep learning and cloud server
CN113542296A (en) Policy optimization method based on safety protection big data and artificial intelligence protection system
CN113409014A (en) Big data service processing method based on artificial intelligence and artificial intelligence server
CN115599312B (en) Big data processing method and AI system based on storage cluster
CN114528550B (en) Information processing method and system applied to E-commerce big data threat identification
CN116628637A (en) Unauthorized software identification method and device, electronic equipment, medium and product
CN115567279A (en) Abnormal data determination method and device, computer equipment and storage medium
CN115906170A (en) Safety protection method and AI system applied to storage cluster
CN112613878A (en) Information detection method based on big data and block chain payment and big data server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210319

WW01 Invention patent application withdrawn after publication