CN112861160A - Data privacy protection system and protection method - Google Patents

Data privacy protection system and protection method Download PDF

Info

Publication number
CN112861160A
CN112861160A CN202110256791.4A CN202110256791A CN112861160A CN 112861160 A CN112861160 A CN 112861160A CN 202110256791 A CN202110256791 A CN 202110256791A CN 112861160 A CN112861160 A CN 112861160A
Authority
CN
China
Prior art keywords
data
network
module
program
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110256791.4A
Other languages
Chinese (zh)
Inventor
郑明辉
周慧华
沈济南
朱小强
陈珩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University for Nationalities
Original Assignee
Hubei University for Nationalities
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University for Nationalities filed Critical Hubei University for Nationalities
Priority to CN202110256791.4A priority Critical patent/CN112861160A/en
Publication of CN112861160A publication Critical patent/CN112861160A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/35Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of privacy protection, and discloses a data privacy protection system and a protection method, wherein the data privacy protection system comprises: the system comprises a data acquisition module, a network access module, a virus information acquisition module, a network security monitoring module, a central control module, a network optimization module, a data encryption module, a data transmission module, a data receiving module and a data decryption module. The invention realizes network access by evaluating the network reliability, and the reliability of the access network is high; further detection of network security is realized by acquiring virus information and detecting whether virus-related information exists in the accessed network, so that an optimized network is obtained; and after receiving the transmission data, decrypting the data to obtain the privacy data. The data privacy protection system has a simple structure, can realize effective protection, reduces invasion and realizes user data security.

Description

Data privacy protection system and protection method
Technical Field
The invention belongs to the technical field of privacy protection, and particularly relates to a data privacy protection system and a data privacy protection method.
Background
At present, with the development of new-generation information communication technologies such as internet of things and cloud computing, the evolution of an information system architecture changes, and the traditional information system three-layer architecture (a database, a server and a PC) is changed into the future information system three-layer architecture (big data, cloud computing and an intelligent terminal). Therefore, how to establish a set of security protection methods based on the big data processing platform technology has become a necessary trend.
As the application of large data systems becomes more and more widespread, its security is very important: the market of big data is rapidly increased in years, the average speed is increased by more than 50% in nearly 5 years, and the data is increased explosively, so that the information becomes strategic assets; big data technology affects national governance, enterprise decision making, people's life and the like; however, large data applications pose new challenges to information security; the security threat is greatly improved, the background of an attacker is more complex, the targetness, the concealment performance and the destructiveness of the security threat are greatly increased, and the motivation, the purpose and the method of the attacker become more complex. However, currently, an effective protection system is not available for protecting the user privacy data, and the risk of privacy disclosure exists.
Through the above analysis, the problems and defects of the prior art are as follows: at present, an effective protection system is not available temporarily, so that the protection of user privacy data can be realized, and the risk of privacy disclosure exists.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a data privacy protection system and a protection method.
The invention is realized in this way, a data privacy protection system includes:
the data acquisition module is connected with the central control module and is used for acquiring data through a data acquisition program to obtain data to be protected;
the network access module is connected with the central control module and is used for accessing the network through a network access program;
the network access through the network access program comprises: carrying out data preprocessing and feature extraction on different types of network connection data;
the data preprocessing and feature extraction for the different types of network connection data comprises:
taking n network connection records as a training set, taking the continuous attribute value of the ith record as a vector, and taking Xi={xi1,xi2,...,xijN, j 1..32, the standardized calculation formula is:
Figure BDA0002967717820000021
and is
Figure BDA0002967717820000022
Wherein the content of the first and second substances,
Figure BDA0002967717820000023
n is the number of records in the training set, j is the attribute column, AVGjAnd STDjMean and standard deviation, x 'of the j-th column attribute in a training set respectively'ijA value for each attribute;
normalizing each attribute value through an attribute calculation formula;
x 'by attribute calculation formula'ijNormalized to [0,1 ]]Interval, x "ijAs the value of the final sample attribute, the specific formula is as follows:
Figure BDA0002967717820000024
wherein, minjIs the minimum value of the j-th column attribute in the training set, MAXjThe maximum value of the j-th column of attributes in the training set;
the virus information acquisition module is connected with the central control module and is used for acquiring virus information through a virus information acquisition program;
the network security monitoring module is connected with the central control module and used for searching viruses in the accessed network according to the acquired virus information through a network security monitoring program and acquiring a network security monitoring result according to a virus searching result;
and the central control module is connected with the data acquisition module, the network access module, the virus information acquisition module and the network security monitoring module and is used for controlling the operation of each connection module of the main control computer to ensure the normal operation of each module.
Further, the data privacy protection system further includes:
the network optimization module is connected with the central control module and used for optimizing the network according to the network safety monitoring result through a network optimization program and checking and killing viruses existing in the network to obtain an optimized network;
the data encryption module is connected with the central control module and used for encrypting the data to be protected through a data encryption program to obtain encrypted data;
the data transmission module is connected with the central control module and is used for transmitting the encrypted data through a data transmission program;
the data receiving module is connected with the central control module and is used for receiving the encrypted data through a data receiving program;
and the data decryption module is connected with the central control module and is used for decrypting the received encrypted data through a data decryption program.
Further, the accessing the network through the network access program further includes:
according to the extracted features, iteration and training are carried out through a generalized regression neural network in combination with a fuzzy clustering algorithm to obtain a clustering result;
calculating credibility estimated values of corresponding classifications by setting credibility weight vectors and a network connection credibility algorithm according to the clustering result;
calculating the reliability of the network intrusion rule through an improved associated attribute judgment algorithm, and using the reliability as a basis for dynamically adjusting a rule base in an intrusion detection system;
determining whether to establish connection between the mobile terminal and the internet according to the adjusted credibility;
and after the connection between the mobile terminal and the internet is determined to be established, accessing the network.
Further, the clustering result obtained by iteration and training through the generalized regression neural network in combination with the fuzzy clustering algorithm includes:
classifying the data according to a fuzzy clustering algorithm, and calculating a clustering center of each class;
FCM combines n vectors xkDividing the data into c fuzzy classes, and calculating the clustering center c of each classiTo minimize the fuzzy objective function;
the objective function of fuzzy clustering is:
Figure BDA0002967717820000041
wherein d isij=||ci-xjI is the Euclidean distance of the sample vector from the center point, ciIs the center of the ith class, m is the number of samples, and j is the attribute column; the calculation formula of each cluster center is as follows:
Figure BDA0002967717820000042
calculating a membership value through a membership function to form a fuzzy matrix;
the membership function is:
Figure BDA0002967717820000043
selecting a training sample from the fuzzy matrix as the training input of the generalized neural network;
selecting m samples with the minimum distance from the central value in the fuzzy matrix as training samples, and using n x m groups of data as the training input of the generalized neural network; n is the number of classified intrusion data according to a fuzzy clustering algorithm, and m is data between 1 and 5;
predicting and outputting the type of intrusion data according to the training input of the generalized neural network; the generalized neural network consists of four-level structures of an input layer, a mode layer, a summation layer and an output layer;
data are subdivided into n classes, and a sample closest to the central value of each class is found out to be used as a training sample; and obtaining a clustering result.
Further, the calculating the reliability of the network intrusion rule through the improved associated attribute judgment algorithm as the basis for the dynamic adjustment of the rule base in the intrusion detection system includes:
segmenting the rule base; selecting a random sample for each segment to be mined, and reading a frequent item set;
generating a candidate item set according to the frequent item set;
scanning the database, determining the support degree of each candidate set, and deleting the candidate sets with the support degrees smaller than a threshold value;
merging frequent item sets of the segmented samples, and scanning and verifying;
and adjusting the credibility of the rule again according to the credibility weight vector of the corresponding category attribute.
Further, the support is a ratio of the number of objects in the candidate set that include the random sample to the number of all objects.
Further, the performing network access after determining to establish the connection between the mobile terminal and the internet includes:
removing the dimension of each attribute, and carrying out vector normalization on the original matrix to obtain a normalized matrix R (R)ln)L×NWherein r islnIs composed of
Figure BDA0002967717820000051
Establishing a weighted standardized decision matrix V; the user module stores the weight information of user preference for representing the attribute of the terminal when selecting networkWith the same preference degree, assuming that the weight vector of the attribute is W ═ Wl...wn...wN]T,wnIs a weight corresponding to the nth attribute, and
Figure BDA0002967717820000052
wherein the maximum wnThe attribute corresponding to the user's preference plays an important role in the network selection result, and each column of attribute value in the specification matrix R is multiplied by the corresponding weight to obtain a weighted standardized decision matrix V (V)ln)L×NWherein v islnIs composed of
νln=wnrln
Determining positive ideal schemes Q for all schemes+Sum negative ideal scheme Q-
Figure BDA0002967717820000053
Figure BDA0002967717820000061
The euclidian distances of the candidate schemes from the positive and negative ideal schemes are calculated separately.
Each candidate scheme and positive ideal scheme Q+Is a distance of
Figure BDA0002967717820000062
Is composed of
Figure BDA0002967717820000063
Distance of each candidate from negative ideal
Figure BDA0002967717820000064
Is composed of
Figure BDA0002967717820000065
Calculating the relative closeness of the candidate scheme to the positive ideal scheme
Figure BDA0002967717820000066
Figure BDA0002967717820000067
When distance between candidate scheme and negative ideal scheme
Figure BDA0002967717820000068
The larger the distance from the ideal solution
Figure BDA0002967717820000069
The smaller the size of the product is,
Figure BDA00029677178200000610
closer to 1, indicating closer to the positive ideal; when in
Figure BDA00029677178200000611
The smaller the size of the tube is,
Figure BDA00029677178200000612
the larger the size of the tube, the larger the tube,
Figure BDA00029677178200000613
closer to 0, indicating closer to negative ideal;
the candidate solutions are ranked and the optimal solution is selected. According to the proximity of the candidate scheme to the ideal scheme
Figure BDA00029677178200000614
Will be provided with
Figure BDA00029677178200000615
As the utility function, selecting the candidate scheme with the maximum utility function value as the optimal network selection scheme l*Namely, it is
Figure BDA00029677178200000616
Scheme l*Is opened to perform access to the network.
Further, the encrypting the data to be protected by the data encryption program to obtain encrypted data includes:
collecting data to be protected as data to be encrypted;
encrypting the data to be encrypted through a data encryption algorithm to obtain encrypted data; the data encryption algorithm is a 3DES algorithm;
collecting a first identification code for identifying a user or a terminal;
calculating the first identification code and the encrypted data through a first data verification algorithm to obtain first verification data; the first data verification algorithm is an MD5 algorithm, and the first identification code is IMEI or IMSI;
and combining the encrypted data and the first check data.
Another object of the present invention is to provide a data privacy protecting method, including the steps of:
acquiring data by a data acquisition module through a data acquisition program to obtain data to be protected; accessing the network by using a network access program through a network access module; acquiring virus information by using a virus information acquisition program through a virus information acquisition module;
searching viruses in the accessed network by using a network security monitoring program through a network security monitoring module according to the acquired virus information, and acquiring a network security monitoring result according to a virus searching result;
thirdly, the central control module controls the operation of each connecting module of the main control machine to ensure the normal operation of each module;
fourthly, network optimization is carried out through a network optimization module by utilizing a network optimization program according to a network safety monitoring result, and viruses existing in the network are searched and killed to obtain an optimized network;
fifthly, encrypting the data to be protected by using a data encryption program through a data encryption module to obtain encrypted data; transmitting the encrypted data by using a data transmission program through a data transmission module;
step six, receiving the encrypted data by using a data receiving program through a data receiving module; and decrypting the received encrypted data by using the data decryption program through the data decryption module.
Further, the first step of accessing the network through the network access program includes:
(1) carrying out data preprocessing and feature extraction on different types of network connection data;
(2) according to the extracted features, iteration and training are carried out through a generalized regression neural network in combination with a fuzzy clustering algorithm to obtain a clustering result;
(3) calculating credibility estimated values of corresponding classifications by setting credibility weight vectors and a network connection credibility algorithm according to the clustering result;
(4) calculating the reliability of the network intrusion rule through an improved associated attribute judgment algorithm, and using the reliability as a basis for dynamically adjusting a rule base in an intrusion detection system;
(5) determining whether to establish connection between the mobile terminal and the internet according to the adjusted credibility;
(6) and after the connection between the mobile terminal and the internet is determined to be established, accessing the network.
Another object of the present invention is to provide an information data processing terminal including a memory storing a computer program and a processor, the computer program, when executed by the processor, causing the processor to perform the functions of the data privacy protection system.
It is another object of the present invention to provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to apply the data privacy protection system function.
By combining all the technical schemes, the invention has the advantages and positive effects that: the invention realizes network access by evaluating the network reliability, and the reliability of the access network is high; further detection of network security is realized by acquiring virus information and detecting whether virus-related information exists in the accessed network, so that an optimized network is obtained; the encrypted data is obtained by encrypting the private data and is transmitted through the optimized network, and the data is decrypted after the transmitted data is received, so that the private data is obtained. The data privacy protection system has a simple structure, can realize effective protection, reduces invasion and realizes user data security.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a block diagram of a data privacy protection system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a data privacy protection method according to an embodiment of the present invention.
Fig. 3 is a flowchart of network access through a network access procedure according to an embodiment of the present invention.
Fig. 4 is a flowchart for calculating the reliability of a network intrusion rule by using an improved association attribute determination algorithm according to an embodiment of the present invention, and the flowchart is used as a basis for dynamically adjusting a rule base in an intrusion detection system.
Fig. 5 is a flowchart of encrypting data to be protected by a data encryption program to obtain encrypted data according to an embodiment of the present invention.
In the figure: 1. a data acquisition module; 2. a network access module; 3. a virus information acquisition module; 4. a network security monitoring module; 5. a central control module; 6. a network optimization module; 7. a data encryption module; 8. a data transmission module; 9. a data receiving module; 10. and a data decryption module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides a data privacy protection system, which is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, a data privacy protection system provided by an embodiment of the present invention includes:
the data acquisition module 1 is connected with the central control module 5 and is used for acquiring data through a data acquisition program to obtain data to be protected;
the network access module 2 is connected with the central control module 5 and is used for accessing the network through a network access program;
the virus information acquisition module 3 is connected with the central control module 5 and is used for acquiring virus information through a virus information acquisition program;
the network security monitoring module 4 is connected with the central control module 5 and used for searching viruses in the accessed network according to the acquired virus information through a network security monitoring program and obtaining a network security monitoring result according to a virus searching result;
the central control module 5 is connected with the data acquisition module 1, the network access module 2, the virus information acquisition module 3, the network security monitoring module 4, the network optimization module 6, the data encryption module 7, the data transmission module 8, the data receiving module 9 and the data decryption module 10, and is used for controlling the operation of each connection module of the main control computer and ensuring the normal operation of each module;
the network optimization module 6 is connected with the central control module 5 and used for optimizing the network according to the network safety monitoring result through a network optimization program and searching and killing viruses existing in the network to obtain an optimized network;
the data encryption module 7 is connected with the central control module 5 and used for encrypting data to be protected through a data encryption program to obtain encrypted data;
the data transmission module 8 is connected with the central control module 5 and is used for transmitting the encrypted data through a data transmission program;
the data receiving module 9 is connected with the central control module 5 and is used for receiving the encrypted data through a data receiving program;
and the data decryption module 10 is connected with the central control module 5 and is used for decrypting the received encrypted data through a data decryption program.
As shown in fig. 2, a data privacy protection method provided in an embodiment of the present invention includes the following steps:
s101, acquiring data by a data acquisition module through a data acquisition program to obtain data to be protected; accessing the network by using a network access program through a network access module; acquiring virus information by using a virus information acquisition program through a virus information acquisition module;
s102, searching viruses in the accessed network by using a network security monitoring program through a network security monitoring module according to the acquired virus information by using the network security monitoring program, and acquiring a network security monitoring result according to a virus searching result;
s103, controlling by the central control module through the operation of each connecting module of the main control machine to ensure the normal operation of each module;
s104, network optimization is carried out through a network optimization module by utilizing a network optimization program according to a network safety monitoring result, and viruses existing in the network are searched and killed to obtain an optimized network;
s105, encrypting the data to be protected by using a data encryption program through a data encryption module to obtain encrypted data; transmitting the encrypted data by using a data transmission program through a data transmission module;
s106, receiving the encrypted data by using a data receiving program through a data receiving module; and decrypting the received encrypted data by using the data decryption program through the data decryption module.
As shown in fig. 3, the network access performed by the network access program according to the embodiment of the present invention includes:
s201, preprocessing data and extracting characteristics of different types of network connection data;
s202, according to the extracted features, iteration and training are carried out through a generalized regression neural network and a fuzzy clustering algorithm to obtain a clustering result;
s203, calculating credibility estimated values of corresponding classifications by setting credibility weight vectors and a network connection credibility algorithm according to the clustering result;
s204, calculating the reliability of the network intrusion rule through an improved associated attribute judgment algorithm, and using the reliability as a basis for dynamically adjusting a rule base in the intrusion detection system;
s205, determining whether to establish the connection between the mobile terminal and the Internet according to the adjusted credibility;
and S206, after the connection between the mobile terminal and the Internet is determined to be established, accessing the network.
The clustering result obtained by iteration and training through the generalized regression neural network and the fuzzy clustering algorithm provided by the embodiment of the invention comprises the following steps:
classifying the data according to a fuzzy clustering algorithm, and calculating a clustering center of each class;
FCM combines n vectors xkDividing the data into c fuzzy classes, and calculating the clustering center c of each classiTo minimize the fuzzy objective function;
the objective function of fuzzy clustering is:
Figure BDA0002967717820000111
wherein d isij=||ci-xjI is the Euclidean distance of the sample vector from the center point, ciIs the center of the ith class, m is the number of samples, and j is the attribute column; the calculation formula of each cluster center is as follows:
Figure BDA0002967717820000121
calculating a membership value through a membership function to form a fuzzy matrix;
the membership function is:
Figure BDA0002967717820000122
selecting a training sample from the fuzzy matrix as the training input of the generalized neural network;
selecting m samples with the minimum distance from the central value in the fuzzy matrix as training samples, and using n x m groups of data as the training input of the generalized neural network; n is the number of classified intrusion data according to a fuzzy clustering algorithm, and m is data between 1 and 5;
predicting and outputting the type of intrusion data according to the training input of the generalized neural network; the generalized neural network consists of four-level structures of an input layer, a mode layer, a summation layer and an output layer;
data are subdivided into n classes, and a sample closest to the central value of each class is found out to be used as a training sample; and obtaining a clustering result.
As shown in fig. 4, the calculating of the reliability of the network intrusion rule by the improved association attribute determination algorithm according to the embodiment of the present invention is used as a basis for dynamically adjusting a rule base in an intrusion detection system, and includes:
s301, segmenting the rule base; selecting a random sample for each segment to be mined, and reading a frequent item set;
s302, generating a candidate item set according to the frequent item set;
s303, scanning the database, determining the support degree of each candidate set, and deleting the candidate set with the support degree smaller than a threshold value;
s304, merging frequent item sets of the segmented samples, and scanning and verifying;
s305, the credibility of the rule is adjusted again according to the credibility weight vector of the corresponding category attribute.
The support provided by the embodiments of the present invention is the ratio of the number of objects in the candidate set that contain random samples to the total number of objects.
The data preprocessing and feature extraction for different types of network connection data provided by the embodiment of the invention comprises the following steps:
taking n network connection records as a training set, taking the continuous attribute value of the ith record as a vector, and taking Xi={xi1,xi2,...,xijN, j 1..32, the standardized calculation formula is:
Figure BDA0002967717820000131
and is
Figure BDA0002967717820000132
Wherein the content of the first and second substances,
Figure BDA0002967717820000133
n is the number of records in the training set, j is the attribute column, AVGjAnd STDjMean and standard deviation, x 'of the j-th column attribute in a training set respectively'ijA value for each attribute;
normalizing each attribute value through an attribute calculation formula;
x 'by attribute calculation formula'ijNormalized to [0,1 ]]Interval, x "ijAs the value of the final sample attribute, the specific formula is as follows:
Figure BDA0002967717820000134
wherein, minjIs the minimum value of the j-th column attribute in the training set, MAXjIs the maximum value of the j-th column attribute in the training set.
The method for accessing the network after the connection between the mobile terminal and the internet is determined to be established comprises the following steps:
removing the dimension of each attribute, and carrying out vector normalization on the original matrix to obtain a normalized matrix R (R)ln)L×NWherein r islnIs composed of
Figure BDA0002967717820000135
Establishing a weighted standardized decision matrix V; the user module stores user preference weight information for representing different preference degrees of each attribute when the terminal selects the network, and the weight vector of the attribute is assumed to be W ═ Wl...wn...wN]T,wnIs a weight corresponding to the nth attribute, and
Figure BDA0002967717820000141
wherein the maximum wnThe attribute corresponding to the user's preference plays an important role in the network selection result, and each column of attribute value in the specification matrix R is multiplied by the corresponding weight to obtain a weighted standardized decision matrix V (V)ln)L×NWherein v islnIs composed of
vln=wnrln
Determining positive ideal schemes Q for all schemes+Sum negative ideal scheme Q-
Figure BDA0002967717820000142
Figure BDA0002967717820000143
The euclidian distances of the candidate schemes from the positive and negative ideal schemes are calculated separately.
Each candidate scheme and positive ideal scheme Q+Is a distance of
Figure BDA0002967717820000144
Is composed of
Figure BDA0002967717820000145
Distance of each candidate from negative ideal
Figure BDA0002967717820000146
Is composed of
Figure BDA0002967717820000147
Calculating the relative closeness of the candidate scheme to the positive ideal scheme
Figure BDA0002967717820000148
Figure BDA0002967717820000149
When distance between candidate scheme and negative ideal scheme
Figure BDA0002967717820000151
The larger the distance from the ideal solution
Figure BDA0002967717820000152
The smaller the size of the product is,
Figure BDA0002967717820000153
closer to 1, indicating closer to the positive ideal; when in
Figure BDA0002967717820000154
The smaller the size of the tube is,
Figure BDA0002967717820000155
the larger the size of the tube, the larger the tube,
Figure BDA0002967717820000156
closer to 0, indicating a negative ideal scenarioThe closer together;
the candidate solutions are ranked and the optimal solution is selected. According to the proximity of the candidate scheme to the ideal scheme
Figure BDA0002967717820000157
Will be provided with
Figure BDA0002967717820000158
As the utility function, selecting the candidate scheme with the maximum utility function value as the optimal network selection scheme l*Namely, it is
Figure BDA0002967717820000159
Scheme l*Is opened to perform access to the network.
As shown in fig. 5, the encrypting the data to be protected by the data encryption program according to the embodiment of the present invention to obtain the encrypted data includes:
s401, collecting data to be protected as data needing to be encrypted;
s402, encrypting the data needing to be encrypted through a data encryption algorithm to obtain encrypted data; the data encryption algorithm is a 3DES algorithm;
s403, collecting a first identification code for identifying a user or a terminal;
s404, calculating the first identification code and the encrypted data through a first data verification algorithm to obtain first verification data; the first data verification algorithm is an MD5 algorithm, and the first identification code is IMEI or IMSI;
s405, the encrypted data and the first check data are combined.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, and any modification, equivalent replacement, and improvement made by those skilled in the art within the technical scope of the present invention disclosed herein, which is within the spirit and principle of the present invention, should be covered by the present invention.

Claims (10)

1. A data privacy protection system, characterized in that the data privacy protection system comprises:
the data acquisition module is connected with the central control module and is used for acquiring data through a data acquisition program to obtain data to be protected;
the network access module is connected with the central control module and is used for accessing the network through a network access program;
the network access through the network access program comprises: carrying out data preprocessing and feature extraction on different types of network connection data;
the data preprocessing and feature extraction for the different types of network connection data comprises:
taking n network connection records as a training set, taking the continuous attribute value of the ith record as a vector, and taking Xi={xi1,xi2,...,xijN, j 1..32, the standardized calculation formula is:
Figure FDA0002967717810000011
and is
Figure FDA0002967717810000012
Wherein the content of the first and second substances,
Figure FDA0002967717810000013
n is the number of records in the training set, j is the attribute column, AVGjAnd STDjMean and standard deviation, x 'of the j-th column attribute in a training set respectively'ijA value for each attribute;
normalizing each attribute value through an attribute calculation formula;
x 'by attribute calculation formula'ijNormalized to [0,1 ]]Interval, x "ijAs a final sampleThe specific formula of the attribute value is as follows:
Figure FDA0002967717810000014
wherein, minjIs the minimum value of the j-th column attribute in the training set, MAXjThe maximum value of the j-th column of attributes in the training set;
the accessing of the network through the network access program further comprises:
according to the extracted features, iteration and training are carried out through a generalized regression neural network in combination with a fuzzy clustering algorithm to obtain a clustering result;
calculating credibility estimated values of corresponding classifications by setting credibility weight vectors and a network connection credibility algorithm according to the clustering result;
calculating the reliability of the network intrusion rule through an improved associated attribute judgment algorithm, and using the reliability as a basis for dynamically adjusting a rule base in an intrusion detection system;
determining whether to establish connection between the mobile terminal and the internet according to the adjusted credibility;
after the connection between the mobile terminal and the internet is determined to be established, the network is accessed;
the clustering result obtained by iteration and training through the generalized regression neural network and the fuzzy clustering algorithm comprises the following steps:
classifying the data according to a fuzzy clustering algorithm, and calculating a clustering center of each class;
FCM combines n vectors xkDividing the data into c fuzzy classes, and calculating the clustering center c of each classiTo minimize the fuzzy objective function;
the objective function of fuzzy clustering is:
Figure FDA0002967717810000021
wherein d isij=||ci-xjI is the Euclidean distance of the sample vector from the center point, ciIs the center of class i, m is the sampleNumber, j is an attribute column; the calculation formula of each cluster center is as follows:
Figure FDA0002967717810000022
calculating a membership value through a membership function to form a fuzzy matrix;
the membership function is:
Figure FDA0002967717810000023
selecting a training sample from the fuzzy matrix as the training input of the generalized neural network;
selecting m samples with the minimum distance from the central value in the fuzzy matrix as training samples, and using n x m groups of data as the training input of the generalized neural network; n is the number of classified intrusion data according to a fuzzy clustering algorithm, and m is data between 1 and 5;
predicting and outputting the type of intrusion data according to the training input of the generalized neural network; the generalized neural network consists of four-level structures of an input layer, a mode layer, a summation layer and an output layer;
data are subdivided into n classes, and a sample closest to the central value of each class is found out to be used as a training sample; obtaining a clustering result;
the virus information acquisition module is connected with the central control module and is used for acquiring virus information through a virus information acquisition program;
the network security monitoring module is connected with the central control module and used for searching viruses in the accessed network according to the acquired virus information through a network security monitoring program and acquiring a network security monitoring result according to a virus searching result;
and the central control module is connected with the data acquisition module, the network access module, the virus information acquisition module and the network security monitoring module and is used for controlling the operation of each connection module of the main control computer to ensure the normal operation of each module.
2. The data privacy protection system of claim 1, further comprising:
the network optimization module is connected with the central control module and used for optimizing the network according to the network safety monitoring result through a network optimization program and checking and killing viruses existing in the network to obtain an optimized network;
the data encryption module is connected with the central control module and used for encrypting the data to be protected through a data encryption program to obtain encrypted data;
the data transmission module is connected with the central control module and is used for transmitting the encrypted data through a data transmission program;
the data receiving module is connected with the central control module and is used for receiving the encrypted data through a data receiving program;
and the data decryption module is connected with the central control module and is used for decrypting the received encrypted data through a data decryption program.
3. The data privacy protection system of claim 1, wherein the calculating the credibility of the network intrusion rule through the improved association attribute decision algorithm as a basis for dynamic adjustment of a rule base in the intrusion detection system comprises:
segmenting the rule base; selecting a random sample for each segment to be mined, and reading a frequent item set;
generating a candidate item set according to the frequent item set;
scanning the database, determining the support degree of each candidate set, and deleting the candidate sets with the support degrees smaller than a threshold value;
merging frequent item sets of the segmented samples, and scanning and verifying;
and adjusting the credibility of the rule again according to the credibility weight vector of the corresponding category attribute.
4. The data privacy protection system of claim 3, wherein the support is a ratio of a number of things in the candidate set that contain a random sample to a number of everything.
5. The data privacy protection system of claim 1, wherein the accessing the network after determining to establish the connection between the mobile terminal and the internet comprises:
removing the dimension of each attribute, and carrying out vector normalization on the original matrix to obtain a normalized matrix R (R)1n)L×NWherein r is1nIs composed of
Figure FDA0002967717810000041
Establishing a weighted standardized decision matrix V; the user module stores user preference weight information for representing different preference degrees of each attribute when the terminal selects the network, and the weight vector of the attribute is assumed to be W ═ W1...wn...wN]T,wnIs a weight corresponding to the nth attribute, and
Figure FDA0002967717810000042
wherein the maximum wnThe attribute corresponding to the user's preference plays an important role in the network selection result, and each column of attribute values in the specification matrix R is multiplied by the corresponding weight to obtain a weighted and standardized decision matrix V (V ═ mln)L×NWherein v islnIs composed of
wln=wnnrl
Determining positive ideal schemes Q for all schemes+Sum negative ideal scheme Q-
Figure FDA0002967717810000051
Figure FDA0002967717810000052
The euclidian distances of the candidate schemes from the positive and negative ideal schemes are calculated separately.
Each candidate scheme and positive ideal scheme Q+S distance ofl +Is composed of
Figure FDA0002967717810000053
Distance S between each candidate solution and negative ideal solutionl -Is composed of
Figure FDA0002967717810000055
Calculating the relative closeness A of the candidate scheme and the positive ideal schemel +
Figure FDA0002967717810000057
When the distance S between the candidate scheme and the negative ideal schemel -The larger, the distance S from the positive ideal solutionl +The smaller, Al +Closer to 1, indicating closer to the positive ideal; when S isl -The smaller, Sl +The larger, Al +Closer to 0, indicating closer to negative ideal;
the candidate solutions are ranked and the optimal solution is selected. According to the proximity A of the candidate scheme and the ideal schemel +A isl +As the utility function, selecting the candidate scheme with the maximum utility function value as the optimal network selection scheme l*Namely, it is
Figure FDA0002967717810000061
Scheme l*Is opened to perform access to the network.
6. The data privacy protection system of claim 1, wherein the encrypting the data to be protected by the data encryption program to obtain encrypted data comprises:
collecting data to be protected as data to be encrypted;
encrypting the data to be encrypted through a data encryption algorithm to obtain encrypted data; the data encryption algorithm is a 3DES algorithm;
collecting a first identification code for identifying a user or a terminal;
calculating the first identification code and the encrypted data through a first data verification algorithm to obtain first verification data; the first data verification algorithm is an MD5 algorithm, and the first identification code is IMEI or IMSI;
and combining the encrypted data and the first check data.
7. A data privacy protection method is characterized by comprising the following steps:
acquiring data by a data acquisition module through a data acquisition program to obtain data to be protected; accessing the network by using a network access program through a network access module; acquiring virus information by using a virus information acquisition program through a virus information acquisition module;
searching viruses in the accessed network by using a network security monitoring program through a network security monitoring module according to the acquired virus information, and acquiring a network security monitoring result according to a virus searching result;
thirdly, the central control module controls the operation of each connecting module of the main control machine to ensure the normal operation of each module;
fourthly, network optimization is carried out through a network optimization module by utilizing a network optimization program according to a network safety monitoring result, and viruses existing in the network are searched and killed to obtain an optimized network;
fifthly, encrypting the data to be protected by using a data encryption program through a data encryption module to obtain encrypted data; transmitting the encrypted data by using a data transmission program through a data transmission module;
step six, receiving the encrypted data by using a data receiving program through a data receiving module; and decrypting the received encrypted data by using the data decryption program through the data decryption module.
8. The method for protecting data privacy of claim 7, wherein the first step of accessing the network through the network access program comprises:
(1) carrying out data preprocessing and feature extraction on different types of network connection data;
(2) according to the extracted features, iteration and training are carried out through a generalized regression neural network in combination with a fuzzy clustering algorithm to obtain a clustering result;
(3) calculating credibility estimated values of corresponding classifications by setting credibility weight vectors and a network connection credibility algorithm according to the clustering result;
(4) calculating the reliability of the network intrusion rule through an improved associated attribute judgment algorithm, and using the reliability as a basis for dynamically adjusting a rule base in an intrusion detection system;
(5) determining whether to establish connection between the mobile terminal and the internet according to the adjusted credibility;
(6) and after the connection between the mobile terminal and the internet is determined to be established, accessing the network.
9. An information data processing terminal, characterized in that the information data processing terminal comprises a memory and a processor, the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to execute the functions of the data privacy protection system of any one of claims 1 to 6.
10. A computer readable storage medium storing instructions that, when executed on a computer, cause the computer to apply the functionality of the data privacy protection system of any one of claims 1-6.
CN202110256791.4A 2021-03-09 2021-03-09 Data privacy protection system and protection method Withdrawn CN112861160A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110256791.4A CN112861160A (en) 2021-03-09 2021-03-09 Data privacy protection system and protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110256791.4A CN112861160A (en) 2021-03-09 2021-03-09 Data privacy protection system and protection method

Publications (1)

Publication Number Publication Date
CN112861160A true CN112861160A (en) 2021-05-28

Family

ID=75993712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110256791.4A Withdrawn CN112861160A (en) 2021-03-09 2021-03-09 Data privacy protection system and protection method

Country Status (1)

Country Link
CN (1) CN112861160A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114925399A (en) * 2022-05-27 2022-08-19 国科华盾(北京)科技有限公司 Network security management system achieving privacy protection under cloud data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114925399A (en) * 2022-05-27 2022-08-19 国科华盾(北京)科技有限公司 Network security management system achieving privacy protection under cloud data

Similar Documents

Publication Publication Date Title
WO2021042843A1 (en) Alert information decision method and apparatus, computer device and storage medium
Karami et al. A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks
Jha et al. Intrusion detection system using support vector machine
Sudar et al. Analysis of intruder detection in big data analytics
Upendran et al. Optimization based classification technique for intrusion detection system
CN114491524A (en) Big data communication system applied to intelligent network security
CN110276195A (en) A kind of smart machine intrusion detection method, equipment and storage medium
CN112800045A (en) Big data-based data information analysis system
Guangxu Research on computer network information security based on improved machine learning
CN117675387B (en) Network security risk prediction method and system based on user behavior analysis
Chen et al. An improved density peaks clustering algorithm based on grid screening and mutual neighborhood degree for network anomaly detection
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
CN112861160A (en) Data privacy protection system and protection method
Fries Classification of network traffic using fuzzy clustering for network security
CN117527369A (en) Hash function-based android malicious attack monitoring method and system
CN117236699A (en) Network risk identification method and system based on big data analysis
CN116739605A (en) Transaction data detection method, device, equipment and storage medium
Jie Research on malicious TLS traffic identification based on hybrid neural network
Kim et al. A lightweight network anomaly detection technique
EP4254241A1 (en) Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same
CN113468497A (en) Information protection system based on Internet of things
Khaleefah et al. Detection of iot botnet cyber attacks using machine learning
CN115118525A (en) Internet of things safety protection system and protection method thereof
Hamdan et al. A Two-Tier Anomaly-based Intrusion Detection Approach for IoT-Enabled Smart Cities
CN112383551A (en) Network intrusion detection method based on machine learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210528