CN113746866A - Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium - Google Patents

Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium Download PDF

Info

Publication number
CN113746866A
CN113746866A CN202111290584.7A CN202111290584A CN113746866A CN 113746866 A CN113746866 A CN 113746866A CN 202111290584 A CN202111290584 A CN 202111290584A CN 113746866 A CN113746866 A CN 113746866A
Authority
CN
China
Prior art keywords
target
data
processing
dimension
gatekeeper
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111290584.7A
Other languages
Chinese (zh)
Other versions
CN113746866B (en
Inventor
丁伟斌
纪德良
蓝飞
项忠正
孙泉辉
金绍君
周升
包迅格
胡俊辉
周政
卞京
胡笑吟
林捷
汪娟玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Zhejiang Huayun Information Technology Co Ltd
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Zhejiang Huayun Information Technology Co Ltd
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Zhejiang Huayun Information Technology Co Ltd, Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN202111290584.7A priority Critical patent/CN113746866B/en
Publication of CN113746866A publication Critical patent/CN113746866A/en
Application granted granted Critical
Publication of CN113746866B publication Critical patent/CN113746866B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Abstract

The invention provides a method, a device and a storage medium for transmitting multi-dimensional internetwork information based on a middle station, wherein the method comprises the following steps: the method comprises the steps that a middle station processes a data request of an external request end to obtain a data range dimension and a data range magnitude of the data request; if the number of the dimension network gates in the idle state is larger than 1, determining the number of the target network gates for data transmission and the target network gates based on the data range quantity value; if the number of the target gatekeepers is larger than 1, dividing target data of a data source in the internal storage terminal based on the data range quantity value and the processing attribute of the processing unit to obtain a division result; the middle station disconnects an external network communication link between an external request end and a target gatekeeper, divides a data source of an internal storage end based on a division result to obtain a plurality of subdata and respectively sends the subdata to processing units corresponding to different target gatekeepers; the intermediate station disconnects an intranet communication link between the internal storage end and the target gatekeeper, and the target gatekeeper respectively sends the externally transmitted data to the external request end.

Description

Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium
Technical Field
The present invention relates to data transmission technologies, and in particular, to a method, an apparatus, and a storage medium for transmitting multidimensional internetwork information based on a middlebox.
Background
The state clearly stipulates that the secret-related network needs to be kept isolated from the Internet, so that the network threat from the Internet is avoided, and the information security is ensured. However, the confidential networks, such as the upper and lower levels in the industry and the different industry departments, are in an untrusted relationship with each other, and the information circulation will cause security and intercommunication problems, so that corresponding security measures must be taken to ensure the security of the confidential intranet, and at present, the following methods are commonly used:
and the information exchange under isolation is realized by adopting a manual copying mode. The confidential network is usually physically isolated from the outside, and when information needs to be exchanged between the confidential network and the external Internet, a special data server or other pluggable mobile storage media is usually arranged in the middle area and is realized by trusted personnel in a manual copying mode. By means of manual copying, threats such as hacking from untrusted networks are indeed avoided, but new problems are brought about. Firstly, the manual input management cost is high, and personnel must be input to participate in data copying work; secondly, the manual copying has poor real-time performance, and cannot exert the advantage of rapid communication brought by a network information technology; finally, the frequent use of floppy disks or other storage media increases the ways and chances of virus and trojan programs propagation, creating new security issues.
Except for ensuring that the information exchange is realized by manual copying under the condition of physical isolation, other departments adopt a firewall between the confidential intranets to realize the logical isolation between the confidential intranets and other private networks. But the firewall development still has the following weaknesses: firstly, a firewall cannot resist data-driven attacks, namely a large number of legal data packets cause network congestion to cause normal communication paralysis; secondly, the firewall is difficult to prevent the intrusion initiated by the vulnerability of the universal protocol; again, defects in the firewall system itself are also important issues affecting the security of the internal network. In addition, the firewall can only be configured correctly and reasonably to play the safety role of the firewall, and the complexity of configuration brings troublesome workload to network management personnel and also increases hidden troubles caused by improper configuration.
The GAP (gatekeeper) technology is a technology for realizing secure data transmission and resource sharing by using dedicated hardware to make two or more networks disconnected. The basic principle of the GAP technology is as follows: cutting off the general protocol connection between networks; decomposing or recombining the data packet into static data; performing security inspection on static data, including network protocol inspection, code scanning and the like; the confirmed safety data flows into the internal unit; the internal user obtains the required data through a strict identity authentication mechanism. Because of using self-defined safe transmission protocol, the system needs to complete the work of fragmenting and transmitting the file at the bottom layer, and to reorganize and detect the file at the other end.
In the actual request and the acquisition scene of data, different roles can have different requirements on different data, in the same data source, different request main bodies have different request authorities on the data source, although the gatekeeper can play a role in protecting the data to a certain extent, when one gatekeeper corresponds to the request main bodies of a plurality of different data authorities, the gatekeeper cannot transmit the data to a plurality of request main bodies simultaneously, the efficiency is low, and the gatekeeper cannot be applied to the high-concurrency scene.
Disclosure of Invention
The embodiment of the invention provides a method, a device and a storage medium for transmitting multi-dimensional internetwork information based on a middle station, which can simultaneously regulate and control a plurality of gatekeepers to transmit data according to different role authorities in a high data quantity value transmission scene, and ensure the data transmission efficiency.
In a first aspect of the embodiments of the present invention, a method for transmitting multidimensional internetwork information based on a middle station is provided, where the middle station includes a plurality of corresponding processing units and gatekeepers, the gatekeepers are respectively connected to an internal storage end and an external request end through an internal network and an external network, and the internetwork information transmission between the internal network and the external network is performed through the following steps:
the method comprises the steps that a middle station processes a data request of an external request end to obtain a data range dimension and a data range magnitude of the data request, and a dimension gatekeeper of a corresponding dimension is determined based on the data range dimension;
if the number of the dimension network gates in the idle state is larger than 1, determining the number of the target network gates for data transmission and the target network gates based on the data range quantity value;
if the number of the target gatekeepers is larger than 1, dividing the target data of the data source in the internal storage terminal based on the data range quantity value and the processing attribute of the processing unit to obtain a division result, wherein the division result comprises the processing proportion of each target gatekeeper to the target data;
the middle station breaks an external network communication link between an external request end and a target gateway to enable an internal network communication link between an internal storage end and the target gateway to be communicated, a data source of the internal storage end is divided based on the division result to obtain a plurality of subdata, the subdata is sent to processing units corresponding to different target gateways respectively, and the different processing units obtain external transmission data for the received subdata according to preset processing strategies;
the intermediate station disconnects an intranet communication link between the internal storage end and the target gateway, so that an extranet communication link between the external request end and the target gateway is communicated, and the target gateway sends the externally transmitted data to the external request end respectively.
Optionally, in a possible implementation manner of the first aspect, the processing, by the central station, of the data request of the external request end to obtain a data range dimension and a data range magnitude of the data request, and the determining, based on the data range dimension, the dimension gatekeeper of the corresponding dimension includes:
the method comprises the steps that a middle station obtains a source table, wherein the source table comprises a data range dimension corresponding to each role and a data quantity value of each preset unit time under the data range dimension;
generating a target table from data corresponding to the role information and the time information of the data request in a source table, wherein the target table has a data range dimension and a data range magnitude of the data request;
determining a dimension gatekeeper based on data range dimensions of the target table.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
monitoring a data source in an internal storage end to generate a source table, wherein the source table comprises a data range dimension of each part of data in the data source, a role corresponding to the data range dimension, and a data quantity value of each preset unit time in each data range dimension;
and establishing a communication link between the central station and the internal storage terminal through a transmission network gate, and sending the source table to the central station based on the transmission network gate.
Optionally, in a possible implementation manner of the first aspect, if the number of dimension gatekeepers in the idle state is greater than 1, determining, based on the data range quantity value, the number of target gatekeepers for data transmission and the target gatekeepers includes:
if the number of dimension network gates in an idle state is more than 1, extracting data magnitude values of all preset unit time in the target table to generate a total magnitude value corresponding to the target table, wherein the data range magnitude value comprises the total magnitude value;
the number of target gatekeepers is determined by the following formula,
Figure 441509DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 952125DEST_PATH_IMAGE002
as to the number of the target gatekeepers,
Figure 200704DEST_PATH_IMAGE003
is the first in the target tableiThe amount of data per unit time is,
Figure 189389DEST_PATH_IMAGE004
is as follows
Figure 472602DEST_PATH_IMAGE005
Number of
Depending on the nominal process value for the range dimension,
Figure 560644DEST_PATH_IMAGE006
is as follows
Figure 421153DEST_PATH_IMAGE005
A weight value for a dimension of the data range,
Figure 88894DEST_PATH_IMAGE007
the number of dimension gates;
and randomly selecting the dimension gatekeeper corresponding to the number of the target gatekeepers from the dimension gatekeepers in the idle states as the target gatekeepers.
Optionally, in a possible implementation manner of the first aspect, if the number of the target gatekeepers is greater than 1, dividing target data of a data source in an internal storage based on the data range value and a processing attribute of the processing unit to obtain a division result, where the dividing includes:
acquiring the processing frequency of a processing unit corresponding to each target gatekeeper, and the transmission rate of the target gatekeeper and an internal storage end, wherein the processing attributes comprise the processing frequency and the transmission rate;
acquiring a total amount value of a target table corresponding to the target data;
and dividing the plurality of target gatekeepers based on the total amount value, the processing frequency and the transmission rate of the target table corresponding to the target data to obtain the processing proportion of each processing unit and the target gatekeepers to the target data.
Optionally, in a possible implementation manner of the first aspect, the dividing the multiple target gatekeepers based on the total amount value of the target table corresponding to the target data, the processing frequency, and the transmission rate to obtain the processing proportion of each processing unit and the target gatekeeper to the target data includes:
calculating the processing transmission ratio of each processing unit and the target gatekeeper to the target data through the following formula,
Figure 85669DEST_PATH_IMAGE008
wherein the content of the first and second substances,
Figure 547875DEST_PATH_IMAGE009
is as followsaThe ratio of the processing of the target data by each target gatekeeper,
Figure 161259DEST_PATH_IMAGE010
is as followsaThe place corresponding to the target gateThe frequency of the processing of the physical unit,
Figure 367112DEST_PATH_IMAGE011
is as followsaThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 483972DEST_PATH_IMAGE012
is as followsaThe transmission rate corresponding to each target gatekeeper,
Figure 382658DEST_PATH_IMAGE013
is as followsaThe transmission weight corresponding to each target gatekeeper,
Figure 217759DEST_PATH_IMAGE014
is as followsdThe processing frequency of the processing unit corresponding to each target gatekeeper,
Figure 961724DEST_PATH_IMAGE015
is as followsdThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 401933DEST_PATH_IMAGE016
is as followsdThe transmission rate corresponding to each target gatekeeper,
Figure 330575DEST_PATH_IMAGE017
is as followsdThe transmission weight corresponding to each target gatekeeper.
Optionally, in a possible implementation manner of the first aspect, the method further includes:
obtaining the number of the target gatekeepers to generate a processing proportion set related to the target gatekeepers
Figure 528338DEST_PATH_IMAGE018
Wherein
Figure 200628DEST_PATH_IMAGE019
Is as follows
Figure 964184DEST_PATH_IMAGE020
A processing unit and a target gatekeeperThe processing transmission ratio of the target data,
Figure 204673DEST_PATH_IMAGE020
the maximum value of the number of the target gatekeepers;
by the following formula pair
Figure 483207DEST_PATH_IMAGE019
The corresponding processing unit and the target gatekeeper calculate the processing transmission ratio,
Figure 834554DEST_PATH_IMAGE021
for the processing transmission ratio corresponding to the processing unit and the target gatekeeper calculated last in the processing ratio set,
Figure 780513DEST_PATH_IMAGE022
wherein the content of the first and second substances,
Figure 988641DEST_PATH_IMAGE023
is as follows
Figure 895417DEST_PATH_IMAGE024
The processing unit and the target gatekeeper process and transmit proportion of the target data.
Optionally, in a possible implementation manner of the first aspect, mutual exclusion logic is respectively set at an intranet communication link and an extranet communication link of the same gatekeeper, where the mutual exclusion logic is:
when the intranet communication link is in a path, the extranet communication link is in a disconnected state;
when the outer network communication link is in the access, the inner network communication link is in the disconnection state.
In a second aspect of the embodiments of the present invention, there is provided a multidimensional internetwork information transmission device based on a middle station, where the middle station includes a plurality of corresponding processing units and gatekeepers, the gatekeepers are respectively connected to an internal storage end and an external request end through an internal network and an external network, and perform internetwork information transmission between the internal network and the external network through the following devices, including:
the processing module is used for enabling the middle station to process the data request of the external request end to obtain the data range dimension and the data range magnitude of the data request, and determining the dimension gatekeeper of the corresponding dimension based on the data range dimension;
the gatekeeper determining module is used for determining the number of target gatekeepers for data transmission and the target gatekeepers based on the data range quantity value if the number of dimension gatekeepers in the idle state is greater than 1;
a first proportion dividing module, configured to, if the number of the target gatekeepers is greater than 1, divide target data of a data source in an internal storage end based on the data range quantity value and a processing attribute of the processing unit to obtain a division result, where the division result includes a processing proportion of each target gatekeeper to the target data;
the first transmission module is used for enabling the middle station to disconnect an external network communication link between an external request end and a target gateway, enabling an internal network communication link between an internal storage end and the target gateway to be communicated, dividing a data source of the internal storage end based on a division result to obtain a plurality of subdata, and then respectively sending the subdata to processing units corresponding to different target gateways, wherein the different processing units obtain external transmission data for the received subdata according to preset processing strategies;
and the second transmission module is used for disconnecting the intranet communication link between the internal storage end and the target gateway by the middle station, so that the extranet communication link between the external request end and the target gateway is communicated, and the target gateway respectively transmits the externally transmitted data to the external request end.
In a third aspect of the embodiments of the present invention, a readable storage medium is provided, in which a computer program is stored, which, when being executed by a processor, is adapted to carry out the method according to the first aspect of the present invention and various possible designs of the first aspect of the present invention.
According to the multi-dimensional internetwork information transmission method, device and storage medium based on the middleboxes, communication connection is established between the gateways with different dimensions and the request ends with different roles by arranging the gateways, and target data are transmitted. In the data transmission process, a plurality of communication links can be established through a plurality of gateways to realize the parallel transmission of data, so that the data transmission can be carried out by regulating and controlling the plurality of gateways according to different role authorities in the scene of high data value transmission requirements, and the data transmission efficiency is ensured.
According to the technical scheme provided by the invention, data are counted and positioned in a table form, namely, the range and the magnitude of the data in the source table are determined according to the role information and the time information of the external request terminal to obtain the target table, and then the data range magnitude is obtained according to the target table. The invention can make the external request end request the data at the customization position according to the requirement, so that each external request end determines the corresponding range and the quantity value of the data according to the requirement.
When a plurality of target gateways are determined, the target gateways are determined according to the total amount value corresponding to the target table and the rated processing value of each data range dimension, so that the corresponding number of the target gateways are matched with data transmission when a data request of an external request end is processed. The larger the data range magnitude is, the more the number of the distributed processing units and the target gatekeepers is, and the smaller the data range magnitude is, the less the number of the distributed processing units and the target gatekeepers is, so that the data with different data range magnitudes can have convergent data transmission time, the multiple processing units and the target gatekeepers are reasonably distributed, and the external request terminals with different requirements have better experience effects.
When the target data are divided into the plurality of processing units and the target gatekeeper, the processing frequency and the transmission rate of each processing unit and the target gatekeeper are fully considered, and the data with the corresponding proportion are distributed to each processing unit and the target gatekeeper by combining the total value of the target table, so that the distribution of the target data is more reasonable, and the data transmission efficiency and the robustness of the system are improved.
Drawings
Fig. 1 is a flowchart of a first embodiment of a method for transmitting multidimensional internetwork information based on a middlebox;
fig. 2 is a flowchart of a second embodiment of a method for transmitting multidimensional internetwork information based on a middle station;
FIG. 3 is a schematic diagram of a connection structure between an internal storage and an external request;
fig. 4 is a block diagram of a first embodiment of a method for transmitting multi-dimensional internetwork information based on a middle station.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the internal logic of the processes, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should be understood that in the present application, "comprising" and "having" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present invention, "a plurality" means two or more. "and/or" is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "comprises A, B and C" and "comprises A, B, C" means that all three of A, B, C comprise, "comprises A, B or C" means that one of A, B, C comprises, "comprises A, B and/or C" means that any 1 or any 2 or 3 of A, B, C comprises.
It should be understood that in the present invention, "B corresponding to a", "a corresponds to B", or "B corresponds to a" means that B is associated with a, and B can be determined from a. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
The invention provides a multidimensional internetwork information transmission method based on a middle station, wherein the middle station comprises a plurality of corresponding processing units and a gatekeeper, and the gatekeeper is respectively connected with an internal storage end and an external request end through an internal network and an external network. The technical method and the technical scheme provided by the invention can be completed based on the middlings of a certain enterprise, a certain department and an organization. The intranet and extranet in the present invention do not refer to only the intranet and extranet (e.g., internet) in the conventional sense. For example, if data stored in the first local area network is requested to be accessed by related devices in the second local area network, the storage end of the first local area network storing the data is used as an internal storage end, the first local area network is used as an internal network, the second local area network is used as an external network, and a terminal in the second local area network, which wants to access the data stored in the first local area network, is used as an external request end.
As shown in fig. 1, the method for transmitting information between an internal network and an external network includes the following steps:
step S110, the middle station processes the data request of the external request end to obtain the data range dimension and the data range magnitude of the data request, and determines the dimension gatekeeper of the corresponding dimension based on the data range dimension.
In the technical solution provided by the present invention, as shown in fig. 2, step S110 specifically includes:
step S1101, the middle station acquires a source table, where the source table includes a data range dimension corresponding to each role, and a data quantity value of each preset unit time under the data range dimension.
In a possible implementation scenario, the technical solution of the present invention may be applied to a power grid enterprise, for example, the central station of the present invention is a central station of a certain regional local power management department, the internal storage end is a device for storing data of the regional local power management department, and the internal storage end may be a device with a data storage function, such as a server and a database. The data in the internal storage terminal may be power consumption data of all users in the administrative district. Since each administrative district may include a plurality of towns, for example, a mountain area in beijing city may include a zhou kou shop town, a korean village town, and the like, for convenience of explanation, different towns are named as a first town and a second town in the present invention. Each town may have rights and requirements to view electricity usage data for each household of the respective town, but not to view other towns. Therefore, the data range dimension corresponding to each role is the dimension through which data can be viewed, that is, each town (role) can only view the power consumption data of the corresponding data range dimension. The source table may be as shown in table 1,
Figure 643930DEST_PATH_IMAGE025
data range dimension 1 may correspond to a role of a first or second town. The preset unit time 1 may be a period of time, such as a day, a week, a month, etc. The preset unit time 1 may be 18 days at 9/2021, 19 days at 9/2021, or the like. The data size 25 is a data size of a preset unit time 1 corresponding to the data range dimension 1, for example, the data size of the first town in 2021, 9, month and 18, the unit of the data size may be GB, TB, and the like, and the unit of the data size is not limited in the present invention.
Step S1102, generating a target table from data corresponding to the role information and the time information of the data request in the source table, where the target table has a data range dimension and a data range magnitude of the data request. For example, if the role information of the request data request is the first town and the time information includes the preset unit time 1 and the preset unit time 2, the target table at this time is shown in table 2,
Figure 585341DEST_PATH_IMAGE026
through the method, the target table can be generated quickly, the data requirements of the corresponding role and the external request end are determined through the target table, and the data are positioned.
Step S1103, determining a dimension gatekeeper based on the data range dimension of the target table. The external request side data of different roles have different requirements for data, and some sensitive data may exist in some scenes. For example, a district-level statistics department and a data range dimension H do not need electricity consumption data of a specific user, but need to count electricity consumption data of the whole district, and in order to guarantee security such as privacy, the district-level power management department sends desensitized data to the district-level statistics department, so that different processing units and gatekeepers need to be determined according to situations, and some processing units have a desensitization function.
For example, as shown in fig. 3, the present invention includes a plurality of processing units and gatekeepers, and some of the processing units have a desensitization function, so the present invention classifies the processing units having a desensitization function and corresponding gatekeepers as one dimension, and classifies the processing units having no desensitization function and corresponding gatekeepers as one dimension. The invention can determine the dimension gatekeeper corresponding to the corresponding data request terminal according to the dimension and the role of the data range. The Tth processing unit and the Tth gatekeeper have the same dimension.
The method and the device can extract the sensitive data in the data source according to the sensitive preset condition. The sensitive preset conditions include a plurality of preset text formats, the mobile phone number and the address are taken as examples in the invention, for example, a user in the electricity consumption data is an electricity consumption account registered through the mobile phone number, and the electricity consumption is recorded through the electricity consumption account, at this time, the invention can count the mobile phone number of the user and the electricity consumption address of the user, for example, the mobile phone number of the user is 13577689980, and the address is 88 in the village, the village and the village of the townhe in the mountainous area of beijing city. At this time, the cell phone number 13577689980 and the address 88 of the area of Beijing city, mountain area, Han village 1 in Han village town are sensitive data, and cannot be leaked out at will. The preset text format of the mobile phone number is 1XXXXXXXXXX, namely the preset text format of the mobile phone number is triggered as long as 11 continuous numbers with 1 beginning exist, the preset text format of the address can be XX town XX street/village in XX city XX area, and when the city, the district, the town, the street/village appear, the preset text format of the address is considered to be the preset text format of the starting address.
Sensitive data within the data source is masked based on the number of masks and the location of the masks. After the mask number and the mask position are obtained, the sensitive data are processed according to the mask number and the mask position, for example, if the mobile phone number 13577689980 of the sensitive data is described, the mask number is 5, and the mask position is a rear position, the data after masking the mobile phone number 13577689980 of the sensitive data is 135776 xxxx. The mask number and the mask position may be input in advance.
And step S120, if the number of the dimension gatekeepers in the idle state is greater than 1, determining the number of the target gatekeepers for data transmission and the target gatekeepers based on the data range quantity value. Because the invention can carry out data transmission and interaction with a plurality of external request terminals, the number of idle dimension gates can be different at different time, and when the number of the idle dimension gates is 1, the idle dimension gates can only be used for carrying out data transmission. When the number of the idle dimension gatekeepers is 0, waiting is needed, and data transmission is performed again until the number of the idle dimension gatekeepers is 1. When the number of dimension gatekeepers in an idle state is larger than 1, the invention selects a proper number of dimension gatekeepers to transmit data, and determines the number of target gatekeepers for transmitting data and the target gatekeepers according to the data range value. The invention can not directly pick all idle dimension gatekeepers to carry out data transmission, thereby ensuring that the next data transmission task can have the idle gatekeepers as far as possible, namely, the data transmission can be carried out immediately when the next external request terminal carries out the task and interaction of the data request, and the user experience of each user is improved.
According to the technical scheme provided by the invention, if the number of the dimension gatekeepers in the idle state is more than 1, the step of determining the number of the target gatekeepers for data transmission and the target gatekeepers based on the data range magnitude comprises the following steps:
and judging that the number of the dimension network gates in the idle state is more than 2, extracting the data magnitude values of all preset unit time in the target table to generate a total value corresponding to the target table, wherein the data range magnitude values comprise the total value. As shown in the target table as table 2, the total amount value was 25+17= 42.
The number of target gatekeepers is determined by the following formula,
Figure 309844DEST_PATH_IMAGE027
wherein the content of the first and second substances,
Figure 500654DEST_PATH_IMAGE002
as to the number of the target gatekeepers,
Figure 193804DEST_PATH_IMAGE028
is the first in the target tableiThe amount of data per unit time is,
Figure 583197DEST_PATH_IMAGE004
is as follows
Figure 336389DEST_PATH_IMAGE005
A nominal process magnitude for a data range dimension,
Figure 342391DEST_PATH_IMAGE006
is as follows
Figure 839232DEST_PATH_IMAGE029
A weight value for a dimension of the data range,
Figure 879869DEST_PATH_IMAGE007
the number of dimension gates.
Figure 538383DEST_PATH_IMAGE004
The value of (a) may be preset, for example, 10, 20, 30, etc., and the nominal throughput value may be a throughput value within a preset time. For example, the present invention needs to use a gatekeeper to preferably transmit at least a certain amount of data during data transmission, and the at least certain amount of data transmitted can be a rated throughput value, so as to improve the overall data transmission efficiency of the technical solution provided by the present invention.
Figure 31682DEST_PATH_IMAGE006
The method can be adjusted according to the weighted value of the dimension of the data range, because the desensitization data and the non-desensitization data have different data transmission processing time and data transmission time, the method can be used for adjusting the data transmission time according to the data transmission time
Figure 801054DEST_PATH_IMAGE006
And influencing and adjusting the number of the target gatekeepers determined by different data range dimensions, so that the calculated number of the target gatekeepers is more suitable for the current scene.
In one possible case of the above-mentioned,
Figure 696198DEST_PATH_IMAGE002
will be fractional, a preferred embodiment of the invention is to remove the fractional part, for example if
Figure 525614DEST_PATH_IMAGE002
Is 2.4, then the final
Figure 771787DEST_PATH_IMAGE002
Will be determined as 2 if
Figure 938327DEST_PATH_IMAGE002
3.8, the final
Figure 297764DEST_PATH_IMAGE002
Will be identified as 3, which in the above manner is identified as a natural number.
In a high concurrency scenario, a situation that only a small number of dimension gatekeepers are idle may occur, resulting in a state that a target gatekeeper is less than the dimension gatekeeper, and at this time, only all the dimension gatekeepers can be used as the target gatekeeper for data transmission, and the target gatekeeper of corresponding data cannot be determined for data transmission, so that data transmission needs to be performed in a high concurrency scenario
Figure 688294DEST_PATH_IMAGE030
When in use, willS 1 Is adjusted to beS 2 The same is true.
And randomly selecting the dimension gatekeeper corresponding to the number of the target gatekeepers from the dimension gatekeepers in the idle states as the target gatekeepers. When in use
Figure 765971DEST_PATH_IMAGE031
And then, the number of the dimension gatekeepers at the moment is proved to be larger than that of the target gatekeepers, and the dimension gatekeepers with the corresponding target number are randomly selected as the target gatekeepers to participate in data transmission.
The technical scheme provided by the embodiment of the invention also comprises the following steps:
monitoring a data source in an internal storage end to generate a source table, wherein the source table comprises a data range dimension of each part of data in the data source, a role corresponding to the data range dimension, and a data quantity value of each preset unit time in each data range dimension. The present invention monitors the data stored in the internal storage, generates the source table according to the updated or not updated data, and the other form of table 1 can be as shown in table 3,
Figure 205043DEST_PATH_IMAGE032
and establishing a communication link between the central station and the internal storage terminal through a transmission network gate, and sending the source table to the central station based on the transmission network gate. When the source table is transmitted to the middle station from the internal storage end, the source table can also be transmitted through the network gate, so that the safety of the data source stored in the internal storage end is ensured.
Step S130, if the number of the target gatekeepers is larger than 1, dividing the target data of the data source in the internal storage terminal based on the data range quantity value and the processing attribute of the processing unit to obtain a division result, wherein the division result comprises the processing proportion of each target gatekeeper to the target data.
In the technical solution provided by the present invention, step S130 specifically includes:
and acquiring the processing frequency of the processing unit corresponding to each target gatekeeper, and the transmission rate of the target gatekeeper and the internal storage end, wherein the processing attribute comprises the processing frequency and the transmission rate. The processing unit in the present invention may be a CPU, and the processing frequency may be a frequency of the CPU. The transmission rate may be a data transmission rate between the target gatekeeper and the internal storage terminal by a wired or wireless data method.
And acquiring a total amount value of a target table corresponding to the target data. As shown in Table 2, a target table total value can be obtained.
And dividing the plurality of target gatekeepers based on the total amount value, the processing frequency and the transmission rate of the target table corresponding to the target data to obtain the processing proportion of each processing unit and the target gatekeepers to the target data.
According to the technical scheme provided by the invention, the step of dividing a plurality of target gatekeepers based on the total amount value, the processing frequency and the transmission rate of the target table corresponding to the target data to obtain the processing proportion of each processing unit and the target gatekeeper to the target data comprises the following steps:
calculating the processing transmission ratio of each processing unit and the target gatekeeper to the target data through the following formula,
Figure 809200DEST_PATH_IMAGE033
wherein the content of the first and second substances,
Figure 245997DEST_PATH_IMAGE034
is as followsaThe ratio of the processing of the target data by each target gatekeeper,
Figure 935604DEST_PATH_IMAGE035
is as followsaThe processing frequency of the processing unit corresponding to each target gatekeeper,
Figure 850471DEST_PATH_IMAGE036
is as followsaThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 309134DEST_PATH_IMAGE037
is as followsaThe transmission rate corresponding to each target gatekeeper,
Figure 713570DEST_PATH_IMAGE013
is as followsaThe transmission weight corresponding to each target gatekeeper,
Figure 765840DEST_PATH_IMAGE014
is as followsdThe processing frequency of the processing unit corresponding to each target gatekeeper,
Figure 609031DEST_PATH_IMAGE015
is as followsdThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 797567DEST_PATH_IMAGE016
is as followsdThe transmission rate corresponding to each target gatekeeper,
Figure 700801DEST_PATH_IMAGE017
is as followsdThe transmission weight corresponding to each target gatekeeper.
By passing
Figure 37104DEST_PATH_IMAGE038
The invention can calculate the quantized values of the processing efficiency and the transmission efficiency of all the processing units and the target gatekeeper, and the processing units and the target gatekeeper are respectively configured with different processing weights and transmission weights, so as to comprehensively consider the data processing, the data processing of a transmission channel and the transmission capability which are formed by the processing units and the target gatekeeper. The invention can judge the processing and transmission proportion of the target data according to the comprehensive processing and transmission capacity of each processing unit and the target gatekeeper, thereby ensuring and realizing the aim of synchronously processing and transmitting the data by a plurality of target gatekeepers as much as possible, avoiding longer waiting time of an external request end caused by slower transmission of one gatekeeper, and distributing the data according to the respective data processing and transmission capacities.
The data scheme provided by the invention further comprises the following steps:
obtaining the number of the target gatekeepers to generate a processing proportion set related to the target gatekeepers
Figure 559353DEST_PATH_IMAGE039
Wherein
Figure 992608DEST_PATH_IMAGE021
Is as follows
Figure 676530DEST_PATH_IMAGE020
The processing transmission ratio of the processing unit and the target gatekeeper to the target data,
Figure 234551DEST_PATH_IMAGE020
the highest value of the number of the target gatekeepers.
The invention can count all data transmission proportions, and in an actual scene, the data transmission proportions cannot be evenly divided, so that all data are generatedThe sum of the transmission ratios may not be 1, and in order to ensure that data is not lost, the invention is applied to the highest value
Figure 685123DEST_PATH_IMAGE020
When the corresponding target gatekeeper carries out the processing proportion calculation, the calculation in a subtraction mode is adopted. Highest value
Figure 848252DEST_PATH_IMAGE020
The corresponding processing unit and the target gatekeeper preferably have quantization values with the highest processing and transmission efficiency.
By the following formula pair
Figure 99147DEST_PATH_IMAGE019
The corresponding processing unit and the target gatekeeper calculate the processing transmission ratio,
Figure 347726DEST_PATH_IMAGE019
for the processing transmission ratio corresponding to the processing unit and the target gatekeeper calculated last in the processing ratio set,
Figure 336411DEST_PATH_IMAGE040
wherein the content of the first and second substances,
Figure 150783DEST_PATH_IMAGE023
is as follows
Figure 35562DEST_PATH_IMAGE024
The processing unit and the target gatekeeper process and transmit proportion of the target data.
The invention can distribute the data of the partial processing transmission proportion which cannot be divided evenly to the processing unit with the strongest processing transmission capacity and the target gatekeeper for processing, thereby improving the data processing and transmitting efficiency to the maximum extent on the premise of ensuring that the data cannot be lost or omitted.
Step S140, the middle station disconnects an external network communication link between the external request end and the target gatekeeper, connects an internal network communication link between the internal storage end and the target gatekeeper, divides the data source of the internal storage end based on the division result to obtain a plurality of subdata, and then sends the subdata to the processing units corresponding to different target gatekeepers, and the different processing units obtain the external transmission data for the received subdata according to the preset processing strategies.
After the processing and transmission modes of the data are determined, an external network communication link between an external request end and a target network gate is opened, a data source of an internal storage end is divided according to different proportions of a division result to obtain a plurality of subdata, the subdata is sent to processing units corresponding to different target network gates respectively, the processing units can perform desensitization and other processing, a preset processing strategy can be a desensitization strategy and the like, the external data is obtained according to the subdata, the external data can be data transmitted to the external request end, and the external data is transmitted to the network gate at this time.
And S150, the intermediate station disconnects an intranet communication link between the internal storage end and the target gateway, so that an extranet communication link between the external request end and the target gateway is communicated, and the target gateway respectively sends the externally transmitted data to the external request end. After the outgoing data is transmitted to the gatekeeper, the outgoing data is transmitted to the external request terminal in the above manner, and when there are a plurality of target gatekeepers, the outgoing data may be transmitted to the external request terminal through the plurality of target gatekeepers, respectively.
In a possible embodiment, the present invention further includes setting mutual exclusion logic at the intranet communication link and the extranet communication link of the same gatekeeper, where the mutual exclusion logic is:
when the intranet communication link is in a path, the extranet communication link is in a disconnected state;
when the outer network communication link is in the access, the inner network communication link is in the disconnection state.
The mutual exclusion logic can be realized based on a physical mode, for example, data transmission modules of an intranet communication link and an extranet communication link of the same network gate are respectively controlled, and the control mode can be controlled through a single-pole double-throw switch, so that the data transmission modules of the intranet communication link and the extranet communication link only have one unique module which is electrified to work, the mutual exclusion logic is realized, the intranet communication link and the extranet communication link cannot be simultaneously communicated, and the data threat is reduced.
In order to realize the multidimensional internetwork information transmission method based on the middle station, the invention also provides a multidimensional internetwork information transmission device based on the middle station.
An embodiment of the present invention provides a multidimensional inter-network information transmission device based on a middleboard, where the middleboard includes a plurality of corresponding processing units and gatekeepers, the gatekeepers are respectively connected to an internal storage terminal and an external request terminal through an internal network and an external network, and perform inter-network information transmission between the internal network and the external network through the following devices, as shown in fig. 4, the multidimensional inter-network information transmission device specifically includes:
the processing module is used for enabling the middle station to process the data request of the external request end to obtain the data range dimension and the data range magnitude of the data request, and determining the dimension gatekeeper of the corresponding dimension based on the data range dimension;
the gatekeeper determining module is used for determining the number of target gatekeepers for data transmission and the target gatekeepers based on the data range quantity value if the number of dimension gatekeepers in the idle state is greater than 1;
a first proportion dividing module, configured to, if the number of the target gatekeepers is greater than 1, divide target data of a data source in an internal storage end based on the data range quantity value and a processing attribute of the processing unit to obtain a division result, where the division result includes a processing proportion of each target gatekeeper to the target data;
the first transmission module is used for enabling the middle station to disconnect an external network communication link between an external request end and a target gateway, enabling an internal network communication link between an internal storage end and the target gateway to be communicated, dividing a data source of the internal storage end based on a division result to obtain a plurality of subdata, and then respectively sending the subdata to processing units corresponding to different target gateways, wherein the different processing units obtain external transmission data for the received subdata according to preset processing strategies;
and the second transmission module is used for disconnecting the intranet communication link between the internal storage end and the target gateway by the middle station, so that the extranet communication link between the external request end and the target gateway is communicated, and the target gateway respectively transmits the externally transmitted data to the external request end.
The readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the readable storage medium may also reside as discrete components in a communication device. The readable storage medium may be a read-only memory (ROM), a random-access memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present invention also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the device may read the execution instructions from the readable storage medium, and the execution of the execution instructions by the at least one processor causes the device to implement the methods provided by the various embodiments described above.
In the above embodiments of the terminal or the server, it should be understood that the Processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The multidimensional internetwork information transmission method based on the middle station is characterized in that the middle station comprises a plurality of corresponding processing units and a network gate, the network gate is respectively connected with an internal storage end and an external request end through an internal network and an external network, and the internetwork information transmission is carried out between the internal network and the external network through the following steps:
the method comprises the steps that a middle station processes a data request of an external request end to obtain a data range dimension and a data range magnitude of the data request, and a dimension gatekeeper of a corresponding dimension is determined based on the data range dimension;
if the number of the dimension network gates in the idle state is larger than 1, determining the number of the target network gates for data transmission and the target network gates based on the data range quantity value;
if the number of the target gatekeepers is larger than 1, dividing the target data of the data source in the internal storage terminal based on the data range quantity value and the processing attribute of the processing unit to obtain a division result, wherein the division result comprises the processing proportion of each target gatekeeper to the target data;
the middle station breaks an external network communication link between an external request end and a target gateway to enable an internal network communication link between an internal storage end and the target gateway to be communicated, based on the division result, a data source of the internal storage end is divided to obtain a plurality of subdata, the subdata is sent to processing units corresponding to different target gateways respectively, and the different processing units obtain external transmission data for the received subdata according to preset processing strategies of the different processing units;
the intermediate station disconnects an intranet communication link between the internal storage end and the target gateway, so that an extranet communication link between the external request end and the target gateway is communicated, and the target gateway sends the externally transmitted data to the external request end respectively.
2. The method according to claim 1, wherein the receiving device is further configured to receive the message from the mobile station,
the method comprises the following steps that a middlebox processes a data request of an external request end to obtain a data range dimension and a data range magnitude of the data request, and the step of determining a dimension gate of a corresponding dimension based on the data range dimension comprises the following steps:
the method comprises the steps that a middle station obtains a source table, wherein the source table comprises a data range dimension corresponding to each role and a data quantity value of each preset unit time under the data range dimension;
generating a target table from data corresponding to the role information and the time information of the data request in a source table, wherein the target table has a data range dimension and a data range magnitude of the data request;
determining a dimension gatekeeper based on data range dimensions of the target table.
3. The method according to claim 2, further comprising:
monitoring a data source in an internal storage end to generate a source table, wherein the source table comprises a data range dimension of each part of data in the data source, a role corresponding to the data range dimension, and a data quantity value of each preset unit time in each data range dimension;
and establishing a communication link between the central station and the internal storage terminal through a transmission network gate, and sending the source table to the central station based on the transmission network gate.
4. The method according to claim 2, wherein the receiving device is further configured to receive the message from the mobile station,
if the number of dimension gatekeepers in the idle state is greater than 1, determining the number of target gatekeepers for data transmission and the target gatekeepers based on the data range quantity value comprises:
if the number of dimension network gates in an idle state is more than 1, extracting data magnitude values of all preset unit time in the target table to generate a total magnitude value corresponding to the target table, wherein the data range magnitude value comprises the total magnitude value;
the number of target gatekeepers is determined by the following formula,
Figure 104246DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 313510DEST_PATH_IMAGE002
as to the number of the target gatekeepers,
Figure 341509DEST_PATH_IMAGE003
is the first in the target tableiThe amount of data per unit time is,
Figure 991933DEST_PATH_IMAGE004
is as follows
Figure 40661DEST_PATH_IMAGE005
A nominal process magnitude for a data range dimension,
Figure 143746DEST_PATH_IMAGE006
is as follows
Figure 303332DEST_PATH_IMAGE005
A weight value for a dimension of the data range,
Figure 605000DEST_PATH_IMAGE007
the number of dimension gates;
and randomly selecting the dimension gatekeeper corresponding to the number of the target gatekeepers from the dimension gatekeepers in the idle states as the target gatekeepers.
5. The method according to claim 4, wherein the message is transmitted between the mobile stations,
if the number of the target gatekeepers is larger than 1, dividing the target data of the data source in the internal storage terminal based on the data range quantity value and the processing attribute of the processing unit to obtain a division result, wherein the division result comprises the following steps:
acquiring the processing frequency of a processing unit corresponding to each target gatekeeper, and the transmission rate of the target gatekeeper and an internal storage end, wherein the processing attributes comprise the processing frequency and the transmission rate;
acquiring a total amount value of a target table corresponding to the target data;
and dividing the plurality of target gatekeepers based on the total amount value, the processing frequency and the transmission rate of the target table corresponding to the target data to obtain the processing proportion of each processing unit and the target gatekeepers to the target data.
6. The method according to claim 5, wherein the receiving device is further configured to receive the message from the mobile station,
dividing the plurality of target gatekeepers based on the total amount value, the processing frequency and the transmission rate of the target table corresponding to the target data to obtain the processing proportion of each processing unit and the target gatekeeper to the target data comprises the following steps:
calculating the processing transmission ratio of each processing unit and the target gatekeeper to the target data through the following formula,
Figure 699995DEST_PATH_IMAGE008
wherein the content of the first and second substances,
Figure 680589DEST_PATH_IMAGE009
is as followsaThe ratio of the processing of the target data by each target gatekeeper,
Figure 988074DEST_PATH_IMAGE010
is as followsaThe processing frequency of the processing unit corresponding to each target gatekeeper,
Figure 737724DEST_PATH_IMAGE011
is as followsaThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 800358DEST_PATH_IMAGE012
is as followsaThe transmission rate corresponding to each target gatekeeper,
Figure 878036DEST_PATH_IMAGE013
is as followsaThe transmission weight corresponding to each target gatekeeper,
Figure 645003DEST_PATH_IMAGE014
is as followsdThe processing frequency of the processing unit corresponding to each target gatekeeper,
Figure 858947DEST_PATH_IMAGE015
is as followsdThe processing weight of the processing unit corresponding to each target gatekeeper,
Figure 420378DEST_PATH_IMAGE016
is as followsdThe transmission rate corresponding to each target gatekeeper,
Figure 985352DEST_PATH_IMAGE017
is as followsdThe transmission weight corresponding to each target gatekeeper.
7. The method according to claim 6, further comprising:
obtaining the number of the target gatekeepers to generate a processing proportion set related to the target gatekeepers
Figure 696956DEST_PATH_IMAGE018
Wherein
Figure 421198DEST_PATH_IMAGE019
Is as follows
Figure 763318DEST_PATH_IMAGE020
The processing transmission ratio of the processing unit and the target gatekeeper to the target data,
Figure 940221DEST_PATH_IMAGE020
the maximum value of the number of the target gatekeepers;
by the following formula pair
Figure 658779DEST_PATH_IMAGE019
The corresponding processing unit and the target gatekeeper calculate the processing transmission ratio,
Figure 909631DEST_PATH_IMAGE019
for the processing transmission ratio corresponding to the processing unit and the target gatekeeper calculated last in the processing ratio set,
Figure 812865DEST_PATH_IMAGE021
wherein the content of the first and second substances,
Figure 86852DEST_PATH_IMAGE022
is as follows
Figure 733734DEST_PATH_IMAGE023
The processing unit and the target gatekeeper process and transmit proportion of the target data.
8. The method according to claim 1, wherein the receiving device is further configured to receive the message from the mobile station,
mutually exclusive logics are respectively arranged at an internal network communication link and an external network communication link of the same network gate, wherein the mutually exclusive logics are as follows:
when the intranet communication link is in a path, the extranet communication link is in a disconnected state;
when the outer network communication link is in the access, the inner network communication link is in the disconnection state.
9. Multidimensional internetwork information transmission device based on middle station, which is characterized in that the middle station comprises a plurality of corresponding processing units and a network gate, the network gate is respectively connected with an internal storage end and an external request end through an internal network and an external network, and the internetwork information transmission is carried out between the internal network and the external network through the following devices, including:
the processing module is used for enabling the middle station to process the data request of the external request end to obtain the data range dimension and the data range magnitude of the data request, and determining the dimension gatekeeper of the corresponding dimension based on the data range dimension;
the gatekeeper determining module is used for determining the number of target gatekeepers for data transmission and the target gatekeepers based on the data range quantity value when the number of dimension gatekeepers in an idle state is more than 1;
the first proportion dividing module is used for dividing the target data of the data source in the internal storage end based on the data range quantity value and the processing attribute of the processing unit to obtain a dividing result when the number of the target gatekeepers is larger than 1, wherein the dividing result comprises the processing proportion of each target gatekeeper to the target data;
the first transmission module is used for enabling the middle station to disconnect an external network communication link between an external request end and a target gateway, enabling an internal network communication link between an internal storage end and the target gateway to be communicated, dividing a data source of the internal storage end based on a division result to obtain a plurality of subdata, and then respectively sending the subdata to processing units corresponding to different target gateways, wherein the different processing units obtain external transmission data for the received subdata according to preset processing strategies;
and the second transmission module is used for enabling the middle station to disconnect an intranet communication link between the internal storage end and the target gateway, enabling an extranet communication link between the external request end and the target gateway to be communicated, and respectively sending the externally transmitted data to the external request end by the target gateway.
10. Storage medium, characterized in that a computer program is stored in the storage medium, which computer program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 8.
CN202111290584.7A 2021-11-02 2021-11-02 Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium Active CN113746866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111290584.7A CN113746866B (en) 2021-11-02 2021-11-02 Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111290584.7A CN113746866B (en) 2021-11-02 2021-11-02 Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium

Publications (2)

Publication Number Publication Date
CN113746866A true CN113746866A (en) 2021-12-03
CN113746866B CN113746866B (en) 2022-02-08

Family

ID=78727193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111290584.7A Active CN113746866B (en) 2021-11-02 2021-11-02 Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium

Country Status (1)

Country Link
CN (1) CN113746866B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338672A (en) * 2021-12-29 2022-04-12 安天科技集团股份有限公司 Data transmission method and data transmission system
CN114662074A (en) * 2022-05-24 2022-06-24 国网浙江省电力有限公司 Data processing method and central station for paperless electronic file
CN115550289A (en) * 2022-11-28 2022-12-30 网御安全技术(深圳)有限公司 Data transmission method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170111336A1 (en) * 2015-10-14 2017-04-20 FullArmor Corporation Resource access system and method
CN109474628A (en) * 2018-12-27 2019-03-15 北京奇安信科技有限公司 A kind of data transmission method, system, equipment and medium based on double unidirectional gateways
CN111355752A (en) * 2018-12-20 2020-06-30 阿里巴巴集团控股有限公司 File transmission method, device and equipment based on gatekeeper
CN111726344A (en) * 2020-06-12 2020-09-29 安徽云中联讯科技有限公司 Multi-serial port safety network gate scheduling algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170111336A1 (en) * 2015-10-14 2017-04-20 FullArmor Corporation Resource access system and method
CN111355752A (en) * 2018-12-20 2020-06-30 阿里巴巴集团控股有限公司 File transmission method, device and equipment based on gatekeeper
CN109474628A (en) * 2018-12-27 2019-03-15 北京奇安信科技有限公司 A kind of data transmission method, system, equipment and medium based on double unidirectional gateways
CN111726344A (en) * 2020-06-12 2020-09-29 安徽云中联讯科技有限公司 Multi-serial port safety network gate scheduling algorithm

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338672A (en) * 2021-12-29 2022-04-12 安天科技集团股份有限公司 Data transmission method and data transmission system
CN114338672B (en) * 2021-12-29 2023-10-27 安天科技集团股份有限公司 Data transmission method and data transmission system
CN114662074A (en) * 2022-05-24 2022-06-24 国网浙江省电力有限公司 Data processing method and central station for paperless electronic file
CN115550289A (en) * 2022-11-28 2022-12-30 网御安全技术(深圳)有限公司 Data transmission method, device and storage medium

Also Published As

Publication number Publication date
CN113746866B (en) 2022-02-08

Similar Documents

Publication Publication Date Title
CN113746866B (en) Multi-dimensional internetwork information transmission method and device based on middleboxes and storage medium
CN108173812B (en) Method, device, storage medium and equipment for preventing network attack
CN110233868A (en) A kind of edge calculations data safety and method for secret protection based on Fabric
CN104348811A (en) Method and device for detecting attack of DDoS (distributed denial of service)
CN106331184B (en) Internet-based big data distribution method and distribution platform
CN113364809B (en) Offloading network data to perform load balancing
CN110933048B (en) Method and equipment for identifying abnormal application operation based on message
WO2017035717A1 (en) Distributed denial of service attack detection method and associated device
CN111221649A (en) Edge resource storage method, access method and device
Wang et al. A new model approach of electrical cyber physical systems considering cyber security
CN109660565A (en) A kind of isolation gap equipment and implementation method
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
Raja et al. A review on distributed denial of service attack in smart grid
CN109040086B (en) Industrial control system DDOS attack simulation method and device
CN109150829B (en) Software-defined cloud network trusted data distribution method, readable storage medium and terminal
US20150046507A1 (en) Secure Network Data
CN114157605A (en) Communication method, system, electronic equipment and computer readable storage medium
Boakye-Boateng et al. Securing Substations with Trust, Risk Posture, and Multi-Agent Systems: A Comprehensive Approach
CN108900518B (en) Credible software-defined cloud network data distribution system
CN116170806A (en) Smart power grid LWM2M protocol security access control method and system
CN110971565A (en) Source network load system vulnerability evaluation method and system based on malicious attack modeling
CN114745454A (en) Boundary protection device, system, method, computer equipment and storage medium
US11658821B2 (en) Cybersecurity guard for core network elements
CN209419652U (en) A kind of isolation gap equipment
CN108174385B (en) Method and device for detecting communication link

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant