Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to overcome the problems that in the existing edge computing service, an unloading task initiated by a malicious terminal may cause that an edge computing server cannot provide a computing unloading service for a normal terminal, and thus a service denial is caused, and the like, so as to provide a method, an apparatus and a computer device for safely unloading an internet of things terminal.
According to a first aspect, the embodiment of the invention discloses a method for computing task edge offloading, which includes obtaining a computing offloading request and terminal information of a target terminal, wherein the terminal information includes equipment identity information of the target terminal; judging whether the target terminal belongs to a preset white list or not based on the equipment identity information; if the target terminal belongs to a preset white list, judging whether the calculation unloading task is normal or not based on a preset measurement factor; and if the calculation unloading task is normal, unloading the target terminal based on the calculation unloading request.
Optionally, the terminal information further includes reliability information of the target terminal; the method for safely unloading the internet of things terminal further comprises the following steps: if the target terminal does not belong to a preset white list, judging whether the target terminal belongs to a preset black list or not based on the equipment identity information; and if the target terminal belongs to a preset blacklist list, marking the target terminal as a trust violation terminal, and reducing the credibility of the target terminal.
Optionally, if the target terminal does not belong to a preset blacklist, executing a step of judging whether the calculation unloading task is normal based on a preset measurement factor; and if the calculation unloading task is normal, unloading the target terminal based on the calculation unloading request.
Optionally, if the computation offload task is not normal, the target terminal is marked as a trust violation terminal, and the credibility of the target terminal is reduced.
Optionally, the preset metric factor includes an interaction frequency, a task execution period, a memory utilization rate, and a channel number, and the process of determining whether the calculation of the offload task is normal based on the preset metric factor includes: judging whether the interaction frequency of the target terminal exceeds a first threshold value, if so, generating alarm information and reducing the reliability of the target terminal; if the interaction frequency of the target terminal does not exceed a first threshold, judging whether the task execution period of the target terminal exceeds a second threshold, if so, generating alarm information and reducing the reliability of the target terminal; if the task execution period of the target terminal does not exceed a second threshold, judging whether the memory utilization rate of the target terminal exceeds a third threshold, if so, generating alarm information and reducing the reliability of the target terminal; if the memory utilization rate of the target terminal does not exceed a third threshold, judging whether the channel number of the target terminal exceeds a fourth threshold, if so, generating alarm information and reducing the reliability of the target terminal; and if the number of the channels of the target terminal does not exceed a fourth threshold value, judging that the unloading task is normal.
Optionally, if the computation offload task is not normal, the target terminal is marked as a trust violation terminal, and the credibility of the target terminal is reduced.
Optionally, the reliability information of the target terminal is calculated by the following formula:
wherein W (j) is the credibility of the jth measurement factor, q is the number of the measurement factors, HjThe information entropy of the jth measurement factor is calculated by the formula,
where p is the number of times the metric is evaluated,
wherein a isijThe evaluation value of the jth measurement factor in the ith evaluation of the measurement factors is obtained.
According to a second aspect, an embodiment of the present invention further discloses a device for safely unloading an internet of things terminal, including: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a calculation unloading request and terminal information of a target terminal, and the terminal information comprises equipment identity information of the target terminal; the judging module is used for judging whether the target terminal belongs to a preset white list or not based on the equipment identity information; the calculation module is used for judging whether the calculation unloading task is normal or not based on a preset measurement factor if the target terminal belongs to a preset white list; and the unloading module is used for unloading the target terminal based on the calculation unloading request if the calculation unloading task is normal.
According to a third aspect, an embodiment of the present invention further discloses a computer device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to cause the at least one processor to perform the steps of the method for security offload of an internet of things terminal according to the first aspect or any optional implementation manner of the first aspect.
According to a fourth aspect, the embodiment of the present invention further discloses a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for security offload of an internet of things terminal according to the first aspect or any optional embodiment of the first aspect.
The technical scheme of the invention has the following advantages:
the invention provides a method, a device and computer equipment for safely unloading an internet of things terminal, wherein the method comprises the following steps: acquiring a calculation unloading request and terminal information of a target terminal, wherein the terminal information comprises equipment identity information of the target terminal; judging whether the target terminal belongs to a preset white list or not based on the equipment identity information; if the target terminal belongs to a preset white list, judging whether the calculation unloading task is normal or not based on a preset measurement factor; and if the calculation unloading task is normal, unloading the target terminal based on the calculation unloading request. The identity of the target terminal is judged by identifying the terminal information of the target terminal, so that the identification rate of the identity of the terminal is improved, whether the terminal unloading task is normal or not is further judged, the safety of the unloading task in the edge computing network is improved, and the situation that a malicious terminal occupies network resources is reduced.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; the two elements may be directly connected or indirectly connected through an intermediate medium, or may be communicated with each other inside the two elements, or may be wirelessly connected or wired connected. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The calculation unloading refers to that the terminal hands part or all of calculation tasks to the edge calculation node so as to solve the defects of the mobile terminal in the aspects of resource storage, calculation performance, energy efficiency and the like. Although the computing and offloading technology in the edge computing network solves the problems of limited resources of the power 5G internet of things terminal and the like, a series of problems are exposed in the aspect of safety. The offloading task initiated by the malicious terminal can cause the occupation of edge network resources and resource conflict, so that the computing offloading service cannot be provided for the normal terminal, and the problem of service denial is caused. Therefore, it is necessary to design reasonable safety measures.
The embodiment of the invention discloses a method for safely unloading an internet of things terminal, which comprises the following steps of:
step 101: the method comprises the steps of obtaining a calculation unloading request and terminal information of a target terminal, wherein the terminal information comprises equipment identity information of the target terminal.
Illustratively, the calculation offloading request is that when a target terminal needs to execute an offloading task, an offloading request instruction needs to be sent to an edge computing node, and offloading is performed when the edge computing node agrees to offload, the terminal information is identity information of a terminal that needs to execute the offloading task, and the edge computing node may identify various types of information of the terminal by identifying the terminal information, for example, the terminal may be historical behavior information or completion conditions of the terminal computing task.
Step 102: and judging whether the target terminal belongs to a preset white list or not based on the equipment identity information. For example, the preset white list may be a preset white list obtained by analyzing, by the edge computing node, the historical interaction conditions of each terminal and the edge computing node collected by the trust collector according to the historical interaction conditions, and listing the terminal with a high score as the preset white list.
Step 103: and if the target terminal belongs to a preset white list, judging whether the calculation unloading task is normal or not based on a preset measurement factor. If the target terminal belongs to the preset white list, the interaction condition between the target terminal and the edge computing node is good, and therefore the corresponding unloading instruction can be further executed based on the unloading task. For example, the metric factor is a criterion for determining whether the terminal is a malicious terminal, and the type of the metric factor and the criterion for determining the metric factor are not limited in the embodiment of the present invention, and can be determined by a person skilled in the art according to actual needs.
Step 104: and if the calculation unloading task is normal, unloading the target terminal based on the calculation unloading request. Illustratively, under the condition that the measurement factor of the target terminal judges that the unloading task is normal, the terminal is unloaded according to the unloading task, and the computing task of the terminal is delivered to the edge computing node for computing.
The invention provides a safe uninstalling method of an internet of things terminal, which comprises the following steps: acquiring a calculation unloading request and terminal information of a target terminal, wherein the terminal information comprises equipment identity information of the target terminal; judging whether the target terminal belongs to a preset white list or not based on the equipment identity information; if the target terminal belongs to a preset white list, judging whether the calculation unloading task is normal or not based on a preset measurement factor; and if the calculation unloading task is normal, unloading the target terminal based on the calculation unloading request. The identity of the target terminal is judged by identifying the terminal information of the target terminal, so that the identification rate of the identity of the terminal is improved, whether the terminal unloading task is normal or not is further judged, the safety of the unloading task in the edge computing network is improved, and the situation that a malicious terminal occupies network resources is reduced.
As an optional implementation manner of the present invention, the terminal information further includes reliability information of the target terminal; as shown in fig. 2, the method for unloading security of an internet of things terminal further includes:
step 105: if the target terminal does not belong to the preset white list, executing the step 1051: judging whether the target terminal belongs to a preset blacklist list or not based on the equipment identity information; if the target terminal belongs to the preset blacklist, execute step 1052: and marking the target terminal as a trust violation terminal, and reducing the credibility of the target terminal.
Illustratively, the credibility information of the target terminal may be an interaction condition between the target terminal and the edge computing node, the preset blacklist may be a historical interaction condition between each terminal and the edge computing node, which is collected by the edge computing node according to the trust collector, and the corresponding terminal is listed as the preset blacklist according to the interaction condition, and all terminals in the blacklist are terminals with poor interaction conditions with the edge computing node. And when the target terminal is in the blacklist list, attaching a trust violation label to the target terminal, marking the target terminal as a trust violation terminal, and simultaneously reducing the score of the target terminal.
As an optional embodiment of the present invention, the reliability information of the target terminal is calculated by the following formula:
wherein W (j) is the credibility of the jth measurement factor, q is the number of the measurement factors, HjThe information entropy of the jth measurement factor is calculated by the formula,
where p is the number of times the metric is evaluated,
wherein a isijThe evaluation value of the jth measurement factor in the ith evaluation of the measurement factors is obtained.
As an optional implementation manner of the present invention, if the target terminal does not belong to a preset blacklist, the step 103 is executed; if the computation offload task is normal, execute step 104: and unloading the target terminal based on the calculation unloading request.
Illustratively, when the target terminal is not in the white list or the black list, the target terminal is a new terminal, whether the unloading task of the target terminal is normal needs to be judged, if the unloading task is normal, the unloading task is abnormal, a trust violation label is attached to the target terminal, the target terminal is marked as a trust violation terminal, and meanwhile, the score of the target terminal is reduced.
As an optional implementation manner of the present invention, the preset measurement factors include an interaction frequency, a task execution period, a memory utilization rate, and a channel number, and step 103 includes: judging whether the interaction frequency of the target terminal exceeds a first threshold value, if so, generating alarm information and reducing the reliability of the target terminal; if the interaction frequency of the target terminal does not exceed a first threshold, judging whether the task execution period of the target terminal exceeds a second threshold, if so, generating alarm information and reducing the reliability of the target terminal; if the task execution period of the target terminal does not exceed a second threshold, judging whether the memory utilization rate of the target terminal exceeds a third threshold, if so, generating alarm information and reducing the reliability of the target terminal; if the memory utilization rate of the target terminal does not exceed a third threshold, judging whether the channel number of the target terminal exceeds a fourth threshold, if so, generating alarm information and reducing the reliability of the target terminal; and if the number of the channels of the target terminal does not exceed a fourth threshold value, judging that the unloading task is normal. As shown in fig. 3, it is a flowchart for determining whether the unloading task is normal.
Illustratively, whether the offloading task of the target terminal is normal is judged by judging a metric factor of the target terminal, where the metric factor includes four indexes, i.e., an interaction frequency, a task execution period, a memory utilization rate, and a channel number, the interaction frequency is a sum of frequencies of the target terminal entering and leaving the network, the task execution period is a CPU period that the target terminal executing the offloading task needs to consume, the memory utilization rate is a memory that the offloading task needs to consume, the channel number is a historical channel number of the target terminal and an edge computing node and an allocated channel number, and when the target terminal is a new terminal, the channel number is only an allocated channel number. And when one of the four indexes in the measurement factors does not meet the corresponding threshold, the unloading task is abnormal, alarm information is generated, the target terminal is marked as a trust violation terminal, and the credibility of the target terminal is correspondingly reduced.
The embodiment of the invention also discloses a device for safely unloading the internet of things terminal, which comprises the following components:
the obtaining module 401 is configured to obtain a computation offload request and terminal information of a target terminal, where the terminal information includes device identity information of the target terminal. For example, the details are described in step 101 above, and are not described herein again.
A determining module 402, configured to determine whether the target terminal belongs to a preset white list based on the device identity information. For example, the details are described in the above step 102, and are not described herein again.
A calculating module 403, configured to determine whether the computation offload task is normal based on a preset metric factor if the target terminal belongs to a preset white list. For example, the details are described in step 103 above, and are not described herein again.
An unloading module 404, configured to, if the computation unloading task is normal, unload the target terminal based on the computation unloading request. For example, the details are described in the above step 104, and are not described herein again.
The invention provides a safety unloading device for an internet of things terminal, which comprises: the obtaining module 401 is configured to obtain a computation offload request and terminal information of a target terminal, where the terminal information includes device identity information of the target terminal. A determining module 402, configured to determine whether the target terminal belongs to a preset white list based on the device identity information. A calculating module 403, configured to determine whether the computation offload task is normal based on a preset metric factor if the target terminal belongs to a preset white list. An unloading module 404, configured to, if the computation unloading task is normal, unload the target terminal based on the computation unloading request. By implementing the device, the acquisition module 401 identifies the terminal information of the target terminal, judges the identity of the target terminal, improves the identification rate of the terminal identity, and further, whether the computation module 403 and the unloading module 404 break the terminal unloading task normally improves the safety of the unloading task in the edge computing network, and reduces the occurrence of network resource occupation of malicious terminals.
The safety unloading device of the internet of things terminal according to the embodiment of the invention is further defined by combining a specific application example. In this embodiment, according to the present invention, as shown in fig. 5, the device for unloading security of an internet of things terminal includes an obtaining module, a determining module, a detecting module, a processing module, a confidence level copying module, an alarm model, and a monitoring module.
Wherein the acquisition module: the method is used for acquiring a white list of the terminal, acquiring a black list of the terminal and acquiring an unloading request of the target terminal. The process can be detailed in the description related to step 101 of the above method embodiment
A judging module: the system is used for judging whether the target terminal is in the white list or not and judging whether the credibility information of the target terminal meets the requirement; and judging whether the reliability information of the target terminal in the blacklist of the terminal does not meet the requirement. The specific process can be detailed in the related description of step 102 and step 1051 of the above method embodiment.
A detection module: and the method is used for detecting whether the unloading task is normal or not according to a preset measurement factor. The specific process can be described in detail in relation to step 103 of the above method embodiment.
And a trust degree assignment module: and pasting a trust violation label on the target terminal, and reducing the trust degree of the terminal. The specific process can be detailed in the related description of step 1052 of the above method embodiment.
An alarm module: and when the measurement factor of the unloading task exceeds a specified range, generating alarm information and giving an alarm.
A monitoring module: and continuously monitoring the malicious terminals and the malicious tasks which are judged to be abnormal in the unloading task.
A processing module: the method is used for executing the unloading tasks of the edge computing nodes, when a plurality of unloading tasks need to be unloaded, the unloading is carried out according to the relationship between the target terminal and the edge computing nodes, and the relationship is divided according to the historical interaction condition between the target terminal and the edge computing nodes. The specific process can be described in detail in relation to step 104 of the above method embodiment.
An embodiment of the present invention further provides a computer device, as shown in fig. 6, the computer device may include a processor 601 and a memory 602, where the processor 601 and the memory 602 may be connected by a bus or in another manner, and fig. 6 illustrates an example of a connection by a bus.
Processor 601 may be a Central Processing Unit (CPU). The Processor 601 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 602, serving as a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the method for securely uninstalling an internet of things terminal in the embodiment of the present invention. The processor 601 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 602, that is, the method for safely uninstalling the internet of things terminal in the above method embodiment is implemented.
The memory 602 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 601, and the like. Further, the memory 602 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 602 may optionally include memory located remotely from the processor 601, which may be connected to the processor 601 through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 602, and when executed by the processor 601, perform the method for security offload of an internet of things terminal in the embodiment shown in fig. 1.
The details of the computer device can be understood with reference to the corresponding related descriptions and effects in the embodiment shown in fig. 1, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.