Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a data protection method according to an embodiment of the present invention, where the method is applied to a data protection system, where the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, respectively, and the server is connected to the edge computing server, where the method may be executed by a data protection device, where the data protection device may be implemented by software and/or hardware, and may be configured in a computer device, such as a server, a workstation, a personal computer, and the like, and specifically includes the following steps:
step 101, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client obtains user behavior data and sends the user behavior data to the edge computing server.
In the embodiment of the present invention, as shown in fig. 2A, the data protection system includes a client, a server, and an edge computing server, where the client is a mobile terminal device usually used by a user, and the user accesses server data through any installed program in the mobile terminal device, that is, the client initiates a data access request to the server.
Further, a user behavior sensing program P1 and a user behavior data encryption program P2 are installed in the client device E1, and the user behavior sensing program is used to obtain user behavior data, which generally includes a user operation logic sequence, a user operation frequency, a data traffic accessed by a user, and the like.
As shown in fig. 2, the user behavior awareness program P1 is created, and when the P1 runs, it first asks the user whether to approve the program to check the data access request of the client device E1 and to perceive the user operation behavior, and if the user approves, it checks whether a data access request Q1 occurs to E1, and perceives whether a behavior occurs to the user of E1 and generates user behavior data F1.
Further, the user behavior data encryption program P2 encrypts the F1 to obtain encrypted user behavior data F2, destroys the F1 immediately, and sends the encrypted user behavior data F2 to the edge computing server and the server.
Preferably, in another embodiment of the present invention, F2 retains a part of data characteristics of F1, which include statistical distribution characteristics, data association characteristics, and the like, but original information in F1 cannot be obtained from F2, and F2 cannot be restored to F1.
Preferably, in a further embodiment of the present invention, the sending the user behavior data to the edge computing server in step 101 may include:
and a substep A1, wherein the client uses the client version identification number, the client hardware identification number and the client communication address as the unique user identification code.
Specifically, the user behavior data encryption program P2 also generates a user unique identification code according to the client version identification number, the client hardware identification number, the communication address, and other information.
Sub-step a2, the client sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
Specifically, the client uploads F2 and the user unique identification code to the edge computing server E3 through the HTTP protocol at a fixed transmission period.
It is to be understood that the first preset frequency and the second preset frequency, that is, the fixed period mentioned above, are set by a person skilled in the relevant art according to a specific application scenario, and the embodiment of the present invention is not limited in this respect.
Preferably, in a further embodiment of the present invention, step 101 may further include:
and E, the client receives a notification message of receiving confirmation returned by the server, and deletes the local user behavior data.
Specifically, after receiving a confirmation receipt notification message returned by the server, the client deletes the locally cached encrypted user behavior data, and the user behavior data is stored in the server for a long time.
And 102, the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data.
In the embodiment of the present invention, as shown in fig. 2A and 2B, a user behavior database system D1 and a behavior recognition algorithm P4 are installed in a server E2, the behavior recognition algorithm P4 is used for training a real-time user behavior recognition model, and a user behavior discrimination program a1 and a user behavior recognition model P3 are installed in a computing server E3, where the user behavior discrimination program a1 receives encrypted user behavior data F2 transmitted from a client, and discriminates whether a corresponding user behavior is legal or not with respect to behavior recognition result data output by P3.
The behavior recognition algorithm P4 includes graph convolutional neural network, concurrent/cyclic neural network, convolutional neural network, support vector machine, etc. by using one or more of these methods, through using the user behavior recognition model trained by the user behavior sample data in advance, the user behavior generated in real time can be labeled to represent the characteristics of the user behavior and converted into the characteristic vector that can be recognized by the machine, and finally a defined behavior is output as the recognition result, the model obtained by the whole process is the updated user behavior recognition model, and is sent to the edge calculation server E3 to replace the old user behavior recognition model P3.
Preferably, in a further embodiment of the present invention, step 102 may comprise:
sub-step B1, the edge calculation server receiving the user unique identification code and the user behavior data.
Specifically, when the client device sends the acquired user unique identification code and the user behavior data to the calculation server, the calculation server receives the corresponding user unique identification code and the user behavior data.
And a sub-step B2, wherein the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identifier.
Specifically, the edge computing server inputs the received user behavior data into a pre-trained user behavior recognition model, and outputs a user behavior identifier of the user behavior data.
And a substep B3, generating behavior recognition result data after the edge computing server associates the user behavior identifier with the user unique identifier.
Specifically, the edge computing server uniquely associates the user behavior identifier with the user unique identification code corresponding to the user behavior data, and the obtained data is the result behavior data.
The client uploads the encrypted user behavior data F2 and the user unique identification code to the edge computing server E3 through an HTTP protocol in a fixed sending period, and the encrypted user behavior data and the user unique identification code are received by a user behavior judging program A1 installed in E3, and the user unique identification code and the user behavior identification F3 are associated and recorded by the A1.
And 103, judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program.
In the embodiment of the invention, the edge computing server is preset with a user behavior discrimination program, wherein user behavior grade operation aiming at various user behavior identification marks is set, for example, the risk grade and the trust degree of a user behavior identification result are graded, and executable specific operation such as access frequency limitation, IP address blocking and the like is set according to the grade.
Specifically, as shown in fig. 2A-2C, S51: the user behavior data encryption program P2 periodically sends F2 to a 1; the user behavior discrimination program A1 outputs a user behavior identifier F3 according to F2 and records the user behavior identifier continuously; when the edge computing server E3 receives a server access request Q1 sent by the client E1, triggering A1 to execute user behavior judgment logic, and if the judgment is normal behavior, allowing E3 to process Q1; if A1 judges abnormal behavior, E3 is prevented from processing Q1.
Preferably, in a further embodiment of the present invention, step 103 may comprise:
substep C1, the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior discrimination program; the preset user behavior discrimination program comprises a risk level and a trust degree rating standard of the user behavior identifier.
Specifically, a risk level and a trust level rating corresponding to a user behavior identifier are set in a preset user behavior discrimination process, and when behavior recognition result data are received, a user behavior discrimination program matches the user behavior identifier therein to obtain a matched risk level and trust level rating.
And a substep C2, determining the operation authority of the behavior recognition result data according to the risk level and the trust level rating by the edge computing server.
Specifically, as shown in fig. 2A-2C, the user behavior determination program a1 further establishes a risk control policy, evaluates the risk level and the trust level of E1 according to the user behavior identification result, and associates and records with the user unique identifier, thereby controlling the network access of E1; the risk control policy comprises access frequency limitation, IP address blocking and the like.
And step 104, the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the data of the behavior recognition result.
In the embodiment of the present invention, as described in step 103, the corresponding operation is determined according to the identified risk level and the confidence level of the user, that is, which data the user is allowed to access and which operation is performed, or which data the user is prohibited from accessing and which operation is performed, and the like.
Preferably, in a further embodiment of the present invention, step 104 may comprise:
substep D1, if the data of the behavior recognition result is legal, the edge computing server sends a data access request to the server through the client;
and a substep D2, if the data of the behavior recognition result is illegal, rejecting the data access request initiated by the client to the server by the edge computing server.
Specifically, as shown in fig. 2A-2C, the user behavior discrimination program a1 forms a user behavior path with the continuously generated F3, which the a1 uses to assist in determining whether a data access request of the client device E1 should be blocked.
And if the judgment is passed, allowing the data access request to the server generated by the user behavior path, and otherwise rejecting the request.
And 105, the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
In the embodiment of the present invention, as shown in fig. 2A to 2C, the method for training the real-time user behavior recognition model by the program P4 in the server E2 includes a deep neural network learning algorithm, which first determines the types and names of defined behaviors, then reads the encrypted user behavior data F2, analyzes a specific user behavior pattern and behavior path therefrom as training features or feature vectors, and finally performs training of the real-time user behavior recognition model.
And 106, the server sends the real-time user behavior identification model to the edge computing server at a first preset frequency so as to update the user behavior identification model preset in the edge computing server.
In the embodiment of the invention, the training method of the user behavior recognition model in the server E2 is to perform model training at regular intervals through the user behavior data stored in the E2 by the client, because the E2 receives the user behavior data transmitted by the client at fixed time, the model training is performed after the data is updated, the obtained model is also real-time, and the model trained in real time is used for replacing the user behavior recognition model P3 in the edge computing server E3, so that the timeliness of the user behavior recognition model and the accuracy of the user behavior identification output by the user behavior data are ensured.
Preferably, the user behavior recognition model in the embodiment of the present invention is trained through the following steps:
step 11, setting an identifier for the acquired user behavior data to obtain user behavior identifier data;
step 12, converting the user behavior identification data into a user behavior feature vector;
step 13, inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrent or cyclic neural network, a convolution neural network and a support vector machine.
Specifically, the method for establishing the user behavior recognition model P3 further includes a graph convolutional neural network, a concurrent/cyclic neural network, a convolutional neural network, a support vector machine, and the like, and by using one or more of these methods, user behavior data is defined and marked first, then encrypted user behavior data F2 is read, a specific user behavior pattern and a behavior path are analyzed therefrom as features, and are converted into feature vectors that can be recognized by a machine, and finally a defined behavior is output as a recognition result.
It is to be understood that the preset behavior recognition algorithm may be one or a combination of multiple neural network models, or may be other machine learning models, such as a deep learning algorithm, and the embodiment of the present invention is not limited to this specific algorithm content.
In this embodiment, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client obtains user behavior data and sends the user behavior data to the edge computing server; the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data; the edge computing server judges the legality of the behavior recognition result data through a preset user behavior judging program; the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the behavior recognition result data; the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm; and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server. The method comprises the steps of establishing a user behavior recognition algorithm model through normal artificial operation of a real user, recognizing by an edge computing server, continuously recording user behaviors, and calculating risk level and trust degree, so that whether a data access request is controlled or not is judged, and the purpose of effectively preventing malicious data crawlers is achieved.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Example two
Fig. 3 is a block diagram of a data protection device according to a second embodiment of the present invention, where the data protection device is applied to a data protection system, and the system includes a client 01, a server 021, and an edge computing server 022, where the client 01 is connected to the server 021 and the edge computing server connection 022, and the server 021 and the edge computing server 022 are connected to each other, and the data protection device specifically includes the following modules:
a user behavior data obtaining module 201, configured to obtain user behavior data according to a data access request initiated by the client to the server, where the user behavior data is obtained by a user behavior sensing program preset in the client, and send the user behavior data to the edge computing server.
Preferably, in a further embodiment of the present invention, further comprising:
and the user behavior data deleting module is used for deleting the local user behavior data when the client receives a notification message returned by the server to confirm the receipt.
Preferably, in another embodiment of the present invention, the user behavior data acquiring module 201 is further configured to:
the client takes the client version identification number, the client hardware identification number and the client communication address as a user unique identification code;
and the client side sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
And the user behavior identification module 202 is used for identifying the user behavior data by the edge computing server through a pre-trained user behavior identification model and outputting behavior identification result data.
Preferably, in another embodiment of the present invention, the result behavior data obtaining module 202 is further configured to:
the edge computing server receives the user unique identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identifier;
and the edge computing server associates the user behavior identification with the user unique identification code to generate behavior identification result data.
And the user behavior judging module 203 is used for judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program.
Preferably, in another embodiment of the present invention, the result behavior data determining module 203 is further configured to:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior discrimination program; the preset user behavior discrimination program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk level and the trust level rating.
And an access operation determining module 204, configured to determine, by the edge computing server, a corresponding operation of the client on a data access request initiated by the server according to the validity of the data of the behavior recognition result.
Preferably, in a further embodiment of the present invention, the access operation determining module 204 is further configured to:
if the behavior recognition result data is legal, the edge computing server initiates a data access request to the server through the client;
and if the behavior recognition result data is illegal, the edge computing server refuses a data access request initiated to the server by the client.
And the user behavior recognition model real-time training module 205 is configured to receive and store the user behavior data sent by the client by the server, and train a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
A user behavior identification model updating module 206, configured to send, by the server, the real-time user behavior identification model to the edge computing server at a first preset frequency, so as to update the user behavior identification model preset in the edge computing server.
Preferably, in a further embodiment of the present invention, the server further includes a user behavior recognition model training module, configured to: setting an identifier for the acquired user behavior data to obtain user behavior identifier data; converting the user behavior identification data into a user behavior feature vector; inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrent or cyclic neural network, a convolution neural network and a support vector machine.
The data protection device provided by the embodiment of the invention can execute the data protection method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in FIG. 4 is only one example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.
As shown in FIG. 4, computer device 12 is in the form of a general purpose computing device. The components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, computer device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 20. As shown, network adapter 20 communicates with the other modules of computer device 12 via bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computer device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing, such as implementing a data protection method provided by an embodiment of the present invention, by executing programs stored in the system memory 28.
Example four
A fourth embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the data protection method, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
A computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.