CN114006735A - Data protection method and device, computer equipment and storage medium - Google Patents

Data protection method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN114006735A
CN114006735A CN202111217190.9A CN202111217190A CN114006735A CN 114006735 A CN114006735 A CN 114006735A CN 202111217190 A CN202111217190 A CN 202111217190A CN 114006735 A CN114006735 A CN 114006735A
Authority
CN
China
Prior art keywords
user behavior
data
server
edge computing
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111217190.9A
Other languages
Chinese (zh)
Other versions
CN114006735B (en
Inventor
邹智元
戴佶轩
赵晓青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MuLianYun (Suzhou) Digital Technology Co.,Ltd.
Original Assignee
Guangzhou Wood Chain Cloud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Wood Chain Cloud Technology Co ltd filed Critical Guangzhou Wood Chain Cloud Technology Co ltd
Priority to CN202111217190.9A priority Critical patent/CN114006735B/en
Publication of CN114006735A publication Critical patent/CN114006735A/en
Application granted granted Critical
Publication of CN114006735B publication Critical patent/CN114006735B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5072Grid computing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a data protection method, a device, computer equipment and a storage medium, which are applied to a data protection system, wherein the system comprises a client, a server and an edge computing server, and the data protection method comprises the following steps: acquiring user behavior data according to a data access request initiated by a client to a server, and sending the user behavior data to an edge computing server; the edge computing server identifies user behavior data, outputs behavior identification result data, and determines corresponding operation of a client to a data access request initiated by the server according to the legality of the behavior identification result data; the server trains the real-time user behavior recognition model to update the user behavior recognition model preset in the edge calculation server. The user behavior is identified through the edge computing server, and the risk level is computed, so that the aim of effectively preventing malicious data access from the client is fulfilled.

Description

Data protection method and device, computer equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computer network security, in particular to a data protection method, a data protection device, computer equipment and a storage medium.
Background
In the current internet environment, data transmitted based on HTTP (hypertext transfer protocol) is usually directly exposed in a public network, and often a malicious crawler simulates a data access request of a real user in a client device, captures sensitive information of a company or an individual in batch, occupies a large amount of network transmission resources, affects data security of the company or the individual, and seriously interferes with normal access of the real user.
In the prior art, a data protection method for capturing malicious data mainly includes:
(1) the method adopts user authority control or verification code access limitation, and has the defects that the use experience of real users is poor;
(2) the data is dynamic, and the method has the defects that the crawler can crack and obtain actual data by acquiring the corresponding data change rule;
(3) the method has the disadvantages that the flexibility of data content is poor, and characters in the picture can still be recognized by adopting an optical character recognition technology;
(4) the method for establishing the operation and maintenance control strategy based on the IP blacklist has the defects that crawlers cannot be completely prevented from crawling when using the IP agents, and normal user access can be blocked by mistake.
Therefore, a mechanism is established to realize that whether a data access request is sent by a real user can be accurately judged according to the behavior data of the user at the client, so that malicious crawlers simulated by a machine are identified and blocked, and the aim of data protection is fulfilled, which is very urgent need.
Disclosure of Invention
The embodiment of the invention provides a data protection method, a data protection device, computer equipment and a storage medium, and aims to solve the problem that a client device possibly carries a malicious program to occupy a large amount of network resources in a data communication process and influence the safety of user data.
In a first aspect, an embodiment of the present invention provides a data protection method, where the method is applied to a data protection system, where the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, and the server is connected to the edge computing server, and the method includes:
according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data and sends the user behavior data to the edge computing server;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data;
the edge computing server judges the legality of the behavior recognition result data through a preset user behavior judging program;
the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the behavior recognition result data;
the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server.
In a second aspect, an embodiment of the present invention further provides a data protection apparatus, where the apparatus is applied to a data protection system, and the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, and the server is connected to the edge computing server, and the apparatus includes:
a user behavior data obtaining module, configured to obtain user behavior data according to a data access request initiated by the client to the server, where the user behavior data is obtained by a user behavior sensing program preset in the client and sent to the edge computing server;
the user behavior recognition module is used for recognizing the user behavior data through a pre-trained user behavior recognition model by the edge computing server and outputting behavior recognition result data;
the user behavior judging module is used for judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program;
an access operation determining module, configured to determine, by the edge computing server, a corresponding operation of the client on a data access request initiated by the server according to the validity of the data of the behavior recognition result;
the user behavior recognition model real-time training module is used for receiving and storing the user behavior data sent by the client by the server, and training a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the user behavior identification model updating module is used for sending the real-time user behavior identification model to the edge computing server by the server at a first preset frequency so as to update the user behavior identification model preset in the edge computing server.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a data protection method as claimed in any one of the first aspects.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the data protection method according to any one of the first aspect.
In this embodiment, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client obtains user behavior data and sends the user behavior data to the edge computing server; the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data; the edge computing server judges the legality of the behavior recognition result data through a preset user behavior judging program; the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the behavior recognition result data; the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm; and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server. The method comprises the steps of establishing a user behavior recognition algorithm model through normal artificial operation of a real user, recognizing by an edge computing server, continuously recording user behaviors, and calculating risk level and trust degree, so that whether a data access request is controlled or not is judged, and the purpose of effectively preventing malicious data crawlers is achieved.
Drawings
Fig. 1 is a flowchart of a data protection method according to an embodiment of the present invention;
fig. 2A is a diagram illustrating a structure of a data protection system according to an embodiment of the present invention;
fig. 2B is a diagram illustrating a structure of a data protection system according to an embodiment of the present invention;
fig. 2C is a timing sequence flow diagram of a data protection method according to an embodiment of the invention;
fig. 3 is a schematic structural diagram of a data protection device according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a data protection method according to an embodiment of the present invention, where the method is applied to a data protection system, where the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, respectively, and the server is connected to the edge computing server, where the method may be executed by a data protection device, where the data protection device may be implemented by software and/or hardware, and may be configured in a computer device, such as a server, a workstation, a personal computer, and the like, and specifically includes the following steps:
step 101, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client obtains user behavior data and sends the user behavior data to the edge computing server.
In the embodiment of the present invention, as shown in fig. 2A, the data protection system includes a client, a server, and an edge computing server, where the client is a mobile terminal device usually used by a user, and the user accesses server data through any installed program in the mobile terminal device, that is, the client initiates a data access request to the server.
Further, a user behavior sensing program P1 and a user behavior data encryption program P2 are installed in the client device E1, and the user behavior sensing program is used to obtain user behavior data, which generally includes a user operation logic sequence, a user operation frequency, a data traffic accessed by a user, and the like.
As shown in fig. 2, the user behavior awareness program P1 is created, and when the P1 runs, it first asks the user whether to approve the program to check the data access request of the client device E1 and to perceive the user operation behavior, and if the user approves, it checks whether a data access request Q1 occurs to E1, and perceives whether a behavior occurs to the user of E1 and generates user behavior data F1.
Further, the user behavior data encryption program P2 encrypts the F1 to obtain encrypted user behavior data F2, destroys the F1 immediately, and sends the encrypted user behavior data F2 to the edge computing server and the server.
Preferably, in another embodiment of the present invention, F2 retains a part of data characteristics of F1, which include statistical distribution characteristics, data association characteristics, and the like, but original information in F1 cannot be obtained from F2, and F2 cannot be restored to F1.
Preferably, in a further embodiment of the present invention, the sending the user behavior data to the edge computing server in step 101 may include:
and a substep A1, wherein the client uses the client version identification number, the client hardware identification number and the client communication address as the unique user identification code.
Specifically, the user behavior data encryption program P2 also generates a user unique identification code according to the client version identification number, the client hardware identification number, the communication address, and other information.
Sub-step a2, the client sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
Specifically, the client uploads F2 and the user unique identification code to the edge computing server E3 through the HTTP protocol at a fixed transmission period.
It is to be understood that the first preset frequency and the second preset frequency, that is, the fixed period mentioned above, are set by a person skilled in the relevant art according to a specific application scenario, and the embodiment of the present invention is not limited in this respect.
Preferably, in a further embodiment of the present invention, step 101 may further include:
and E, the client receives a notification message of receiving confirmation returned by the server, and deletes the local user behavior data.
Specifically, after receiving a confirmation receipt notification message returned by the server, the client deletes the locally cached encrypted user behavior data, and the user behavior data is stored in the server for a long time.
And 102, the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data.
In the embodiment of the present invention, as shown in fig. 2A and 2B, a user behavior database system D1 and a behavior recognition algorithm P4 are installed in a server E2, the behavior recognition algorithm P4 is used for training a real-time user behavior recognition model, and a user behavior discrimination program a1 and a user behavior recognition model P3 are installed in a computing server E3, where the user behavior discrimination program a1 receives encrypted user behavior data F2 transmitted from a client, and discriminates whether a corresponding user behavior is legal or not with respect to behavior recognition result data output by P3.
The behavior recognition algorithm P4 includes graph convolutional neural network, concurrent/cyclic neural network, convolutional neural network, support vector machine, etc. by using one or more of these methods, through using the user behavior recognition model trained by the user behavior sample data in advance, the user behavior generated in real time can be labeled to represent the characteristics of the user behavior and converted into the characteristic vector that can be recognized by the machine, and finally a defined behavior is output as the recognition result, the model obtained by the whole process is the updated user behavior recognition model, and is sent to the edge calculation server E3 to replace the old user behavior recognition model P3.
Preferably, in a further embodiment of the present invention, step 102 may comprise:
sub-step B1, the edge calculation server receiving the user unique identification code and the user behavior data.
Specifically, when the client device sends the acquired user unique identification code and the user behavior data to the calculation server, the calculation server receives the corresponding user unique identification code and the user behavior data.
And a sub-step B2, wherein the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identifier.
Specifically, the edge computing server inputs the received user behavior data into a pre-trained user behavior recognition model, and outputs a user behavior identifier of the user behavior data.
And a substep B3, generating behavior recognition result data after the edge computing server associates the user behavior identifier with the user unique identifier.
Specifically, the edge computing server uniquely associates the user behavior identifier with the user unique identification code corresponding to the user behavior data, and the obtained data is the result behavior data.
The client uploads the encrypted user behavior data F2 and the user unique identification code to the edge computing server E3 through an HTTP protocol in a fixed sending period, and the encrypted user behavior data and the user unique identification code are received by a user behavior judging program A1 installed in E3, and the user unique identification code and the user behavior identification F3 are associated and recorded by the A1.
And 103, judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program.
In the embodiment of the invention, the edge computing server is preset with a user behavior discrimination program, wherein user behavior grade operation aiming at various user behavior identification marks is set, for example, the risk grade and the trust degree of a user behavior identification result are graded, and executable specific operation such as access frequency limitation, IP address blocking and the like is set according to the grade.
Specifically, as shown in fig. 2A-2C, S51: the user behavior data encryption program P2 periodically sends F2 to a 1; the user behavior discrimination program A1 outputs a user behavior identifier F3 according to F2 and records the user behavior identifier continuously; when the edge computing server E3 receives a server access request Q1 sent by the client E1, triggering A1 to execute user behavior judgment logic, and if the judgment is normal behavior, allowing E3 to process Q1; if A1 judges abnormal behavior, E3 is prevented from processing Q1.
Preferably, in a further embodiment of the present invention, step 103 may comprise:
substep C1, the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior discrimination program; the preset user behavior discrimination program comprises a risk level and a trust degree rating standard of the user behavior identifier.
Specifically, a risk level and a trust level rating corresponding to a user behavior identifier are set in a preset user behavior discrimination process, and when behavior recognition result data are received, a user behavior discrimination program matches the user behavior identifier therein to obtain a matched risk level and trust level rating.
And a substep C2, determining the operation authority of the behavior recognition result data according to the risk level and the trust level rating by the edge computing server.
Specifically, as shown in fig. 2A-2C, the user behavior determination program a1 further establishes a risk control policy, evaluates the risk level and the trust level of E1 according to the user behavior identification result, and associates and records with the user unique identifier, thereby controlling the network access of E1; the risk control policy comprises access frequency limitation, IP address blocking and the like.
And step 104, the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the data of the behavior recognition result.
In the embodiment of the present invention, as described in step 103, the corresponding operation is determined according to the identified risk level and the confidence level of the user, that is, which data the user is allowed to access and which operation is performed, or which data the user is prohibited from accessing and which operation is performed, and the like.
Preferably, in a further embodiment of the present invention, step 104 may comprise:
substep D1, if the data of the behavior recognition result is legal, the edge computing server sends a data access request to the server through the client;
and a substep D2, if the data of the behavior recognition result is illegal, rejecting the data access request initiated by the client to the server by the edge computing server.
Specifically, as shown in fig. 2A-2C, the user behavior discrimination program a1 forms a user behavior path with the continuously generated F3, which the a1 uses to assist in determining whether a data access request of the client device E1 should be blocked.
And if the judgment is passed, allowing the data access request to the server generated by the user behavior path, and otherwise rejecting the request.
And 105, the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
In the embodiment of the present invention, as shown in fig. 2A to 2C, the method for training the real-time user behavior recognition model by the program P4 in the server E2 includes a deep neural network learning algorithm, which first determines the types and names of defined behaviors, then reads the encrypted user behavior data F2, analyzes a specific user behavior pattern and behavior path therefrom as training features or feature vectors, and finally performs training of the real-time user behavior recognition model.
And 106, the server sends the real-time user behavior identification model to the edge computing server at a first preset frequency so as to update the user behavior identification model preset in the edge computing server.
In the embodiment of the invention, the training method of the user behavior recognition model in the server E2 is to perform model training at regular intervals through the user behavior data stored in the E2 by the client, because the E2 receives the user behavior data transmitted by the client at fixed time, the model training is performed after the data is updated, the obtained model is also real-time, and the model trained in real time is used for replacing the user behavior recognition model P3 in the edge computing server E3, so that the timeliness of the user behavior recognition model and the accuracy of the user behavior identification output by the user behavior data are ensured.
Preferably, the user behavior recognition model in the embodiment of the present invention is trained through the following steps:
step 11, setting an identifier for the acquired user behavior data to obtain user behavior identifier data;
step 12, converting the user behavior identification data into a user behavior feature vector;
step 13, inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrent or cyclic neural network, a convolution neural network and a support vector machine.
Specifically, the method for establishing the user behavior recognition model P3 further includes a graph convolutional neural network, a concurrent/cyclic neural network, a convolutional neural network, a support vector machine, and the like, and by using one or more of these methods, user behavior data is defined and marked first, then encrypted user behavior data F2 is read, a specific user behavior pattern and a behavior path are analyzed therefrom as features, and are converted into feature vectors that can be recognized by a machine, and finally a defined behavior is output as a recognition result.
It is to be understood that the preset behavior recognition algorithm may be one or a combination of multiple neural network models, or may be other machine learning models, such as a deep learning algorithm, and the embodiment of the present invention is not limited to this specific algorithm content.
In this embodiment, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client obtains user behavior data and sends the user behavior data to the edge computing server; the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data; the edge computing server judges the legality of the behavior recognition result data through a preset user behavior judging program; the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the behavior recognition result data; the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm; and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server. The method comprises the steps of establishing a user behavior recognition algorithm model through normal artificial operation of a real user, recognizing by an edge computing server, continuously recording user behaviors, and calculating risk level and trust degree, so that whether a data access request is controlled or not is judged, and the purpose of effectively preventing malicious data crawlers is achieved.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Example two
Fig. 3 is a block diagram of a data protection device according to a second embodiment of the present invention, where the data protection device is applied to a data protection system, and the system includes a client 01, a server 021, and an edge computing server 022, where the client 01 is connected to the server 021 and the edge computing server connection 022, and the server 021 and the edge computing server 022 are connected to each other, and the data protection device specifically includes the following modules:
a user behavior data obtaining module 201, configured to obtain user behavior data according to a data access request initiated by the client to the server, where the user behavior data is obtained by a user behavior sensing program preset in the client, and send the user behavior data to the edge computing server.
Preferably, in a further embodiment of the present invention, further comprising:
and the user behavior data deleting module is used for deleting the local user behavior data when the client receives a notification message returned by the server to confirm the receipt.
Preferably, in another embodiment of the present invention, the user behavior data acquiring module 201 is further configured to:
the client takes the client version identification number, the client hardware identification number and the client communication address as a user unique identification code;
and the client side sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
And the user behavior identification module 202 is used for identifying the user behavior data by the edge computing server through a pre-trained user behavior identification model and outputting behavior identification result data.
Preferably, in another embodiment of the present invention, the result behavior data obtaining module 202 is further configured to:
the edge computing server receives the user unique identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identifier;
and the edge computing server associates the user behavior identification with the user unique identification code to generate behavior identification result data.
And the user behavior judging module 203 is used for judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program.
Preferably, in another embodiment of the present invention, the result behavior data determining module 203 is further configured to:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior discrimination program; the preset user behavior discrimination program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk level and the trust level rating.
And an access operation determining module 204, configured to determine, by the edge computing server, a corresponding operation of the client on a data access request initiated by the server according to the validity of the data of the behavior recognition result.
Preferably, in a further embodiment of the present invention, the access operation determining module 204 is further configured to:
if the behavior recognition result data is legal, the edge computing server initiates a data access request to the server through the client;
and if the behavior recognition result data is illegal, the edge computing server refuses a data access request initiated to the server by the client.
And the user behavior recognition model real-time training module 205 is configured to receive and store the user behavior data sent by the client by the server, and train a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
A user behavior identification model updating module 206, configured to send, by the server, the real-time user behavior identification model to the edge computing server at a first preset frequency, so as to update the user behavior identification model preset in the edge computing server.
Preferably, in a further embodiment of the present invention, the server further includes a user behavior recognition model training module, configured to: setting an identifier for the acquired user behavior data to obtain user behavior identifier data; converting the user behavior identification data into a user behavior feature vector; inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrent or cyclic neural network, a convolution neural network and a support vector machine.
The data protection device provided by the embodiment of the invention can execute the data protection method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. FIG. 4 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in FIG. 4 is only one example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.
As shown in FIG. 4, computer device 12 is in the form of a general purpose computing device. The components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, and commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, computer device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 20. As shown, network adapter 20 communicates with the other modules of computer device 12 via bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computer device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing, such as implementing a data protection method provided by an embodiment of the present invention, by executing programs stored in the system memory 28.
Example four
A fourth embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the data protection method, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
A computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A data protection method is applied to a data protection system, the system comprises a client, a server and an edge computing server, the client is respectively connected with the server and the edge computing server, and the server is connected with the edge computing server, the method comprises the following steps:
according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data and sends the user behavior data to the edge computing server;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data;
the edge computing server judges the legality of the behavior recognition result data through a preset user behavior judging program;
the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the legality of the behavior recognition result data;
the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server.
2. The method of claim 1, wherein sending the user behavior data to the edge computing server comprises:
the client takes the client version identification number, the client hardware identification number and the client communication address as a user unique identification code;
and the client side sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
3. The method of claim 2, wherein the edge computing server identifies the user behavior data through a pre-trained user behavior recognition model and outputs behavior recognition result data, and the method comprises:
the edge computing server receives the user unique identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identifier;
and the edge computing server associates the user behavior identification with the user unique identification code to generate behavior identification result data.
4. The method of claim 3, wherein the edge computing server determines the validity of the behavior recognition result data through a preset user behavior determination procedure, including:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior discrimination program; the preset user behavior discrimination program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk level and the trust level rating.
5. The method according to claim 2, wherein after the user behavior sensing program preset in the client obtains user behavior data according to the data access request initiated by the client to the server and sends the user behavior data to the edge computing server, the method further includes:
and the client side deletes the local user behavior data when receiving a notification message of receiving confirmation returned by the server.
6. The method of claim 1, wherein the determining, by the edge computing server and according to the validity of the behavior recognition result data, a corresponding operation of the client on the data access request initiated by the server comprises:
if the behavior recognition result data is legal, the edge computing server initiates a data access request to the server through the client;
and if the behavior recognition result data is illegal, the edge computing server refuses a data access request initiated to the server by the client.
7. The method of claim 1, wherein the user behavior recognition model is trained by:
setting an identifier for the acquired user behavior data to obtain user behavior identifier data;
converting the user behavior identification data into a user behavior feature vector;
inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrent or cyclic neural network, a convolution neural network and a support vector machine.
8. A data protection device is applied to a data protection system, the system comprises a client, a server and an edge computing server, the client is respectively connected with the server and the edge computing server, the server is connected with the edge computing server, and the device comprises:
a user behavior data obtaining module, configured to obtain user behavior data according to a data access request initiated by the client to the server, where the user behavior data is obtained by a user behavior sensing program preset in the client and sent to the edge computing server;
the user behavior recognition module is used for recognizing the user behavior data through a pre-trained user behavior recognition model by the edge computing server and outputting behavior recognition result data;
the user behavior judging module is used for judging the legality of the behavior identification result data by the edge computing server through a preset user behavior judging program;
an access operation determining module, configured to determine, by the edge computing server, a corresponding operation of the client on a data access request initiated by the server according to the validity of the data of the behavior recognition result;
the user behavior recognition model real-time training module is used for receiving and storing the user behavior data sent by the client by the server, and training a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the user behavior identification model updating module is used for sending the real-time user behavior identification model to the edge computing server by the server at a first preset frequency so as to update the user behavior identification model preset in the edge computing server.
9. A computer device, characterized in that the computer device comprises:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a data protection method as recited in any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the data protection method according to any one of claims 1 to 7.
CN202111217190.9A 2021-10-19 2021-10-19 Data protection method, device, computer equipment and storage medium Active CN114006735B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111217190.9A CN114006735B (en) 2021-10-19 2021-10-19 Data protection method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111217190.9A CN114006735B (en) 2021-10-19 2021-10-19 Data protection method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114006735A true CN114006735A (en) 2022-02-01
CN114006735B CN114006735B (en) 2024-03-08

Family

ID=79923206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111217190.9A Active CN114006735B (en) 2021-10-19 2021-10-19 Data protection method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114006735B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514566A (en) * 2022-09-22 2022-12-23 广州大一互联网络科技有限公司 Data management method and system based on edge calculation

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399225A (en) * 2019-07-29 2019-11-01 中国工商银行股份有限公司 Monitoring information processing method, system and computer system
CN110798353A (en) * 2019-10-31 2020-02-14 南京欣网互联网络科技有限公司 Network behavior risk perception and defense method based on behavior characteristic big data analysis
CN112257784A (en) * 2020-10-22 2021-01-22 福州大学 Electricity stealing detection method based on gradient boosting decision tree
US20210157868A1 (en) * 2019-11-27 2021-05-27 AO Kaspersky Lab System and method of generating individual content for a user of a service
CN113221470A (en) * 2021-06-10 2021-08-06 南方电网科学研究院有限责任公司 Federal learning method for power grid edge computing system and related device thereof
CN113422801A (en) * 2021-05-13 2021-09-21 河南师范大学 Edge network node content distribution method, system, device and computer equipment
CN113469367A (en) * 2021-05-25 2021-10-01 华为技术有限公司 Method, device and system for federated learning

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110399225A (en) * 2019-07-29 2019-11-01 中国工商银行股份有限公司 Monitoring information processing method, system and computer system
CN110798353A (en) * 2019-10-31 2020-02-14 南京欣网互联网络科技有限公司 Network behavior risk perception and defense method based on behavior characteristic big data analysis
US20210157868A1 (en) * 2019-11-27 2021-05-27 AO Kaspersky Lab System and method of generating individual content for a user of a service
CN112257784A (en) * 2020-10-22 2021-01-22 福州大学 Electricity stealing detection method based on gradient boosting decision tree
CN113422801A (en) * 2021-05-13 2021-09-21 河南师范大学 Edge network node content distribution method, system, device and computer equipment
CN113469367A (en) * 2021-05-25 2021-10-01 华为技术有限公司 Method, device and system for federated learning
CN113221470A (en) * 2021-06-10 2021-08-06 南方电网科学研究院有限责任公司 Federal learning method for power grid edge computing system and related device thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514566A (en) * 2022-09-22 2022-12-23 广州大一互联网络科技有限公司 Data management method and system based on edge calculation

Also Published As

Publication number Publication date
CN114006735B (en) 2024-03-08

Similar Documents

Publication Publication Date Title
US10778626B2 (en) Determining authenticity of reported user action in cybersecurity risk assessment
JP6290659B2 (en) Access management method and access management system
US10938859B2 (en) Managing privileged system access based on risk assessment
CN113536258A (en) Terminal access control method and device, storage medium and electronic equipment
EP3005215B1 (en) Passive security of applications
CN111416811A (en) Unauthorized vulnerability detection method, system, equipment and storage medium
CN109547426B (en) Service response method and server
US11301560B2 (en) Real-time detection and blocking of counterfeit websites
CN109257334A (en) A kind of data chain loading system, method and storage medium based on block chain
CN110324416B (en) Download path tracking method, device, server, terminal and medium
US11563727B2 (en) Multi-factor authentication for non-internet applications
US20210400049A1 (en) Dynamic Access Evaluation and Control System
CN112187702A (en) Method and device for verifying client
CN111431753A (en) Asset information updating method, device, equipment and storage medium
US20240037250A1 (en) Using machine-learning models to determine graduated levels of access to secured data for remote devices
CN113190839A (en) Web attack protection method and system based on SQL injection
CN114006735B (en) Data protection method, device, computer equipment and storage medium
CN114866258A (en) Method and device for establishing access relationship, electronic equipment and storage medium
US11750595B2 (en) Multi-computer processing system for dynamically evaluating and controlling authenticated credentials
JP7320462B2 (en) Systems and methods for performing tasks on computing devices based on access rights
CN110958236A (en) Dynamic authorization method of operation and maintenance auditing system based on risk factor insight
CN114257404B (en) Abnormal external connection statistical alarm method, device, computer equipment and storage medium
US20230133033A1 (en) System and method for processing a data subject rights request using biometric data matching
CN108347411B (en) Unified security guarantee method, firewall system, equipment and storage medium
US20230086556A1 (en) Interactive Email Warning Tags

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240521

Address after: Unit G3-1901-090, Artificial Intelligence Industrial Park, No. 88 Jinjihu Avenue, Suzhou Industrial Park, Suzhou Area, China (Jiangsu) Pilot Free Trade Zone, Suzhou City, Jiangsu Province, 215101

Patentee after: MuLianYun (Suzhou) Digital Technology Co.,Ltd.

Country or region after: China

Address before: 510000 Room 502, No. 44 Jinsha Road, Nansha District, Guangzhou City, Guangdong Province (Location: 502-4)

Patentee before: Guangzhou wood chain cloud Technology Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right