CN114006735B - Data protection method, device, computer equipment and storage medium - Google Patents
Data protection method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114006735B CN114006735B CN202111217190.9A CN202111217190A CN114006735B CN 114006735 B CN114006735 B CN 114006735B CN 202111217190 A CN202111217190 A CN 202111217190A CN 114006735 B CN114006735 B CN 114006735B
- Authority
- CN
- China
- Prior art keywords
- user behavior
- data
- edge computing
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000006399 behavior Effects 0.000 claims abstract description 333
- 238000004422 calculation algorithm Methods 0.000 claims description 23
- 238000012549 training Methods 0.000 claims description 16
- 238000013528 artificial neural network Methods 0.000 claims description 13
- 239000013598 vector Substances 0.000 claims description 9
- 230000006854 communication Effects 0.000 claims description 7
- 238000004891 communication Methods 0.000 claims description 6
- 238000012706 support-vector machine Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008447 perception Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000007547 defect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012954 risk control Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 235000011888 snacks Nutrition 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5072—Grid computing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention relates to a data protection method, a device, a computer device and a storage medium, which are applied to a data protection system, wherein the system comprises a client, a server and an edge computing server, and the data protection method comprises the following steps: acquiring user behavior data according to a data access request initiated by a client to a server, and sending the user behavior data to an edge computing server; the edge computing server identifies the user behavior data, outputs behavior identification result data, and determines corresponding operation of the client on a data access request initiated by the server according to the legality of the behavior identification result data; the server trains the real-time user behavior recognition model to update the user behavior recognition model preset in the edge computing server. The edge computing server is used for identifying user behaviors and computing risk levels, so that the purpose of effectively preventing malicious data access from a client is achieved.
Description
Technical Field
The embodiment of the invention relates to the technical field of computer network security, in particular to a data protection method, a data protection device, computer equipment and a storage medium.
Background
In the current internet environment, data transmitted based on HTTP (hypertext transfer protocol ) is usually directly exposed in a public network, often has malicious crawlers to simulate data access requests of real users in client devices, snacks sensitive information of companies or individuals in batches, occupies a large amount of network transmission resources, not only affects the data security of the companies or individuals, but also seriously interferes with normal access of the real users.
In the prior art, the data protection method aiming at malicious data grabbing mainly comprises the following steps:
(1) The method has the defects that the use experience of a real user is poor due to the adoption of user permission control or verification code access restriction;
(2) The data is dynamic, and the method has the defects that a crawler can crack and obtain actual data by acquiring a corresponding data change rule;
(3) The key data is subjected to picture processing, and the method has the defects that the flexibility of the data content is poor, and characters in pictures can be still identified by adopting an optical character identification technology;
(4) The operation and maintenance control strategy based on the IP blacklist is established, and the method has the defects that when the crawler uses the IP agent, the crawler can not be completely prevented from crawling, and the access to normal users can be blocked by mistake.
Therefore, a mechanism is established to realize that whether the data access request is sent by the real user can be judged more accurately according to the behavior data of the client user, so that the malicious crawler simulated by the machine is identified and blocked, the purpose of data protection is achieved, and the method is very urgent.
Disclosure of Invention
The embodiment of the invention provides a data protection method, a data protection device, computer equipment and a storage medium, which are used for solving the problem that a client device possibly carries malicious programs to occupy a large amount of network resources in the data communication process and influence the data security of a user.
In a first aspect, an embodiment of the present invention provides a data protection method, where the method is applied to a data protection system, the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, and the server is connected to the edge computing server, and the method includes:
according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data and sends the user behavior data to the edge computing server;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data;
the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program;
the edge computing server determines corresponding operation of the client on the data access request initiated by the server according to the validity of the behavior recognition result data;
the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server.
In a second aspect, an embodiment of the present invention further provides a data protection device, where the device is applied to a data protection system, and the system includes a client, a server, and an edge computing server, where the client is connected to the server and the edge computing server, and the server is connected to the edge computing server, and the device includes:
the user behavior data acquisition module is used for acquiring user behavior data according to a data access request initiated by the client to the server, and transmitting the user behavior data to the edge computing server by a user behavior perception program preset in the client;
the edge computing server is used for receiving the user behavior data and outputting the behavior recognition result data;
the user behavior discriminating module is used for discriminating the validity of the behavior recognition result data by the edge computing server through a preset user behavior discriminating program;
the access operation determining module is used for determining the corresponding operation of the client to the data access request initiated by the server according to the validity of the behavior recognition result data by the edge computing server;
the user behavior recognition model real-time training module is used for receiving the user behavior data sent by the client side by the server, storing the user behavior data, and training a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
and the user behavior recognition model updating module is used for transmitting the real-time user behavior recognition model to the edge computing server at a first preset frequency by the server so as to update the user behavior recognition model preset in the edge computing server.
In a third aspect, an embodiment of the present invention further provides a computer apparatus, including:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data protection method of any of the first aspects.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data protection method as in any of the first aspects.
In this embodiment, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data, and sends the user behavior data to the edge computing server; the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data; the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program; the edge computing server determines corresponding operation of the client on the data access request initiated by the server according to the validity of the behavior recognition result data; the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm; and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server. And establishing a user behavior recognition algorithm model through normal artificial operation of a real user, recognizing by an edge computing server, continuously recording user behaviors, and computing risk level and trust level, so as to judge whether to control a data access request or not, and realize the aim of effectively preventing malicious data crawlers.
Drawings
FIG. 1 is a flowchart of a data protection method according to a first embodiment of the present invention;
FIG. 2A is a diagram illustrating an exemplary architecture of a data protection system according to an embodiment of the present invention;
FIG. 2B is a diagram illustrating an exemplary architecture of a data protection system according to an embodiment of the present invention;
FIG. 2C is a timing flow chart of a data protection method according to an embodiment of the invention;
fig. 3 is a schematic structural diagram of a data protection device according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a data protection method according to a first embodiment of the present invention, where the method is applied to a data protection system, and the system includes a client and a server, where the client is connected to the server, and the server is connected to the server, and the method may be implemented by a data protection device, and the data protection device may be implemented by software and/or hardware, and may be configured in a computer device, for example, a server, a workstation, a personal computer, and so on, and specifically includes the following steps:
step 101, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data, and sends the user behavior data to the edge computing server.
In the embodiment of the present invention, as shown in fig. 2A, the data protection system includes a client, a server, and an edge computing server, where the client is generally a mobile terminal device used by a user, and the user accesses server data through any installed program in the mobile terminal device, that is, initiates a data access request to the server by the client.
Further, a user behavior awareness program P1 and a user behavior data encryption program P2 are installed in the client device E1, where the user behavior awareness program is configured to obtain user behavior data, and generally includes a logic sequence of user operations, a frequency of user operations, a data flow rate accessed by the user, and the like.
As shown in fig. 2, the user behavior aware program P1 is established, and when the user P1 runs, the user is firstly asked whether to agree with the program to check the data access request of the client device E1 and to perceive the user operation behavior, if the user agrees, the user checks whether a data access request Q1 occurs in the E1, and senses whether a behavior occurs in the user of the E1 and generates the user behavior data F1.
Further, the user behavior data encryption program P2 encrypts F1 to obtain encrypted user behavior data F2, and immediately destroys F1, and sends the encrypted user behavior data F2 to the edge calculation server and the server.
Preferably, in another embodiment of the present invention, F2 retains a part of the data characteristics of F1, including statistical distribution characteristics, data association characteristics, and the like, but the original information in F1 cannot be obtained from F2, and F2 cannot be restored to F1.
Preferably, in a further embodiment of the present invention, the sending the user behavior data to the edge computing server in step 101 may include:
and a substep A1, wherein the client uses the client version identification number, the client hardware identification number and the client communication address as the unique identification code of the user.
Specifically, the user behavior data encryption program P2 also generates and establishes a unique user identification code according to the information such as the client version identification number, the client hardware identification number, the communication address, and the like.
And a sub-step A2, wherein the client sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
Specifically, the client uploads the F2 and the user unique identification code to the edge computing server E3 at a fixed transmission period through the HTTP protocol.
It will be appreciated that the first preset frequency and the second preset frequency, that is, the above-mentioned fixed period, are set by the related technicians according to the specific application scenario, which is not particularly limited in the embodiment of the present invention.
Preferably, in another embodiment of the present invention, step 101 may further include:
and E, the client receives a notification message returned by the server, and deletes the local user behavior data.
Specifically, when the client receives the notification message returned by the server, the encrypted user behavior data of the local cache is deleted, and the user behavior data is stored in the server for a long time.
Step 102, the edge computing server recognizes the user behavior data through a pre-trained user behavior recognition model, and outputs behavior recognition result data.
In the embodiment of the present invention, as shown in fig. 2A and 2B, a user behavior database system D1 and a behavior recognition algorithm P4 are installed in a server E2, the behavior recognition algorithm P4 is used for training a real-time user behavior recognition model, and a user behavior discrimination program A1 and a user behavior recognition model P3 are installed in a computing server E3, where the user behavior discrimination program A1 receives encrypted user behavior data F2 transmitted from a client, and determines whether a corresponding user behavior has validity according to behavior recognition result data output by P3.
The method used by the behavior recognition algorithm P4 includes a graph convolution neural network, a concurrency/circulation neural network, a convolutional neural network, a support vector machine, and the like, and by using one or more of these methods, a user behavior recognition model trained by using user behavior sample data in advance can be labeled to represent the characteristics of the user behavior generated in real time, and converted into a feature vector that can be recognized by a machine, and finally a defined behavior is output as a recognition result, and a model obtained by completing the whole process is an updated user behavior recognition model, and is sent to an edge calculation server E3 to replace the old user behavior recognition model P3 therein.
Preferably, in further embodiments of the present invention, step 102 may include:
and a sub-step B1, wherein the edge computing server receives the unique user identification code and the user behavior data.
Specifically, when the client device sends the obtained unique user identification code and the user behavior data to the computing server, the computing server receives the corresponding unique user identification code and the corresponding user behavior data.
And B2, the edge computing server recognizes the user behavior data through a pre-trained user behavior recognition model and outputs a user behavior identification.
Specifically, the edge computing server inputs the received user behavior data into a pre-trained user behavior recognition model, and outputs a user behavior identification of the user behavior data.
And B3, the edge computing server associates the user behavior identification with the unique user identification code and then generates behavior identification result data.
Specifically, the edge computing server uniquely associates the user behavior identifier with a user unique identification code corresponding to the user behavior data, and the obtained data is result behavior data.
The client uploads the encrypted user behavior data F2 and the user unique identification code to the edge computing server E3 through the HTTP protocol in a fixed transmission period, and the encrypted user behavior data F2 and the encrypted user unique identification code are received by the user behavior discrimination program A1 installed in the edge computing server E3, and the user unique identification code and the user behavior identification F3 are associated and recorded by the client A1.
And step 103, the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program.
In the embodiment of the invention, a user behavior discriminating program is preset in the edge computing server, wherein user behavior grade operations aiming at various user behavior identification marks are set, for example, the risk grade and the trust degree of the user behavior identification result are graded, and executable specific operations such as access frequency limiting, IP address blocking and the like are set according to the grade.
Specifically, as shown in FIGS. 2A-2C, S51: the user behavior data encryption program P2 periodically transmits F2 to A1; the user behavior judging program A1 outputs a user behavior identifier F3 according to F2 and continuously records the user behavior identifier F3; the edge computing server E3 triggers A1 to execute user behavior judging logic when receiving a server access request Q1 sent by the client E1, and if judging to be normal behavior, the edge computing server E3 is allowed to process Q1; if A1 judges the abnormal behavior, E3 is prevented from processing Q1.
Preferably, in a further embodiment of the present invention, step 103 may include:
step C1, the edge computing server acquires the risk level and the trust level rating of the behavior recognition result data through a preset user behavior judging program; the preset user behavior judging program comprises a risk level and a trust degree rating standard of the user behavior identification.
Specifically, a risk level and a trust level rating corresponding to the user behavior identification are set in a preset user behavior identification process, and when behavior identification result data are received, the user behavior identification process matches the user behavior identification therein to obtain the matched risk level and trust level rating.
And C2, determining the operation authority of the behavior recognition result data by the edge computing server according to the risk grade and the trust grade.
Specifically, as shown in fig. 2A-2C, the user behavior discrimination program A1 also establishes a risk control policy, evaluates the risk level and the trust level of E1 according to the user behavior recognition result, and associates and records with the unique user identification code, thereby controlling the network access of E1; the risk control policy includes limiting access frequency, IP address blocking, etc.
Step 104, the edge computing server determines the corresponding operation of the client to the data access request initiated by the server according to the validity of the behavior recognition result data.
In the embodiment of the present invention, as described in step 103, corresponding operations are determined according to the identified risk level and trust level of the user, that is, which data the user is allowed to access, which operations are performed, or which data the user is prohibited from accessing, which operations are performed, etc.
Preferably, in further embodiments of the present invention, step 104 may include:
step D1, if the behavior recognition result data are legal, an edge computing server initiates a data access request to the server through the client;
and D2, if the behavior recognition result data is illegal, rejecting the data access request initiated by the client to the server by the edge computing server.
Specifically, as shown in fig. 2A to 2C, the user behavior discrimination program A1 forms a continuously generated F3 into a user behavior path, and A1 uses the user behavior path to assist in determining whether a data access request of the client device E1 should be blocked.
And if the judgment is passed, allowing the data access request to the server generated by the user behavior path, otherwise, rejecting the request.
Step 105, the server receives the user behavior data sent by the client side, stores the user behavior data, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
In the embodiment of the present invention, as shown in fig. 2A-2C, the method for training the real-time user behavior recognition model by the program P4 in the server E2 includes a deep neural network learning algorithm, first determining various types and names of defined behaviors, then reading encrypted user behavior data F2, analyzing specific user behavior patterns and behavior paths therefrom as training features or feature vectors, and finally training the real-time user behavior recognition model.
And step 106, the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server.
In the embodiment of the invention, the training method of the user behavior recognition model in the server E2 is to train the model by the user behavior data stored in the server E2 through the client, and model training is carried out every other fixed time period, because the E2 is to receive the user behavior data transmitted by the client at fixed time, the model training is carried out after data updating, the obtained model is also real-time, the model trained in real time replaces the user behavior recognition model P3 in the edge computing server E3, and the timeliness of the user behavior recognition model and the accuracy of the output user behavior identification of the user behavior data are ensured.
Preferably, the user behavior recognition model in the embodiment of the invention is trained by the following steps:
step 11, setting the obtained user behavior data with an identifier to obtain user behavior identifier data;
step 12, converting the user behavior identification data into user behavior feature vectors;
step 13, inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrence or circulation neural network, a convolution neural network and a support vector machine.
Specifically, the method for establishing the user behavior recognition model P3 further includes a graph convolutional neural network, a concurrency/circulation neural network, a convolutional neural network, a support vector machine, and the like, and by using one or more of these methods, user behavior data is defined and marked first, then encrypted user behavior data F2 is read, a specific user behavior pattern and a behavior path are analyzed therefrom as features, and converted into feature vectors that can be recognized by the machine, and finally a defined behavior is output as a recognition result.
It will be appreciated that the preset behavior recognition algorithm may be one or a combination of more neural network models, or may be other machine learning models, such as a deep learning algorithm, and the embodiment of the present invention is not limited in this respect with respect to the specific algorithm content.
In this embodiment, according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data, and sends the user behavior data to the edge computing server; the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data; the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program; the edge computing server determines corresponding operation of the client on the data access request initiated by the server according to the validity of the behavior recognition result data; the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm; and the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server. And establishing a user behavior recognition algorithm model through normal artificial operation of a real user, recognizing by an edge computing server, continuously recording user behaviors, and computing risk level and trust level, so as to judge whether to control a data access request or not, and realize the aim of effectively preventing malicious data crawlers.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Example two
Fig. 3 is a block diagram of a data protection device according to a second embodiment of the present invention, where the device is applied to a data protection system, and the system includes a client 01, a server 021 and an edge computing server 022, where the client 01 is connected to the server 021 and the edge computing server 022 respectively, and the server 021 and the edge computing server 022 are connected to each other, and may specifically include the following modules:
and the user behavior data acquisition module 201 is configured to acquire user behavior data according to a data access request initiated by the client to the server, where a user behavior perception program preset in the client acquires the user behavior data, and send the user behavior data to the edge computing server.
Preferably, in a further embodiment of the present invention, further comprising:
and the user behavior data deleting module is used for deleting the local user behavior data when the client receives the notification message returned by the server.
Preferably, in another embodiment of the present invention, the user behavior data acquisition module 201 is further configured to:
the client uses the client version identification number, the client hardware identification number and the client communication address as a unique user identification code;
the client sends the user unique identification code and the user behavior data to the edge computing server at a second preset frequency.
The user behavior recognition module 202 is configured to recognize the user behavior data by using the edge computing server through a pre-trained user behavior recognition model, and output behavior recognition result data.
Preferably, in another embodiment of the present invention, the result behavioural data acquisition module 202 is further configured to:
the edge computing server receives the unique user identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identification;
and the edge computing server associates the user behavior identification with the unique user identification code and then generates behavior identification result data.
The user behavior discriminating module 203 is configured to discriminate the validity of the behavior recognition result data by using a preset user behavior discriminating program.
Preferably, in another embodiment of the present invention, the result behavior data discrimination module 203 is further configured to:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior judging program; the preset user behavior judging program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk grade and the trust grade.
And the access operation determining module 204 is configured to determine, by the edge computing server according to the validity of the behavior recognition result data, a corresponding operation of the client on the data access request initiated by the server.
Preferably, in a further embodiment of the present invention, the access operation determining module 204 is further configured to:
if the behavior recognition result data are legal, an edge computing server initiates a data access request to the server through the client;
and if the behavior recognition result data is illegal, rejecting the data access request initiated by the client to the server by the edge computing server.
The real-time training module 205 for a user behavior recognition model is configured to receive and store the user behavior data sent by the client, and train the real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm.
And a user behavior recognition model updating module 206, configured to send the real-time user behavior recognition model to the edge computing server at a first preset frequency by using the server, so as to update the user behavior recognition model preset in the edge computing server.
Preferably, in a further embodiment of the present invention, the server further comprises a user behavior recognition model training module for: setting an identifier for the acquired user behavior data to obtain user behavior identifier data; converting the user behavior identification data into user behavior feature vectors; inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrence or circulation neural network, a convolution neural network and a support vector machine.
The data protection device provided by the embodiment of the invention can execute the data protection method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example III
Fig. 4 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. Fig. 4 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in fig. 4 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in FIG. 4, the computer device 12 is in the form of a general purpose computing device. Components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, commonly referred to as a "hard disk drive"). Although not shown in fig. 4, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the computer device 12, and/or any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Moreover, computer device 12 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 20. As shown, network adapter 20 communicates with other modules of computer device 12 via bus 18. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with computer device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, for example, implementing the data protection method provided by the embodiment of the present invention.
Example IV
The fourth embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of the data protection method described above, and the same technical effects can be achieved, so that repetition is avoided, and no further description is given here.
The computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (7)
1. A data protection method, wherein the method is applied to a data protection system, the system comprises a client, a server and an edge computing server, the client is respectively connected with the server and the edge computing server, and the server is connected with the edge computing server, and the method comprises:
according to a data access request initiated by the client to the server, a user behavior sensing program preset in the client acquires user behavior data and sends the user behavior data to the edge computing server;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data;
the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program;
the edge computing server determines corresponding operation of the client on the data access request initiated by the server according to the validity of the behavior recognition result data;
the server receives and stores the user behavior data sent by the client, and trains a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
the server sends the real-time user behavior recognition model to the edge computing server at a first preset frequency so as to update the user behavior recognition model preset in the edge computing server;
the sending the user behavior data to the edge computing server includes:
the client uses the client version identification number, the client hardware identification number and the client communication address as a unique user identification code;
the client sends the unique user identification code and the user behavior data to the edge computing server at a second preset frequency;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs behavior identification result data, and the edge computing server comprises:
the edge computing server receives the unique user identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identification;
the edge computing server associates the user behavior identification with the unique user identification code and then generates behavior identification result data;
the edge computing server judges the validity of the behavior recognition result data through a preset user behavior judging program, and comprises the following steps:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior judging program; the preset user behavior judging program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk grade and the trust grade.
2. The method according to claim 1, wherein after the user behavior awareness program preset in the client obtains the user behavior data according to the data access request initiated by the client to the server, the method further comprises:
and the client receives a notification message returned by the server and deletes the local user behavior data.
3. The method of claim 1, wherein the edge computing server determining, based on the validity of the behavior recognition result data, a corresponding operation of the client to the server-initiated data access request comprises:
if the behavior recognition result data are legal, an edge computing server initiates a data access request to the server through the client;
and if the behavior recognition result data is illegal, rejecting the data access request initiated by the client to the server by the edge computing server.
4. The method of claim 1, wherein the user behavior recognition model is trained by:
setting an identifier for the acquired user behavior data to obtain user behavior identifier data;
converting the user behavior identification data into user behavior feature vectors;
inputting the user behavior feature vector into a preset behavior recognition algorithm for training to obtain a user behavior recognition model; the preset behavior recognition algorithm at least comprises one or more of a graph convolution neural network, a concurrence or circulation neural network, a convolution neural network and a support vector machine.
5. A data protection device, wherein the device is applied to a data protection system, the system comprises a client, a server and an edge computing server, the client is respectively connected with the server and the edge computing server, and the server is connected with the edge computing server, and the device comprises:
the user behavior data acquisition module is used for acquiring user behavior data according to a data access request initiated by the client to the server, and transmitting the user behavior data to the edge computing server by a user behavior perception program preset in the client;
the edge computing server is used for receiving the user behavior data and outputting the behavior recognition result data;
the user behavior discriminating module is used for discriminating the validity of the behavior recognition result data by the edge computing server through a preset user behavior discriminating program;
the access operation determining module is used for determining the corresponding operation of the client to the data access request initiated by the server according to the validity of the behavior recognition result data by the edge computing server;
the user behavior recognition model real-time training module is used for receiving the user behavior data sent by the client side by the server, storing the user behavior data, and training a real-time user behavior recognition model by using the stored user behavior data through a preset behavior recognition algorithm;
the user behavior recognition model updating module is used for sending the real-time user behavior recognition model to the edge computing server at a first preset frequency by the server so as to update the user behavior recognition model preset in the edge computing server;
the user behavior data acquisition module is further used for:
the client uses the client version identification number, the client hardware identification number and the client communication address as a unique user identification code;
the client sends the unique user identification code and the user behavior data to the edge computing server at a second preset frequency;
the result behavior data acquisition module is further configured to:
the edge computing server receives the unique user identification code and the user behavior data;
the edge computing server identifies the user behavior data through a pre-trained user behavior identification model and outputs a user behavior identification;
the edge computing server associates the user behavior identification with the unique user identification code and then generates behavior identification result data;
the result behavior data discrimination module is further configured to:
the edge computing server obtains the risk level and the trust level rating of the behavior recognition result data through a preset user behavior judging program; the preset user behavior judging program comprises a risk level and a trust degree rating standard of a user behavior identifier;
and the edge computing server determines the operation authority of the behavior recognition result data according to the risk grade and the trust grade.
6. A computer device, the computer device comprising:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data protection method of any of claims 1-4.
7. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the data protection method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111217190.9A CN114006735B (en) | 2021-10-19 | 2021-10-19 | Data protection method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111217190.9A CN114006735B (en) | 2021-10-19 | 2021-10-19 | Data protection method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114006735A CN114006735A (en) | 2022-02-01 |
| CN114006735B true CN114006735B (en) | 2024-03-08 |
Family
ID=79923206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111217190.9A Active CN114006735B (en) | 2021-10-19 | 2021-10-19 | Data protection method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006735B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514566A (en) * | 2022-09-22 | 2022-12-23 | 广州大一互联网络科技有限公司 | Data management method and system based on edge calculation |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399225A (en) * | 2019-07-29 | 2019-11-01 | 中国工商银行股份有限公司 | Monitoring information processing method, system and computer system |
| CN110798353A (en) * | 2019-10-31 | 2020-02-14 | 南京欣网互联网络科技有限公司 | Network behavior risk perception and defense method based on behavior characteristic big data analysis |
| CN112257784A (en) * | 2020-10-22 | 2021-01-22 | 福州大学 | Electricity stealing detection method based on gradient boosting decision tree |
| CN113221470A (en) * | 2021-06-10 | 2021-08-06 | 南方电网科学研究院有限责任公司 | Federal learning method for power grid edge computing system and related device thereof |
| CN113422801A (en) * | 2021-05-13 | 2021-09-21 | 河南师范大学 | Edge network node content distribution method, system, device and computer equipment |
| CN113469367A (en) * | 2021-05-25 | 2021-10-01 | 华为技术有限公司 | Method, device and system for federated learning |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2745362C1 (en) * | 2019-11-27 | 2021-03-24 | Акционерное общество "Лаборатория Касперского" | System and method of generating individual content for service user |
-
2021
- 2021-10-19 CN CN202111217190.9A patent/CN114006735B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110399225A (en) * | 2019-07-29 | 2019-11-01 | 中国工商银行股份有限公司 | Monitoring information processing method, system and computer system |
| CN110798353A (en) * | 2019-10-31 | 2020-02-14 | 南京欣网互联网络科技有限公司 | Network behavior risk perception and defense method based on behavior characteristic big data analysis |
| CN112257784A (en) * | 2020-10-22 | 2021-01-22 | 福州大学 | Electricity stealing detection method based on gradient boosting decision tree |
| CN113422801A (en) * | 2021-05-13 | 2021-09-21 | 河南师范大学 | Edge network node content distribution method, system, device and computer equipment |
| CN113469367A (en) * | 2021-05-25 | 2021-10-01 | 华为技术有限公司 | Method, device and system for federated learning |
| CN113221470A (en) * | 2021-06-10 | 2021-08-06 | 南方电网科学研究院有限责任公司 | Federal learning method for power grid edge computing system and related device thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114006735A (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102514325B1 (en) | Model training system and method, storage medium | |
| US9223987B2 (en) | Confidential information identifying method, information processing apparatus, and program | |
| US20200293684A1 (en) | Data security hub | |
| US10079832B1 (en) | Controlling user creation of data resources on a data processing platform | |
| RU2018129947A (en) | COMPUTER SECURITY SYSTEM BASED ON ARTIFICIAL INTELLIGENCE | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN110324416B (en) | Download path tracking method, device, server, terminal and medium | |
| CN109547426B (en) | Service response method and server | |
| CN110084053A (en) | Data desensitization method, device, electronic equipment and storage medium | |
| US11810014B2 (en) | Systems, methods and apparatus for evaluating status of computing device user | |
| CN107403108A (en) | A kind of method and system of data processing | |
| CN114021184A (en) | Data management method and device, electronic equipment and storage medium | |
| CN113190839A (en) | Web attack protection method and system based on SQL injection | |
| CN112069527A (en) | Tax control invoice protection method and system based on multiple safety protection measures | |
| US10515187B2 (en) | Artificial intelligence (AI) techniques for learning and modeling internal networks | |
| CN114006735B (en) | Data protection method, device, computer equipment and storage medium | |
| CN113961940B (en) | Override detection method and device based on authority dynamic update mechanism | |
| US7987513B2 (en) | Data-use restricting method and computer product | |
| CN110301127A (en) | Device and method for predictive token authentication | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| Izergin et al. | Risk assessment model of compromising personal data on mobile devices | |
| CN108347411B (en) | Unified security guarantee method, firewall system, equipment and storage medium | |
| CN116070185A (en) | System and method for processing data body rights requests using biometric data matching | |
| CN111953637B (en) | Application service method and device | |
| CN112214464A (en) | Evidence preservation method and system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |