CN114115748A - Intelligent management method based on big data information safety and big data information system - Google Patents
Intelligent management method based on big data information safety and big data information system Download PDFInfo
- Publication number
- CN114115748A CN114115748A CN202111477242.6A CN202111477242A CN114115748A CN 114115748 A CN114115748 A CN 114115748A CN 202111477242 A CN202111477242 A CN 202111477242A CN 114115748 A CN114115748 A CN 114115748A
- Authority
- CN
- China
- Prior art keywords
- data
- sent out
- outgoing
- sent
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0656—Data buffering arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an intelligent management method based on big data information security and a big data information system, which are used for carrying out security detection on outgoing data stored in an outgoing data storage space, acquiring a corresponding security vector if first outgoing data passes the detection, generating second outgoing data according to the original data to be outgoing and the security vector, broadcasting the second outgoing data in an outgoing network so as to enable other service servers to cache the second outgoing data to be outgoing into the storage spaces, updating the security coefficient corresponding to each outgoing data in the updated outgoing data storage space, determining the outgoing data with the updated security coefficient larger than a preset threshold value as the safe outgoing data, and comparing with the related technology that only a single server is used for carrying out outgoing data detection, according to the scheme, all the service servers in the outgoing network can participate in detection, so that the safety of outgoing data is improved.
Description
Technical Field
The application relates to the field of data transmission, in particular to an intelligent management method based on big data information safety and a big data information system.
Background
In the management of the internet service provider, in order to ensure the security of sensitive data sent by the internet service provider, detection is often required in the process of data outgoing, and the data can be sent out after the outgoing condition set by a user is met, so that the commercial confidentiality, account property and the like of the internet service provider user are ensured. In the related art, the single server or device responsible for verifying the outgoing data usually performs the verification operation of the whole data security, so that the outgoing data is required to be maliciously acquired or maliciously tampered, only one server needs to be subjected to network attack, and the data security of the sensitive outgoing data of the internet service provider user cannot be guaranteed.
Disclosure of Invention
The application provides an intelligent management method based on big data information safety and a big data information system.
In a first aspect, an embodiment of the present application provides an intelligent management method based on big data information security, which is applied to a service server, and includes:
acquiring to-be-sent-out original data uploaded by a user terminal, and carrying out security detection on the to-be-sent-out data stored in an outgoing data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively;
if the first to-be-sent-out data in the at least one to-be-sent-out data passes the security detection and is the to-be-sent-out data with the highest priority in the target to-be-sent-out data group, acquiring a security vector corresponding to the first to-be-sent-out data, generating second to-be-sent-out data according to the to-be-sent-out original data and the security vector, adding the second to-be-sent-out data to the target to-be-sent-out data group, and obtaining an updated outgoing data storage space;
broadcasting the second data to be sent out in the outgoing network so as to enable the other service servers in the outgoing network except the service server generating the second data to be sent out to cache the second data to be sent out to the storage spaces to which the second data to be sent out belong respectively;
and updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, of which the updated safety factor is greater than a preset safety factor threshold value, as the data which can be sent out safely.
In a second aspect, an embodiment of the present application provides an intelligent management system based on big data information security, which is applied to a service server, and includes:
the acquisition module is used for acquiring to-be-sent-out original data uploaded by the user terminal and carrying out security detection on to-be-sent-out data stored in the to-be-sent-out data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively;
the judging module is used for acquiring a safety vector corresponding to the first data to be sent out if the first data to be sent out in the at least one data to be sent out passes the safety detection and is the data to be sent out with the highest priority in the target data group to be sent out, generating second data to be sent out according to the original data to be sent out and the safety vector, and adding the second data to be sent out to the target data group to be sent out to obtain an updated data storage space to be sent out;
the outgoing module is used for broadcasting the second data to be outgoing in the outgoing network so as to enable the other service servers in the outgoing network except the service server generating the second data to be outgoing to cache the second data to be outgoing to the storage spaces to which the second data to be outgoing belongs; and updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, of which the updated safety factor is greater than a preset safety factor threshold value, as the data which can be sent out safely.
Compared with the prior art, the beneficial effects provided by the application comprise: by adopting the intelligent management method based on big data information security and the big data information system disclosed by the application, the security detection is carried out on the data to be sent out stored in the data sending-out storage space, if the first data to be sent out passes the detection, the corresponding security vector is obtained, the second data to be sent out is generated according to the original data to be sent out and the security vector, the second data to be sent out is broadcasted in the sending-out network, so that the other service servers respectively cache the second data to be sent out to the storage spaces to which the second data to be sent out belongs, then the security coefficient corresponding to each data to be sent out in the updated sending-out data storage space is updated, the data to be sent out with the updated security coefficient larger than the preset threshold value is determined as the data to be sent out safely, and compared with the related technology, the intelligent management method based on big data information security and the big data information system only adopt a single server to carry out the detection on the data to be sent out, according to the scheme, all the service servers in the outgoing network can participate in detection, so that the safety of outgoing data is improved.
Drawings
Fig. 1 is a schematic flowchart illustrating steps of an intelligent management method based on big data information security according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides an intelligent management scene based on big data information safety. The scenario may include: the service servers in the outgoing network have the same data group to be outgoing, the data group to be outgoing comprises a plurality of data to be outgoing, and each service server in the outgoing network can read all data recorded in the data group to be outgoing. Of course, each service server in the outbound network may also generate new data to be outbound according to the newly generated data, and when the new data to be outbound passes the security verification in all the service servers, the new data to be outbound may be submitted to the data group to be outbound. The verification process for new outgoing data is explained below: the service server in the outgoing network has a data group to be outgoing formed by 10 data to be outgoing, and each data to be outgoing except the initial data to be outgoing in the data group to be outgoing can contain the safety vector of the previous data to be outgoing, so that a chain data structure among the data to be outgoing is formed. For example, after the server 10a receives new data 1 uploaded by the client, the server 10a may package the data 1 into a new data to be sent out 11, where the data to be sent out 11 is composed of a data tag and a data main body, the data tag may include a security vector corresponding to the highest priority target data to be sent out in the data group to be sent out (i.e., the 10 th data to be sent out in the data group to be sent out), and the data main body is mainly used for storing the received data 1. After the server 10a generates the data to be sent out 11, the data to be sent out 11 may be broadcast to the rest of the service servers in the outgoing network, and the data to be sent out 11 is stored in the local cache area corresponding to the server 10 a.
Since the server 10a broadcasts the data to be sent out 11 in the outgoing network, the data to be sent out 11 is stored in the local cache areas corresponding to the server 10b and the server 10 c. After the server 10b receives the new data 2, before the server 10b packages the data 2 into the data to be sent out 12, it needs to verify the data to be sent out 11 stored in the local cache region, for example, detect whether the data 1 stored in the data to be sent out 11 is valid data, whether the security vector stored in the data tag is legal, and the like. After the data to be sent out 11 passes the verification, the server 10b may obtain the security vector corresponding to the data to be sent out 11, and generate the data to be sent out 12 according to the security vector corresponding to the data to be sent out 11 and the data 2, and similarly, the server 10b may broadcast the data to be sent out 12 to the other service servers in the outgoing network, and store the data to be sent out 12 in the local cache region. In other words, the data tag of the to-be-outgoing data 12 includes the security vector corresponding to the to-be-outgoing data 11, which indicates that the verification result of the server 10b on the to-be-outgoing data 11 is: it is reasonable to verify that the data to be sent out 11 is approved by the server 10b, at which time the data to be sent out 11 has already been approved by both the server 10a and the server 10b in the outgoing network (the data to be sent out 11 is generated by the server 10a, so the server 10a must confirm that the data to be sent out 11 is legitimate).
After the server 10b broadcasts the data to be sent out 12 in the whole network, the data to be sent out 11 generated by the server 10a and the data to be sent out 12 generated by the server 10b are already stored in the local storage area 20a corresponding to the server 10 c. If the user 1 with the account bb wants to obtain sensitive outgoing data from the user 2 with the account aa, the user 1 can achieve outgoing service with the user 2. The user 2 may create sensitive outgoing raw data (i.e., data 3) through the terminal device 10e, and upload the data 3 to an outgoing network, that is, send the data 3 to the server 10c, where the data 3 may include sensitive data corresponding to an initiator (i.e., account information of the user 2 corresponding to the terminal device 10e that creates the data 3), a receiver (i.e., account information of the user 1 that obtains the sensitive outgoing data), and a transmission mode, and the data 3 is used to instruct the outgoing network to send the corresponding sensitive data from an account of the user 2 to an account of the user 1. Before the server 10c packages the data 3 uploaded by the terminal device 10e into the data to be sent out 13, it is also necessary to verify the data to be sent out 11 and the data to be sent out 12 stored in the local cache area 20a, for example, if the data 1 and the data 2 are sensitive original data to be sent out, the server 10c may respectively detect whether the account information of the initiator and the recipient in the data 1 and the data 2 is correct, whether the transmission mode is expired (for example, the expiration of the transmission mode may refer to that the transmission mode has completed the sending out process, or the transmission mode has exceeded the time limit for sending out, etc.), and detect whether the user level of the initiator can support the current sending out service, etc. When the server 10c detects that the account information in the data to be sent out is correct, the transmission mode is not expired, and the user level of the initiator reaches the standard, the verification result of the data to be sent out can be obtained as follows: and (5) passing the verification.
For the outgoing data 11 and the outgoing data 12, the verification result of the server 10c may include the following cases: when both the data to be sent out 11 and the data to be sent out 12 pass the verification, the server 10c may generate the data to be sent out 13 according to the security vector corresponding to the data to be sent out 12 and the received data 3. In other words, when the data tag of the data to be sent out 13 includes the security vector of the data to be sent out 12, it indicates that the server 10c approves the data to be sent out 12 and the data to be sent out 11 (because the data tag of the data to be sent out 12 includes the security vector corresponding to the data to be sent out 11). At this time, the data to be sent out 11 has passed the approval of 3 service servers (i.e. the server 10a, the server 10b and the server 10 c), with a safety factor of 3; the data to be sent out 12 passes the approval of 2 service servers (namely the server 10b and the server 10 c), and the safety factor is 2; the outgoing data 13 passes the approval of 1 service server (i.e., server 10 c), with a security factor of 1.
For example, when the data to be sent out 11 is verified and the data to be sent out 12 is not verified, the server 10c may generate the data to be sent out 13 according to the security vector corresponding to the data to be sent out 11 and the received data 3. In other words, when the data tag of the outgoing data 13 includes the security vector of the outgoing data 11, it indicates that only the outgoing data 11 is approved by the server 10 c. At this time, the data to be sent out 11 has passed the approval of 3 service servers (i.e. the server 10a, the server 10b and the server 10 c), with a safety factor of 3; the data to be sent out 12 passes the approval of 1 service server (namely, the server 10 b), and the safety factor is 1; the outgoing data 13 passes the approval of 1 service server (i.e., server 10 c), with a security factor of 1.
For example, when both the data to be sent out 11 and the data to be sent out 12 are not verified, the server 10c may generate the data to be sent out 13 according to the security vector corresponding to the data to be sent out 10 and the received data 3. At this time, the data to be sent out 11 has already passed the approval of 2 service servers (i.e., the server 10a and the server 10 b), with a security factor of 2; the data to be sent out 12 passes the approval of 1 service server (namely, the server 10 b), and the safety factor is 1; the outgoing data 13 passes the approval of 1 service server (i.e., server 10 c), with a security factor of 1.
After the server 10c generates the data to be outbound 13, likewise, the server 10c may broadcast the data to be outbound 13 to the remaining service servers in the outbound network, and stores the data to be sent out 13 in the local buffer memory, the data to be sent out 11, the data to be sent out 12 and the data to be sent out 13 are all temporarily sent out without formal sending out, and so on, the safety factor of each newly generated data to be sent out can be obtained, when the safety factor of certain data to be sent out reaches the preset safety factor threshold, the data to be sent out can be sent out formally, for example, there are 5 service servers in the sending out network, the preset safety factor threshold is 51%, when the data to be sent out 11 passes the approval of 3 service servers, the data to be sent out 11 can be sent out formally, and the data to be sent out 11 formally can be deleted in the local cache area of each service server. In the verification process, each service server only needs to broadcast the generated data to be sent out to other service servers, so that the broadcast process of the verification result can be avoided, and the verification efficiency can be improved.
Please refer to fig. 1, which is a flowchart illustrating an intelligent management method based on big data information security according to an embodiment of the present application. As shown in fig. 1, the method may include the steps of:
step S101, acquiring to-be-sent-out original data uploaded by a user terminal, and carrying out security detection on to-be-sent-out data stored in an outgoing data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively;
for example, after a user terminal (e.g., the terminal device 10e in the foregoing corresponding embodiment) uploads outgoing original data to an outgoing network, a service server (e.g., the server 10c in the foregoing corresponding embodiment) in the outgoing network may obtain the outgoing original data uploaded by the user terminal. Before packing the original data to be sent out into the data to be sent out, the service server may perform security detection on all the data to be sent out (e.g., the data to be sent out 11 and the data to be sent out 12 in the foregoing corresponding embodiments) stored in the data-to-be-sent-out storage space (e.g., the local cache area 20a in the foregoing corresponding embodiments). The outgoing data storage space is used for storing data to be outgoing which is temporarily not formally outgoing in an outgoing network, that is, data to be outgoing which does not pass verification, the outgoing data storage space may include a target data group to be outgoing, the target data group to be outgoing may include at least one data to be outgoing, in the target data group to be outgoing, different data to be outgoing are generated by different service servers respectively, a data tag of the latter data to be outgoing includes a security vector corresponding to the former data to be outgoing, and a data tag of the first data to be outgoing includes a security vector corresponding to the highest priority target data to be outgoing in the target data group to be outgoing (the data group to be outgoing which is formed by the data to be outgoing which passes verification). It should be understood that the priority of the first data to be sent out in the outgoing data storage space is 1 greater than the priority corresponding to the highest priority target data to be sent out in the target outgoing data group, and the priority of the second data to be sent out is 1 greater than the priority of the first data to be sent out. In other words, in the embodiment of the present application, the priority of the data to be sent out in the outgoing data storage space is started according to the highest priority of the target outgoing data group, and the priority of the data to be sent out is associated with the generation order of the corresponding data to be sent out. As in the corresponding embodiment, since the data tag of the data to be sent out 12 includes the security vector corresponding to the data to be sent out 11, the target data group to be sent out included in the local cache 20a is: the data to be sent out 11-data to be sent out 12, when the highest priority in the target data group to be sent out is a, the priority corresponding to the data to be sent out 11 is a +1, and the priority corresponding to the data to be sent out 12 is a + 2.
The service server in the outgoing network may verify the data to be outgoing stored in the outgoing data storage space according to a verification mechanism, where the verification mechanism includes but is not limited to: proof of Work (PoW), Proof of rights (PoS), mixed Proof of Work and rights (PoW + PoS), Proof of equity authorization (Delegated Proof of stamp, DPoS), Practical bypath fault-tolerant algorithm (PBFT), and rayleigh authentication Protocol (RCP). It should be noted that the security detection refers to a process of verifying the to-be-sent data stored in the outgoing data storage space by the current service server.
It is to be understood that the order of execution of the two method steps of obtaining the original data to be sent out and performing the security check on the data to be sent out is not limited by the order of expression, for example, the two method steps may be executed interchangeably.
It should be understood that, after the user terminal uploads the original data to be sent out to the outgoing network, the internal of the outgoing network may determine the service server that packages the original data to be sent out into new data to be sent out according to a preset service server sequencing order and the service server that generates the previous data to be sent out, where the previous data to be sent out and the new data to be sent out are both data to be sent out. For example, the outgoing network includes 5 service servers in total, and the ordering order of the 5 service servers is: a service server A, a service server B, a service server C, a service server D and a service server E; after the outgoing network receives the original data to be outgoing uploaded by the user terminal, the service server generating new data to be outgoing (the new data to be outgoing is the data to be outgoing storing the original data to be outgoing) can be determined according to the position of the service server generating the last data to be outgoing in the arrangement sequence, and if the service server generating the last data to be outgoing is: the service server A can pack the original data to be sent out into new data to be sent out by the service server B; if the service server for generating the last data to be sent out is: the service server B can pack the original data to be sent out into new data to be sent out by the service server C; by analogy, if the service server generating the last data to be sent out is: the service server E may package the original data to be sent out into new data to be sent out by the service server a. In other words, the service servers can be selected in the service server sorting order in a polling manner to generate new data to be sent out. The service server sorting order can be determined according to the contribution of each service server to the outgoing network, the service servers are sorted according to the contribution amount, and when new original data to be outgoing are received, the service servers can be selected according to the sorting order. For example, if the number of the historical outgoing data generated by the service server a is 10, and the 10 historical data to be outgoing generated by the service server a are all approved by the consistency of the outgoing network, the formal outgoing is finally completed; the number of the historical outgoing data generated by the service server B is also 10, but only 5 pieces of historical data to be outgoing pass the consistency approval of the outgoing network and complete the formal outgoing, which means that the contribution of the service server a to the outgoing network is greater than that of the service server B, and therefore the service server a should be arranged in front of the service server B.
Step S102, if first to-be-sent-out data in at least one to-be-sent-out data passes security detection and the first to-be-sent-out data is to-be-sent-out data with the highest priority in a target to-be-sent-out data group, obtaining a security vector corresponding to the first to-be-sent-out data, generating second to-be-sent-out data according to-be-sent-out original data and the security vector, adding the second to-be-sent-out data to the target to-be-sent-out data group, and obtaining an updated outgoing data storage space;
for example, the service server may sequentially perform security detection on each piece of data to be sent out according to the priority of each piece of data to be sent out in the outgoing data storage space. If the first to-be-sent-out data in the target to-be-sent-out data group passes the security detection, and the first to-be-sent-out data is to-be-sent-out data with the highest priority in the target to-be-sent-out data group, a security vector corresponding to the first to-be-sent-out data can be obtained, the security vector is used as input data of a data tag, the to-be-sent-out original data is used as data main body data to generate second to-be-sent-out data, the second to-be-sent-out data is added to the target to-be-sent-out data group, and the newly generated second to-be-sent-out data is cached in an outgoing data storage space to obtain an updated outgoing data storage space. In other words, if the data to be sent out contained in the target data group to be sent out all passes the security detection, the data to be sent out with the highest priority in the target data group to be sent out is called as the first data to be sent out, the second data to be sent out is generated according to the security vector corresponding to the first data to be sent out and the original data to be sent out uploaded by the user terminal, the updated target data group to be sent out is obtained, and the second data to be sent out is stored in the data sending out storage space. It can be understood that the first data to be sent out and the second data to be sent out both belong to the target data group to be sent out, and the first data to be sent out and the second data to be sent out in the target data group to be sent out are adjacent data to be sent out, that is, the priority of the second data to be sent out is the priority of the first data to be sent out plus 1.
For example, the target outgoing data set is: the method comprises the following steps that data to be sent out 1, data to be sent out 2, data to be sent out 3 and data to be sent out 4 are sent out 4, a service server carries out security detection on the data to be sent out 1, the data to be sent out 2, the data to be sent out 3 and the data to be sent out 4 in sequence, if the data to be sent out 1, the data to be sent out 2, the data to be sent out 3 and the data to be sent out 4 all pass the security detection, a security vector corresponding to the data to be sent out 4 can be obtained (the data to be sent out 4 at the moment is the first data to be sent out), the data to be sent out 5 (namely the second data to be sent out) is generated according to the security vector corresponding to the data to be sent out 4 and the original data to be sent out, and the obtained updated target data to be sent out is: the data to be sent out 1, the data to be sent out 2, the data to be sent out 3, the data to be sent out 4 and the data to be sent out 5, wherein the data to be sent out 5 can be added to an outgoing data storage space for storage, and the updated outgoing data storage space is obtained.
For example, if there is data to be sent out which does not pass the security detection in the target data group to be sent out, and the first data to be sent out is the data to be sent out with the highest priority in the data to be sent out which passes the security detection in the target data group to be sent out, a security vector corresponding to the first data to be sent out is obtained, and second data to be sent out is generated according to the original data to be sent out and the security vector; and all the data to be sent out which pass the security detection in the target data group to be sent out and the second data to be sent out form a new data group to be sent out, and the new data group to be sent out and the target data group to be sent out are determined as an updated data storage space to be sent out. In other words, if the data to be sent out contained in the target data group to be sent out is verified, and if the data to be sent out does not pass the verification, the verification process of the remaining data to be sent out in the data group to be sent out can be stopped, the data to be sent out with the highest priority in the data to be sent out which passes the security detection in the target data group to be sent out is called as the first data to be sent out, and the second data to be sent out is generated according to the first data to be sent out and the original data to be sent out uploaded by the user terminal. According to all the data to be sent out which pass the security detection in the target data group to be sent out and the second data to be sent out, a new data group to be sent out can be constructed, the second data to be sent out is added into the data storage space to be sent out so as to obtain an updated data storage space to be sent out, and the updated data storage space to be sent out also comprises the constructed new data group to be sent out besides the existing target data group to be sent out.
As in the previous example, the target outgoing data set is: the method comprises the steps that data to be sent out 1, data to be sent out 2, data to be sent out 3, data to be sent out 4 are sent out, a service server carries out security detection on the data to be sent out 1, the data to be sent out 2 is detected after the data to be sent out 1 passes verification, the data to be sent out 3 is verified after the data to be sent out 2 passes verification, if the data to be sent out 3 does not pass verification, the security detection process of the data to be sent out 4 can be stopped (a data label of the data to be sent out 4 comprises a security vector corresponding to the data to be sent out 3, when the data to be sent out 3 does not pass security detection, the data to be sent out 4 does not pass security detection, otherwise, when the data to be sent out 4 passes security detection, the data to be sent out 3 also passes security detection, a security vector corresponding to the data to be sent out 2 is obtained (the data to be sent out 2 is the first data to be sent out at the moment), and generating data to be sent out 5 (namely second data to be sent out) according to the safety vector corresponding to the data to be sent out 2 and the original data to be sent out. According to the data to be sent out 1, the data to be sent out 2 and the data to be sent out 5, a new data group to be sent out can be constructed, and the new data group to be sent out is as follows: data to be sent out 1-data to be sent out 2-data to be sent out 5; the outgoing data 5 can be added to the outgoing data storage space to obtain an updated outgoing data storage space.
For example, before generating the second data to be sent out according to the security vector corresponding to the first data to be sent out and the original data to be sent out, the service server may also verify the received original data to be sent out, and package the verified original data to be sent out and the security vector into the second data to be sent out. For example, the verification process is: the service server can obtain a security identifier carried by the original data to be sent out and a security identifier generation algorithm corresponding to the user terminal; processing the safety identification according to a safety identification generation algorithm to obtain first safety characteristic information corresponding to the safety identification; performing MD5 operation on the original data to be sent out according to an MD5 model to obtain second safety feature information corresponding to the original data to be sent out; if the first safety characteristic information is the same as the second safety characteristic information, the to-be-sent original data passes verification, and a data main body is generated according to the to-be-sent original data passing verification; and generating a data label according to the safety vector corresponding to the first data to be sent out, and generating second data to be sent out according to the data label and the data main body. In other words, in order to prevent the original data to be sent out from being maliciously tampered in the transmission process, the user terminal may generate a key pair (including a private key and a security identifier generation algorithm, where the private key is managed by the user terminal itself, and the security identifier generation algorithm may notify all service servers in the outgoing network), and the user terminal may perform MD5 operation on the original data to be sent out by using an MD5 model, generate first security feature information corresponding to the original data to be sent out, and encrypt the first security feature information by using the generated private key, where the encrypted first security feature information is a security identifier corresponding to the original data to be sent out. The method comprises the steps that a user terminal uploads original data to be sent out, which carries a security identifier, to an outgoing network, a service server in the outgoing network can obtain a security identifier generation algorithm corresponding to the user terminal after receiving the original data to be sent out, which carries the security identifier, uploaded by the user terminal, and carries the security identifier, the service server processes the security identifier according to the security identifier generation algorithm to obtain first security feature information corresponding to the security identifier, then MD5 operation is carried out on the original data to be sent out, which is received by the service server, according to an MD5 model (namely, an MD5 model adopted by the user terminal to generate the security identifier), second security feature information corresponding to the received original data to be sent out is obtained, and if the first security feature information is the same as the second security feature information, the original data to be sent out is not tampered in the uploading process, and the authentication is passed; if the first security feature information is different from the second security feature information, it indicates that the original data to be sent out may be tampered in the uploading process, and the verification is not passed.
It should be understood that, before the user terminal uploads the original data to be sent out, the service server in the outgoing network is already notified of the security identifier generation algorithm and the MD5 model used for generating the security identifier, and if the original data to be sent out is tampered during the uploading process and the security identifier received by the service server is not the security identifier originally generated by the user terminal, the service server cannot solve the security identifier when processing the security identifier by using the security identifier generation algorithm corresponding to the user terminal.
After the original data to be sent out passes the verification, the service server may package the security vector corresponding to the first data to be sent out and the original data to be sent out into second data to be sent out, the data tag of the second data to be sent out may include the security vector corresponding to the first data to be sent out, and the data main body of the second data to be sent out may be used to record the original data to be sent out.
Step S103, broadcasting the second data to be sent out in the sending out network, so that the other service servers in the sending out network except the service server generating the second data to be sent out cache the second data to be sent out to the storage space to which the second data to be sent out belong respectively;
for example, after the service server generates the second data to be sent out, the service server may broadcast the second data to be sent out in the outgoing network, that is, send the second data to be sent out to the other service servers in the outgoing network, so that the other service servers in the outgoing network except the service server that generates the second data to be sent out respectively cache the second data to be sent out, and cache the second data to be sent out in the storage spaces to which the second data to be sent out belong. In other words, in the outgoing network, the data to be outgoing generated by any of the service servers needs to be broadcasted in the outgoing network. It can be understood that the cache regions corresponding to the other service servers in the outgoing network have the same function as the outgoing data storage space corresponding to the current service server, and can be used for storing the data to be outgoing generated by all the service servers.
And step S104, updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out with the updated safety factor larger than a preset safety factor threshold value as the data which can be sent out safely.
For example, after the service server adds the generated second to-be-serviced server to the outgoing data storage space, the updated outgoing data storage space may be obtained. The service server can obtain the number of pieces of data to be sent out contained in the updated outgoing data storage space, and then the safety factor of each server to be sent out at the current moment is counted, the data to be sent out, of which the current safety factor is greater than a preset safety factor threshold value, is determined as the data to be sent out, of which the current safety factor is greater than the preset safety factor threshold value, is added to a target outgoing data group, the data to be sent out, of which the current safety factor is greater than the preset safety factor threshold value, is to be sent out formally, the preset safety factor threshold value is related to a verification mechanism adopted in the data group to be sent out, different verification mechanisms can have different preset safety factor threshold values, and the adopted verification mechanism is not limited specifically in the embodiment of the application. For example, the updated outgoing data storage space includes the updated target pending outgoing data set: the data to be sent out 1-data to be sent out 2-data to be sent out 3-data to be sent out 4-data to be sent out 5, because each data to be sent out is generated by different service servers, the safety factor corresponding to the data to be sent out 1 can be obtained through statistics: 5 standard security units; the safety factor corresponding to the outgoing data 2 is as follows: 4 standard security units; the safety factor corresponding to the outgoing data 3 is as follows: 3 standard security units; the safety factor corresponding to the outgoing data 4 is as follows: 2 standard security units; the safety factor corresponding to the outgoing data 5 is as follows: 1 standard security unit. Assuming that the outgoing network comprises 9 service servers altogether, and the preset safety factor threshold is 51% of the number of the service servers, it indicates that the safety factor corresponding to the data to be outgoing 1 exceeds the preset safety factor threshold, that is, the data to be outgoing 1 passes verification, and the data to be outgoing 1 can be added to the target outgoing data group for formal outgoing.
For example, the updated outgoing data storage space includes the target to-be-outgoing data set: data to be sent out 1-data to be sent out 2-data to be sent out 3-data to be sent out 4, and a new data group to be sent out: the data to be sent out 1, the data to be sent out 2 and the data to be sent out 5 can be counted to obtain the safety factor corresponding to the data to be sent out 1 as follows: 5 standard security units; the safety factor corresponding to the outgoing data 2 is as follows: 4 standard security units; the safety factor corresponding to the outgoing data 3 is as follows: 2 standard security units; the safety factor corresponding to the outgoing data 4 is as follows: 1 standard security unit; the safety factor corresponding to the outgoing data 5 is as follows: 1 standard security unit. Assuming that the outgoing network comprises 9 service servers altogether, and the preset safety factor threshold is 51% of the number of the service servers, it indicates that the safety factor corresponding to the data to be outgoing 1 exceeds the preset safety factor threshold, that is, the data to be outgoing 1 passes verification, and the data to be outgoing 1 can be added to the target outgoing data group for formal outgoing.
For example, in the outgoing network, a server identity weight may be further allocated to each service server according to the historical verification record of each service server, and when a verification result of a certain service server for outgoing data in a period of time is consistent with the final verification result of the outgoing data in the outgoing network (that is, when the outgoing data passes verification in the outgoing network, the verification result of the service server for outgoing data is verification pass), the server identity weight of the service server may be set higher, for example, the server identity weight is 1.2; when the verification result that most of the data to be sent out exists in a certain service server within a period of time and the final verification result of the data to be sent out in the outgoing network are inconsistent (namely, when the data to be sent out passes the verification in the outgoing network, the verification result of the service server on the data to be sent out is that the verification fails, or when the data to be sent out does not pass the verification in the outgoing network, the verification result of the service server on the data to be sent out is that the verification passes), the server identity weight of the service server can be set to be lower, for example, the server identity weight is 0.8, and the like. After each service server is provided with the corresponding server identity weight, the server can acquire the number of pieces of data of the data to be sent out contained in the updated outgoing data storage space, determine the service server corresponding to each piece of data to be sent out in the updated outgoing data storage space, and acquire the server identity weight matched with the service server; updating the safety coefficient corresponding to each data to be sent out in the updated outgoing data storage space according to the number of the data to be sent out contained in the updated outgoing data storage space and the server identity weight; determining the to-be-sent data with the updated safety factor larger than the preset safety factor threshold value as safe-to-be-sent data, and adding the to-be-sent data in the safe-to-be-sent data to the target sending-out data group; the target outgoing data group is used for storing all the data to be outgoing which pass the verification. In other words, after each service server sets the corresponding server identity weight, the security coefficient corresponding to the data to be sent out is related to not only the number of data pieces of the service server confirming that the data to be sent out is legal, but also the server identity weight of the service server confirming that the data to be sent out is legal. For example, the updated outgoing data storage space includes the target to-be-outgoing data set: data to be sent out 1-data to be sent out 2-data to be sent out 3; the data to be sent out 1 is generated by a service server A, and the server identity weight corresponding to the service server A is 1.2; the data to be sent out 2 is generated by a service server B, and the server identity weight corresponding to the service server B is 1.0; the data to be sent out 3 is generated by a service server C, and the server identity weight corresponding to the service server C is 0.8; the current safety factor of the data to be sent out 1 can be obtained by statistics as follows: 1.2 × 1+1.0 × 1+0.8 × 1=3 standard security units.
When the service server adds the data to be sent out which passes the verification to the target data group to be sent out for formal sending out, the service server can obtain the current priority corresponding to the data to be sent out which can safely send out the data; if the current priority and the priority corresponding to the target data to be sent out with the highest priority in the target data group to be sent out are in the preset priority range, adding the data to be sent out which can be safely sent out to the target data group to be sent out; and if the current priority and the priority corresponding to the target to-be-sent-out data with the highest priority in the target outgoing data group are in a non-preset priority range, updating the priority of the to-be-sent-out data in the safe outgoing data, and adding the updated to-be-sent-out data in the safe outgoing data to the target outgoing data group. In the verification process, there may be a case that the data to be sent out cannot be verified, for example, the data to be sent out 1 cannot be verified to be consistent with the service servers in the outgoing network, and the data to be sent out 2 is verified in the outgoing network (the time for generating the data to be sent out 2 is later than the time for generating the data to be sent out 1 by default), so that the data to be sent out 2 can be sent out formally. If the data label of the data to be sent out 2 contains the security vector corresponding to the target data to be sent out with the highest priority in the target data group to be sent out, the data to be sent out 2 can be directly added to the target data group to be sent out for formal sending out; if the data tag of the data to be sent out 2 does not contain the security vector corresponding to the target data to be sent out with the highest priority in the target data group to be sent out (for example, if the data tag of the data to be sent out 2 contains the security vector corresponding to the data to be sent out 1), the priority of the data to be sent out 2 needs to be updated, that is, the original security vector in the data tag of the data to be sent out 2 is updated to the security vector corresponding to the target data to be sent out with the highest priority in the target data group to be sent out, and the updated data to be sent out 2 is added to the target data group to be sent out for formal sending out. After the data to be sent out 2 completes the formal sending out process, the data to be sent out can be deleted from the sending out data storage space of each service server.
It should be understood that after the other service servers in the outbound network receive the second data to be outbound broadcast by the current service server and cache the second data to be outbound to the storage space to which the second data to be outbound belongs, the other service servers may verify the second data to be outbound, generate new data to be outbound according to the verification result, and count the security coefficients corresponding to each data to be outbound in the cache region. Taking the next service server as an example, if the next service server passes the verification of the second data to be sent out, the third data to be sent out can be generated according to the security vector of the second data to be sent out and the received data; if the next service server does not pass the verification of the second data to be sent out, generating third data to be sent out according to the received data and the security vector corresponding to the highest data to be sent out which passes the verification (namely, the data to be sent out which has the highest priority in the verified data to be sent out), wherein the security vector corresponds to the highest data to be sent out which passes the verification; and then, an updated cache region can be obtained according to the third data to be sent out, and the safety factor corresponding to each data to be sent out in the updated cache region is counted, and the implementation process is the same as the steps S101 to S104.
The embodiment of the application also provides an example of verification of the to-be-sent data group. Each service server has the same data group to be sent out, namely a target data group to be sent out 30a, all data to be sent out (such as data to be sent out 1, data to be sent out 2 and data to be sent out 3, the data to be sent out 3 is the data to be sent out with the highest priority in the target data group to be sent out 30 a) contained in the target data group to be sent out 30a are the data to be sent out which pass the verification, and the data recorded in each data to be sent out are all different. In the outgoing network, the data to be outgoing generated by each service server needs to be broadcast in the whole network, that is, the cache area of each service server can store the data to be outgoing generated by all the service servers (the data to be outgoing which has not passed the verification temporarily), and the generated data to be outgoing can be verified according to the sequence from the service server 1 to the service server 7 in the verification process. For example, the outgoing data storage space 30c corresponding to the service server 4 may include: the data to be sent out 4 generated by the service server 1, the data to be sent out 5 generated by the service server 2, and the data to be sent out 6 generated by the service server 3 (the data to be sent out 4, the data to be sent out 5, and the data to be sent out 6 are all data to be sent out that have not passed verification temporarily), because the data tag of the data to be sent out 5 contains the security vector corresponding to the data to be sent out 4, and the data tag of the data to be sent out 6 contains the security vector corresponding to the data to be sent out 5, the data to be sent out 4, the data to be sent out 5, and the data to be sent out 6 can be regarded as a data group to be sent out, which can be referred to as a target data group to be sent out 30 b. When the service server 4 receives the data 7 uploaded by the user terminal 1, the service server 4 may sequentially verify the data to be sent out contained in the target data group to be sent out 30b, if the data to be sent out 4, the data to be sent out 5 and the data to be sent out 6 all pass the verification, that is, all the data to be sent out contained in the target data group to be sent out 30b all pass the verification, the security vector corresponding to the data to be sent out 6 and the data 7 uploaded by the user terminal 1 may be packed into the data to be sent out 7, and the data to be sent out 7 is added to the data storage space to be sent out 30c, and the target data group to be sent out 30b at this time is updated as follows: data to be sent out 4-data to be sent out 5-data to be sent out 6-data to be sent out 7. The service server 4 may count the safety factor corresponding to each data to be sent out according to the updated target data group to be sent out 30b, and the statistical result is as follows: the safety factor corresponding to the data to be sent out 4 is 4 standard safety units, the safety factor corresponding to the data to be sent out 5 is 3 standard safety units, the safety factor corresponding to the data to be sent out 6 is 2 standard safety units, and the safety factor corresponding to the data to be sent out 7 is 1 standard safety unit. If more than 51% of the service servers in the outgoing network approve a certain data to be outgoing, the data to be outgoing is verified, so that the data 4 to be outgoing can be determined to pass the verification, the data 4 to be outgoing can be added to the target outgoing data group 30a for formal outgoing, and the data label of the data 4 to be outgoing contains the security vector corresponding to the data 3 to be outgoing.
It should be understood that, when the data tag of the to-be-sent-out data generated by the service server includes a security vector corresponding to another to-be-sent-out data, it indicates that the service server verifies all data recorded in the another to-be-sent-out data.
For example, if the service server 4 verifies the data to be sent out included in the target data group to be sent out 30b, only the data to be sent out 4 passes the verification, and neither the data to be sent out 5 nor the data to be sent out 6 passes the verification, the security vector corresponding to the data to be sent out 4 nor the data 7 uploaded by the user terminal 1 may be packaged into the data to be sent out 7, and the data to be sent out 7 is added to the data storage space 30c, where the data storage space 30c may include not only the original target data group to be sent out 30 b: the data to be sent out 4-data to be sent out 5-data to be sent out 6-data to be sent out 7, and may further include a new data group to be sent out 30 d: outgoing data 4-outgoing data 7. The service server 4 may count the security factor corresponding to each data to be sent out according to the target data group to be sent out 30b and the new data group to be sent out 30d, and the statistical result is as follows: the safety factor corresponding to the data to be sent out 4 is 4 standard safety units, the safety factor corresponding to the data to be sent out 5 is 2 standard safety units, the safety factor corresponding to the data to be sent out 6 is 3 standard safety units, and the safety factor corresponding to the data to be sent out 7 is 1 standard safety unit. Therefore, it can be determined that the data to be sent out 4 passes the verification, and then the data to be sent out 4 can be added to the target data group to be sent out 30a for formal sending out, and the data tag of the data to be sent out 4 includes the security vector corresponding to the data to be sent out 3.
In this embodiment, for each service server in the outbound network, the generated data to be outbound may be broadcast to other service servers in the outbound network for caching, the next service server may verify all the data to be outbound locally cached after receiving the original data to be outbound, and select the data to be outbound with the highest priority from all the data to be outbound that pass the verification as the first data to be outbound, and generate new data to be outbound (the second data to be outbound) according to the security vector corresponding to the first data to be outbound and the received original data to be outbound, that is, determine the data to be outbound that the service server passes the verification according to the security vector included in the data to be outbound newly generated by the service server, for example, the new data to be outbound generated by the service server includes the security vector of the data to be outbound 3, the service server can be determined to pass the data to be sent out 3, the data to be sent out corresponding to the safety vector contained in the data to be sent out 3 and the like; according to the number of the cached data to be sent out and the safety vector contained in each data to be sent out, the safety factor corresponding to each data to be sent out is determined, the service server can be prevented from broadcasting the verification result of the data to be sent out, the number of messages for broadcasting the verification result can be further reduced, and therefore the verification efficiency is improved.
The embodiment of the application provides another example of an intelligent management method based on big data information security. The method may comprise the steps of:
step S201, acquiring to-be-sent-out original data uploaded by a user terminal, acquiring a plurality of to-be-sent-out data groups from an outgoing data storage space, and acquiring initial outgoing data numbers corresponding to the plurality of to-be-sent-out data groups respectively;
for example, after receiving the original data to be sent out uploaded by the user terminal, the service server may obtain all the data to be sent out stored in the data storage space to be sent out, and determine the chain relationship among all the data to be sent out according to the security vector included in the data tag of each data to be sent out, that is, determine how many data groups to be sent out exist in the data storage space to be sent out, and the number of pieces of data to be sent out included in each data group to be sent out, which may also be referred to as the number of pieces of initial data to be sent out corresponding to each data group to be sent out. Different data to be sent out certainly exist in different data groups to be sent out, but the data to be sent out may contain the same data to be sent out, for example, the data group to be sent out 1 may be: data to be sent out 1-data to be sent out 2-data to be sent out 3, the data group to be sent out 2 may be: data to be sent out 1, data to be sent out 2, data to be sent out 4 and data to be sent out 5.
Step S202, a plurality of data groups to be sent out are sequenced according to the number of the initial data groups to be sent out, and safety detection is sequentially carried out on the data to be sent out contained in each data group to be sent out according to the sequencing sequence of each data group to be sent out;
for example, the service server may sort all the data sets to be sent out included in the data storage space according to the number of the initial data sets to be sent out corresponding to each data set to be sent out, that is, sort all the data sets to be sent out according to the order from the large number to the small number of the initial data sets to be sent out, and the service server may sequentially perform security detection on the data to be sent out included in each data set to be sent out according to the sort order. In other words, the service server may preferentially perform security detection on the data group to be sent out with the largest number of initial data pieces to be sent out, and if all the data to be sent out in the data group to be sent out with the largest number of initial data pieces to be sent out pass the security detection, the service server may stop the verification operation on the remaining data groups to be sent out; if the data to be sent out in the data group to be sent out with the largest number of initial data to be sent out does not pass the security detection, the security detection is continuously carried out on the data group to be sent out arranged behind, and by analogy, the security detection process of the data to be sent out in the data storage space can be completed.
It should be noted that the more the number of the initial outgoing data corresponding to the outgoing data group, the more the service servers in the outgoing network that approve the outgoing data group, the higher the possibility that the outgoing data group passes the security detection, so that the service server can preferentially verify the outgoing data group with the largest number of the initial outgoing data groups, the time for verifying the outgoing data can be reduced, and the resources can be saved. For a plurality of data groups to be sent out in the outgoing data storage space, if the service server verifies that a certain data group to be sent out passes (that is, all data to be sent out included in the data group to be sent out passes), the service server inevitably fails to verify the verification result of the rest data groups to be sent out (that is, each rest data group to be sent out inevitably has data to be sent out which fails to verify). Therefore, when the data group to be sent out with the largest number of initial data pieces to be sent out passes the security detection, the verification operation on the remaining data groups to be sent out can be stopped.
Step S203, if there is a target data group to be sent out, in which the data to be sent out all pass the security detection, in the multiple data groups to be sent out, the data to be sent out with the highest priority in the target data group to be sent out is used as the first data to be sent out, and a security vector corresponding to the first data to be sent out is obtained.
For example, after the service server performs security detection on the to-be-outgoing data stored in the to-be-outgoing data storage space, if there is a to-be-outgoing data group in the multiple to-be-outgoing data groups in which all the to-be-outgoing data passes verification, the to-be-outgoing data group may be referred to as a target to-be-outgoing data group, and then the to-be-outgoing data having the highest priority in the target to-be-outgoing data group may be used as the first to-be-outgoing data, and a security vector corresponding to the first to-be-outgoing data is obtained. For example, the outgoing data storage space includes 3 data sets to be outgoing, which are data set 1 to be outgoing (data 1 to be outgoing-data 2-data 3 to be outgoing), data set 2 to be outgoing (data 1 to be outgoing-data 2-data 5 to be outgoing), and data set 3 to be outgoing (data 1 to be outgoing-data 4), and if the data 1 to be outgoing, the data 2 to be outgoing, and the data 3 to be outgoing, which are included in the data set 1 to be outgoing, all pass security detection, the data set 1 to be outgoing may be referred to as a target data set to be outgoing, and a security vector corresponding to the data 3 to be outgoing in the data set 1 to be outgoing is acquired.
Step S204, generating second data to be sent out according to the original data to be sent out and the safety vector, adding the second data to be sent out to a target data group to be sent out, and determining the updated target data group to be sent out and the rest data groups to be sent out as an updated data storage space to be sent out;
for example, after acquiring the security vector corresponding to the first data to be sent out, the service server may generate second data to be sent out according to the original data to be sent out and the security vector uploaded by the user terminal, where the security vector may be used as input data of a data tag of the second data to be sent out, and the original data to be sent out is data recorded by a data main body of the second data to be sent out. And adding the second data to be sent out to the data sending out storage space for storage, namely adding the second data to be sent out to the target data set to be sent out to obtain an updated target data set to be sent out. As in the foregoing example, the data to be sent out 6 (i.e., the second data to be sent out) may be generated according to the security vector corresponding to the original data to be sent out and the data to be sent out 3, and the data to be sent out 6 is added to the data storage space to be sent out for storage, where the data storage space to be sent out includes the updated data group to be sent out 1 (data to be sent out 1-data to be sent out 2-data to be sent out 3-data to be sent out 6), the data group to be sent out 2 (data to be sent out 1-data to be sent out 2-data to be sent out 5) and the data group to be sent out 3 (data to be sent out 1-data to be sent out 4). After receiving the to-be-sent original data uploaded by the user terminal, the service server may verify the to-be-sent original data, and after the verification passes, may package the to-be-sent original data that passes the verification and the security vector corresponding to the to-be-sent data 3 into to-be-sent data 6.
Step S205, if there are data to be sent out which do not pass the security detection in the multiple data groups to be sent out, respectively counting the number of target data of the data to be sent out which pass the security detection in each data group to be sent out, and determining the data group to be sent out with the highest number of target data as the target data group to be sent out;
for example, if there is data to be sent out that does not pass the security detection in all data groups to be sent out in the data storage space to be sent out, that is, all data groups to be sent out do not pass the security detection, the number of target data of the data to be sent out that passes the security detection in each data group to be sent out may be counted respectively, and the data group to be sent out that has the highest number of target data may be determined as the target data group to be sent out. For example, the 3 data sets to be sent out in the outgoing data storage space are respectively: the data group to be sent out 1 comprises 4 data to be sent out, and the number of target data of the data to be sent out through security detection is 3; the data group to be sent out 2 comprises 4 data to be sent out, and the number of target data of the data to be sent out through security detection is 2; the data group to be sent out 3 comprises 2 data to be sent out, and the number of target data of the data to be sent out through security detection is 0. The service server may determine the pending outgoing data set 1 as the target pending outgoing data set.
When the number of target data of the data to be sent out, which passes the security detection, in the multiple data groups to be sent out is equal, it is indicated that the data to be sent out, which passes the security detection, in the multiple data groups to be sent out, which have the same number of target data, is the same, and one data group to be sent out can be randomly selected from the multiple data groups to be sent out, which have the same number of target data, as the target data group to be sent out.
Step S206, acquiring the data to be sent out with the highest priority as the first data to be sent out from the data to be sent out which passes the security detection and is contained in the target data group to be sent out, and acquiring a security vector corresponding to the first data to be sent out;
for example, the service server may select the data group to be sent out with the highest priority as the first data to be sent out from all the data to be sent out that pass the security detection in the target data group to be sent out, and obtain the security vector corresponding to the first data to be sent out. For example, the target outgoing data set is: the method comprises the following steps that data to be sent out A, data to be sent out B, data to be sent out C, data to be sent out D and data to be sent out E are sent out, and if the data to be sent out in a target data group to be sent out through security detection are as follows: and taking the data to be sent out C as the first data to be sent out and acquiring a safety vector corresponding to the data to be sent out C.
Step S207, generating second data to be sent out according to the original data to be sent out and the safety vector, and forming a new data group to be sent out by all the data to be sent out which pass the safety detection in the target data group to be sent out and the second data to be sent out;
for example, the service server may package the security vector corresponding to the first data to be sent out and the original data to be sent out uploaded by the user terminal into second data to be sent out, and form a new data group to be sent out by using the data to be sent out, which is to be sent out and passes through the security detection in the target data group to be sent out, and the generated second data to be sent out. As shown in the foregoing example, the data to be sent out detected by security in the target data group to be sent out is: the data label of the second data to be sent out contains the safety vector corresponding to the data to be sent out C, so that the data to be sent out A, the data to be sent out B, the data to be sent out C and the second data to be sent out can form a new data group to be sent out: data to be sent out A, data to be sent out B, data to be sent out C and second data to be sent out. The service server may verify the received original data to be sent out, and package the verified original data to be sent out and the security vector corresponding to the data to be sent out C into the second data to be sent out after the verification is passed, for example, the verification process may refer to the description of step S102 in the embodiment corresponding to fig. 1, which is not described herein again. The service server needs to broadcast the generated second data to be sent out in the outgoing network, that is, the second data to be sent out is sent to the other service servers in the outgoing network, so that the other service servers can cache the second data to be sent out.
Step S208, determining a new data group to be sent out and a plurality of data groups to be sent out as an updated data storage space to be sent out;
for example, the service server may add the newly generated second data to be sent out to the outgoing data storage space for caching, where the outgoing data storage space at this time includes the constructed new data group to be sent out in addition to the previous multiple data groups to be sent out. In other words, the second outgoing data to be sent is added to the outgoing data storage space, so that the updated outgoing data storage space can be obtained.
Step S209, updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, whose updated safety factor is greater than the preset safety factor threshold, as the data that can be sent out safely.
For example, if the second data to be sent out is added to the target data group to be sent out to obtain an updated target data group to be sent out, the number of pieces of data to be sent out corresponding to the updated target data group to be sent out and the remaining data groups to be sent out respectively can be obtained from the updated data storage space to be sent out, and the occurrence frequency of each piece of data to be sent out in the updated target data group to be sent out and the remaining data groups to be sent out is respectively counted; and according to the number and the occurrence frequency of outgoing data, re-counting the safety factor corresponding to each data to be outgoing in the updated outgoing data storage space, determining the data to be outgoing with the updated safety factor larger than a preset safety factor threshold value as the data capable of being safely outgoing, and adding the data to be outgoing in the data capable of being safely outgoing to the target outgoing data group. For example, the updated target outgoing data set is: the data to be sent out 1, the data to be sent out 2, the data to be sent out 3, the data to be sent out 6 and the rest data groups to be sent out are respectively as follows: data to be sent out 1-data to be sent out 2-data to be sent out 5, data to be sent out 1-data to be sent out 4; the safety factor corresponding to each data to be sent out is related to the priority of each data to be sent out in the data group to be sent out and the number of data to be sent out of the data group to be sent out, if the data 1 to be sent out exists in 3 data groups to be sent out (namely the frequency of occurrence of the data 1 to be sent out in each data group to be sent out is 3 times), and the data 1 to be sent out is the first data to be sent out in the 3 data groups to be sent out, the safety factor corresponding to the data 1 to be sent out is: subtracting the repeated number of the outgoing data from the sum of the number of the outgoing data of the 3 data groups to be outgoing, namely 4+3+2-2-1= 6; data 2 to be sent out exist in 2 data sets to be sent out (that is, the frequency of occurrence of data 2 to be sent out in each data set to be sent out is 2 times), and data 2 to be sent out is not the first data to be sent out in 2 data sets to be sent out, and then the corresponding factor of safety of data 2 to be sent out is: the priority in the 2 data groups to be sent out is greater than or equal to the number of data sent out of the data group to be sent out 2, and the number of repeated data sent out is subtracted, namely 3+2-1= 4.
For example, if the second data to be sent out and the data to be sent out, which is detected by the security in the target data group to be sent out, form a new data group to be sent out, the security factor corresponding to each data to be sent out in the data storage space to be sent out is re-counted according to the original multiple data groups to be sent out and the new data group to be sent out, and the specific statistical manner is described above.
For example, the service server may compare the currently counted security factor with a preset security factor threshold, and if the security factor is greater than the preset security factor threshold, determine the data to be sent out that has the security factor greater than the preset security factor threshold as the data that can be sent out safely, and add the data to be sent out that is in the data that can be sent out safely to the target data group that is sent out. Certainly, before the data to be sent out in the safe data to be sent out is added to the target data group to be sent out, whether the priority of the data to be sent out in the safe data to be sent out is in a preset priority range relation with the priority corresponding to the target data to be sent out with the highest priority in the target data group to be sent out needs to be judged, if yes, the data to be sent out is directly added to the target data group to be sent out for formal sending out; if the relation is not in the preset priority level range, updating the priority of the data to be sent out which is in the safe data to be sent out, and adding the updated data to be sent out which is in the safe data to be sent out to the target data group to be sent out.
The embodiment of the application provides another example of an intelligent management scene based on big data information security. The scenario may include: each service server has the same data group to be sent out, namely a target data group to be sent out 40a, all data to be sent out (such as data to be sent out 1, data to be sent out 2 and data to be sent out 3, the data to be sent out 3 is the data to be sent out with the highest priority in the target data group to be sent out 40 a) contained in the target data group to be sent out 40a are the data to be sent out which pass the verification, and the data recorded in each data to be sent out are all different. In the outgoing network, the data to be outgoing generated by each service server needs to be broadcast in the whole network, that is, the cache area of each service server can store the data to be outgoing generated by all the service servers (the data to be outgoing which has not passed the verification temporarily), and the generated data to be outgoing can be verified according to the sequence from the service server 1 to the service server 7 in the verification process.
For example, the outgoing data storage space 40b corresponding to the service server 6 may include: the data to be sent out 4 generated by the service server 1, the data to be sent out 5 generated by the service server 2, the data to be sent out 6 generated by the service server 3, the data to be sent out 7 generated by the service server 4 and the data to be sent out 8 generated by the service server 5 (the data to be sent out 4 to the data to be sent out 8 are the data to be sent out which are not verified temporarily), and the data label of the data to be sent out 6 contains the security vector corresponding to the data to be sent out 4, so that the data to be sent out 4 and the data to be sent out 6 can be regarded as a data group to be sent out, which is called a data group to be sent out 40 c; the data tag of the data to be sent out 7 includes the security vector corresponding to the data to be sent out 5, and the data tag of the data to be sent out 8 includes the security vector corresponding to the data to be sent out 7, so that the data to be sent out 5, the data to be sent out 7, and the data to be sent out 8 can be regarded as a data group to be sent out, which is called a data group to be sent out 40 d.
When the service server 6 receives the data 9 uploaded by the user terminal 2, the service server 6 may verify the data to be sent out stored in the data sending-out storage space 40b, and specifically, the verification order of the data sets to be sent out may be determined by the number of the data sets to be sent out, that is, the service server 6 may preferentially verify the data to be sent out in the data sets to be sent out 40 d. If the data to be sent out 5, the data to be sent out 7 and the data to be sent out 8 are all verified, that is, all the data to be sent out contained in the data group to be sent out 40d are verified, the data to be sent out contained in the data group to be sent out 40c does not need to be verified again, the security vector corresponding to the data to be sent out 8 and the data 9 uploaded by the user terminal 2 are directly packaged into the data to be sent out 9, the data to be sent out 9 is added into the data storage space to be sent out 40b, and the data group to be sent out 40d is updated as follows: outgoing data 5-outgoing data 7-outgoing data 8-outgoing data 9, while outgoing data set 40c remains unchanged. The service server 6 may count the security factor corresponding to each data to be sent out according to the updated data group to be sent out 40d and the data group to be sent out 40c, and the statistical result is as follows: the safety factor corresponding to the data to be sent out 4 is 2 standard safety units, the safety factor corresponding to the data to be sent out 5 is 4 standard safety units, the safety factor corresponding to the data to be sent out 6 is 1 standard safety unit, the safety factor corresponding to the data to be sent out 7 is 3 standard safety units, the safety factor corresponding to the data to be sent out 8 is 2 standard safety units, and the safety factor corresponding to the data to be sent out 9 is 1 standard safety unit.
If more than 51% of the service servers in the outgoing network approve a certain data to be outgoing, the data to be outgoing is verified, so that the data 5 to be outgoing can be determined to pass the verification, the data 5 to be outgoing can be added to the target outgoing data group 40a for formal outgoing, and the data label of the data 5 to be outgoing should contain the security vector corresponding to the data 3 to be outgoing. Of course, at this time, the verification result of the data to be sent out 4 in the outgoing network may also be determined as follows: if the verification fails (even if the security detection result of the subsequent service server 7 on the data to be sent out 4 is passed, the security factor of the data to be sent out 4 still cannot exceed 51%, and thus it can be determined that the verification result of the data to be sent out 4 is failed), the service server 6 may empty the data 4 recorded in the data to be sent out 4, or delete the data to be sent out 4 from the data storage space 40b, which is not limited herein.
It should be understood that, when the data tag of the to-be-sent-out data generated by the service server includes a security vector corresponding to another to-be-sent-out data, it indicates that the service server verifies all data recorded in the another to-be-sent-out data.
For example, if the data group to be sent out 40d fails the verification of the service server 6 (that is, there is data to be sent out that fails the verification in the data group to be sent out 40 d), the service server 6 may verify the data group to be sent out 40c, and when the data group to be sent out 40c passes the verification, the security vector corresponding to the data to be sent out 6 and the data 9 uploaded by the user terminal 2 may be packaged into the data to be sent out 9, and the data to be sent out 9 is added to the data storage space to be sent out 40b, and the data group to be sent out 40c at this time is updated as: outgoing data 4-outgoing data 6-outgoing data 9, while outgoing data set 40d remains unchanged. And according to the same statistical manner, counting the safety factor corresponding to each to-be-sent data in the updated outgoing data storage space 40 b. Of course, if both the to-be-sent-out data group 40d and the to-be-sent-out data group 40c do not pass the verification of the service server 6, a new to-be-sent-out data group may be constructed, and the specific construction process may refer to step S205 to step S208 in the above corresponding embodiment, which is not described herein again.
In this embodiment, for each service server in the outbound network, the generated data to be outbound may be broadcast to other service servers in the outbound network for caching, the next service server may verify all the data to be outbound locally cached after receiving the original data to be outbound, and select the data to be outbound with the highest priority from all the data to be outbound that pass the verification as the first data to be outbound, and generate new data to be outbound (the second data to be outbound) according to the security vector corresponding to the first data to be outbound and the received original data to be outbound, that is, determine the data to be outbound that the service server passes the verification according to the security vector included in the data to be outbound newly generated by the service server, for example, the new data to be outbound generated by the service server includes the security vector of the data to be outbound 3, the service server can be determined to pass the data to be sent out 3, the data to be sent out corresponding to the safety vector contained in the data to be sent out 3 and the like; according to the number of the cached data to be sent out and the safety vector contained in each data to be sent out, the safety factor corresponding to each data to be sent out is determined, the service server can be prevented from broadcasting the verification result of the data to be sent out, the number of messages for broadcasting the verification result can be further reduced, and therefore the verification efficiency is improved.
For example, on the basis of the above description, the following steps may also be included.
Step S110, acquiring safe outgoing data obtained by carrying out safety detection on to-be-outgoing original data uploaded by a user terminal, and after acquiring abnormal disturbance request data in the process of distributing the safe outgoing data, analyzing the abnormal disturbance request data to obtain an abnormal disturbance intention.
In this embodiment, after security detection is performed on to-be-sent original data uploaded by a user terminal to obtain safe outgoing data, corresponding distribution operation may be performed, however, the inventor finds that there is a safety risk that abnormal disturbance currently existing in a distribution operation process, that is, abnormal disturbance in a distribution process after passing the security detection may not be detected in time, and therefore after obtaining abnormal disturbance request data in the process of distributing the safe outgoing data, the abnormal disturbance request data needs to be analyzed to obtain an abnormal disturbance intention. Wherein the anomalous perturbation intent may include a plurality of related intent components, each intent component may be used to characterize a targeted request field.
And step S120, when the abnormal disturbance intention is associated with the safely outgoing data, stopping distributing the safely outgoing data.
In this embodiment, if the abnormal disturbance intention is associated with the safely outgoing data, the request field for identifying each intention component is associated with a data header field in the safely outgoing data, and at this time, in order to ensure information safety, it is necessary to stop the distribution operation on the safely outgoing data in time.
Therefore, based on the above steps, in the embodiment, after the abnormal disturbance request data is obtained in the process of distributing the safely outgoing data, the abnormal disturbance intention is obtained by analyzing the abnormal disturbance request data, and when the abnormal disturbance intention is associated with the safely outgoing data, the distribution operation of the safely outgoing data is stopped, so that the information safety can be effectively ensured.
In step S110, in the process of analyzing the abnormal disturbance request data to obtain an abnormal disturbance intention, for example, the abnormal disturbance request data may be configured in an abnormal disturbance intention prediction network to generate an abnormal disturbance intention of the abnormal disturbance request data;
the training steps of the abnormal disturbance intention prediction network are as follows, that is, the embodiment of the application provides an abnormal disturbance intention prediction method based on artificial intelligence, and the method comprises the following steps:
step W10, obtaining a teacher AI training unit and a student AI training unit, wherein the teacher AI training unit and the student AI training unit have a data transfer node, at least three intention vector extraction nodes and a prediction node, and an intention target domain range of the intention vector extraction node in the teacher AI training unit is larger than an intention target domain range of the intention vector extraction node in the student AI training unit, one or at least two of the at least three intention vector extraction nodes (at least one intention vector extraction node) in the teacher AI training unit are configured as teacher extraction nodes, one or at least two of the at least three intention vector extraction nodes (at least one intention vector extraction node) in the student AI training unit are configured as student extraction nodes, the AI training unit further has a vector compression node in connection with the teacher extraction node, the student AI training unit is also provided with a vector extension node which is connected with the student extraction node;
step W20, acquiring reference abnormal disturbance request data, configuring the reference abnormal disturbance request data into a teacher AI training unit, generating teacher intention vectors in teacher extraction nodes, configuring the reference abnormal disturbance request data into a student AI training unit, and generating student intention vectors in student extraction nodes;
step W30, a teacher intention vector is configured in a vector compression node to obtain a first intention vector, a student intention vector is configured in a vector expansion node to obtain a second intention vector, wherein the first intention vector is consistent with the intention target domain range in the second intention vector;
step W40, determining a first cost coefficient based on the first intention vector and the second intention vector, optimizing extraction weight information in the student extraction node based on the first cost coefficient, and obtaining a student AI training unit after teaching;
and step W50, configuring the reference abnormal disturbance request data into a student AI training unit after teaching to generate a target learning abnormal intention, determining a second cost coefficient based on the target learning abnormal intention and the actual abnormal intention of the reference abnormal disturbance request data, optimizing extraction weight information in the student AI training unit according to the second cost coefficient, and obtaining an abnormal disturbance intention prediction network to perform abnormal disturbance intention prediction based on the abnormal disturbance intention prediction network.
Based on the above steps, the teacher AI training unit provided in this embodiment may have a relatively large scope of the intention target domain in the intention vector extraction node, so that the teacher AI training unit may have a better feature learning capability, then the reference abnormal disturbance request data is input into the teacher AI training unit and the student AI training unit, respectively, the teacher extraction node generates the teacher intention vector in the teacher AI training unit, and the student extraction node generates the student intention vector in the student AI training unit, the teacher intention vector is compressed and the student intention vector is expanded so that the obtained intention target domain ranges of the first intention vector and the second intention vector are consistent, thereby realizing the calculation of the first cost coefficient, and the extraction weight information in the student extraction node is optimized according to the first cost coefficient, so that the student extraction node performs reference learning to the teacher extraction node, the learning efficiency and the learning performance of the student AI training unit are improved; in addition, the range of the intention target domain of the intention vector extraction node of the student AI training unit is relatively small, and the abnormal disturbance intention prediction efficiency can be improved by taking the trained student AI training unit as an abnormal disturbance intention prediction network.
Configuring the teacher intent vector into a vector compression node to obtain a first intent vector comprises:
step W301, configuring the teacher intention vector into a vector compression node, and obtaining the support degree of each intention extraction target domain related to the teacher intention vector;
step W302, sorting the order of the intention extraction target domains according to the descending order of the associated support degrees of the intention extraction target domains to obtain an intention vector list;
step W303, selecting at least N final intention extraction target domains from the intention vector list to form a dimension reduction intention vector;
step W304, selecting a part of intention extraction target domains from the dimension reduction intention vectors based on a set strategy to form a noise intention vector;
step W305, the teacher intention vector and the noise intention vector are divided to obtain a first intention vector.
For example, while the extraction weight information in the student extraction node is optimized, the extraction weight information in the vector extension node is optimized. For example, after determining the first cost factor based on the first intention vector and the second intention vector, further comprising: and optimizing the extraction weight information in the vector expansion node based on the first cost coefficient. That is, the weight information in the vector expansion node is optimized based on the direction in which the first cost factor decreases.
In step W40, a first cost factor is determined based on the first intention vector and the second intention vector, and the student AI training unit is optimized according to the first cost factor, thereby obtaining a student AI training unit after teaching.
In an embodiment that may be based on an independent concept, an embodiment of the present application further provides a security protection configuration method based on an abnormal disturbance source, including the following steps.
Step R110, obtaining an abnormal disturbance source associated with an abnormal disturbance intention associated with each piece of safely outgoing data;
and step R120, based on the abnormal disturbance source, performing security protection configuration on the service distribution channel associated with the safely outgoing data.
In an embodiment that may be based on an independent concept, an embodiment of the present application further provides a security protection configuration method based on an abnormal disturbance source, including the following steps.
And step Q110, acquiring a historical attack behavior vector associated with the abnormal disturbance source, wherein the historical attack behavior vector is obtained by carrying out attack event mining on the attack event of the abnormal disturbance source.
And step Q120, based on the target type clustering strategy of the abnormal disturbance source, adding the historical attack behavior vector associated with the abnormal disturbance source matched with the same clustering label to an attack behavior vector cluster.
Step Q130, a first preset security protection configuration instruction set of the clustered label and a second preset security protection configuration instruction set of each historical attack behavior vector in the attack behavior vector cluster associated with the clustered label are obtained.
And step Q140, carrying out linkage protection instruction set mining on a first preset safety protection configuration instruction set and a second preset safety protection configuration instruction set to obtain a linkage protection instruction set associated with the abnormal disturbance source under the clustering label, and carrying out safety protection configuration on a service distribution channel associated with the safety outgoing data based on the linkage protection instruction set.
Based on the steps, historical attack behavior vectors associated with the abnormal disturbance source are obtained by obtaining attack event mining results of the attack events of the abnormal disturbance source, historical attack behavior vectors associated with the abnormal disturbance source matched with the same clustering label are added to an attack behavior vector cluster based on a target type clustering strategy of the abnormal disturbance source, linkage protection instruction set mining is carried out on the first preset safety protection configuration instruction set and the second preset safety protection configuration instruction set by obtaining a first preset safety protection configuration instruction set of the clustering label and a second preset safety protection configuration instruction set of each historical attack behavior vector in the attack behavior vector cluster associated with the clustering label, and linkage protection instruction sets associated with the abnormal disturbance source under the clustering label are obtained, whereby a security guard configuration may be made based on the source of the anomalous perturbation under the clustered label.
In an exemplary design idea, the mining of a linkage protection instruction set for a first preset safety protection configuration instruction set and a second preset safety protection configuration instruction set, and the obtaining of the linkage protection instruction set associated with the abnormal disturbance source under the clustering label includes:
and obtaining the historical attack behavior vector of which the second preset security protection configuration instruction set matches preset matching requirements from the attack behavior vector cluster associated with the clustering label, and adding the historical attack behavior vector to a candidate attack behavior vector cluster.
And determining whether the abnormal disturbance source has linkage protection attributes or not based on a first preset safety protection configuration instruction set of the clustering label and a second preset safety protection configuration instruction set of the historical attack behavior vectors in the candidate attack behavior vector cluster.
And if the linkage protection attribute exists, carrying out linkage protection instruction mining on a second preset safety protection configuration instruction set of the historical attack behavior vectors in the candidate attack behavior vector group to obtain a linkage protection instruction set in the abnormal disturbance source.
The embodiment of the present application provides an intelligent management system 110 based on big data information security, which is applied to a service server, and the intelligent management system 110 based on big data information security includes:
an obtaining module 1101, configured to obtain original data to be sent out uploaded by a user terminal, and perform security detection on the data to be sent out stored in the outgoing data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively.
The determining module 1102 is configured to, if a first to-be-outgoing data in the at least one to-be-outgoing data passes security detection and the first to-be-outgoing data is to-be-outgoing data with a highest priority in the target to-be-outgoing data group, obtain a security vector corresponding to the first to-be-outgoing data, generate a second to-be-outgoing data according to the to-be-outgoing original data and the security vector, add the second to-be-outgoing data to the target to-be-outgoing data group, and obtain an updated outgoing data storage space.
The outbound module 1103 broadcasts the second data to be outbound in the outbound network, so that the other service servers in the outbound network except the service server that generates the second data to be outbound cache the second data to be outbound to the corresponding storage spaces; and updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, of which the updated safety factor is greater than a preset safety factor threshold value, as the data which can be sent out safely.
The embodiment of the application provides a cloud computing system 100, where the cloud computing system 100 includes a processor and a nonvolatile memory storing computer instructions, and when the computer instructions are executed by the processor, the cloud computing system 100 executes the intelligent management system 110 based on big data information security. The cloud computing system 100 includes an intelligent management system 110 based on big data information security, a memory 111, a processor 112, and a communication unit 113.
To facilitate the transfer or interaction of data, the elements of the memory 111, the processor 112 and the communication unit 113 are electrically connected to each other, directly or indirectly. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The smart management system 110 based on big data information security includes at least one software functional module that may be stored in the memory 111 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the cloud computing system 100. The processor 112 is used for executing the big data information security-based intelligent management system 110 stored in the memory 111, such as a software functional module and a computer program included in the big data information security-based intelligent management system 110.
The embodiment of the application provides a readable storage medium, which comprises a computer program, and the computer program controls a cloud computing system where the readable storage medium is located to execute the intelligent management method based on big data information security when running.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated. The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.
Claims (10)
1. An intelligent management method based on big data information security is applied to a business server, and is characterized by comprising the following steps:
acquiring to-be-sent-out original data uploaded by a user terminal, and carrying out security detection on the to-be-sent-out data stored in an outgoing data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively;
if first to-be-sent-out data in the at least one to-be-sent-out data passes security detection and the first to-be-sent-out data is to-be-sent-out data with the highest priority in the target to-be-sent-out data group, acquiring a security vector corresponding to the first to-be-sent-out data, generating second to-be-sent-out data according to the to-be-sent-out original data and the security vector, and adding the second to-be-sent-out data to the target to-be-sent-out data group to obtain an updated outgoing data storage space;
broadcasting the second data to be sent out in an outgoing network so as to enable other service servers in the outgoing network except the service server generating the second data to be sent out to cache the second data to be sent out to the storage space to which the second data to be sent out belongs;
and updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, of which the updated safety factor is greater than a preset safety factor threshold value, as the data to be sent out safely.
2. The method of claim 1, further comprising:
if the target data group to be sent out has data to be sent out which does not pass the security detection, and the first data to be sent out is the data to be sent out with the highest priority in the data to be sent out which passes the security detection in the target data group to be sent out, acquiring a security vector corresponding to the first data to be sent out, and generating second data to be sent out according to the original data to be sent out and the security vector;
and all the data to be sent out which pass the security detection in the target data group to be sent out and the second data to be sent out form a new data group to be sent out, and the new data group to be sent out and the target data group to be sent out are determined as an updated data storage space to be sent out.
3. The method according to claim 1 or 2, wherein the generating of the second outgoing data from the outgoing original data and the security vector comprises:
acquiring a security identifier carried by the original data to be sent out, and acquiring a security identifier generation algorithm corresponding to the user terminal;
processing the safety identification according to the safety identification generation algorithm to obtain first safety characteristic information corresponding to the safety identification;
performing MD5 operation on the original data to be sent out according to an MD5 model to obtain second safety feature information corresponding to the original data to be sent out;
if the first safety characteristic information is the same as the second safety characteristic information, the to-be-sent original data passes verification, and a data main body is generated according to the to-be-sent original data passing verification;
and generating a data label according to the safety vector, and generating second data to be sent out according to the data label and the data main body.
4. The method according to claim 1 or 2, wherein the updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out whose updated safety factor is greater than the preset safety factor threshold as the data to be sent out safely comprises:
acquiring the number of data pieces of the to-be-sent data contained in the updated outgoing data storage space, determining a service server corresponding to each to-be-sent data in the updated outgoing data storage space, and acquiring a server identity weight matched with the service servers;
updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space according to the number of the data to be sent out contained in the updated outgoing data storage space and the server identity weight;
determining the to-be-sent data with the updated safety factor larger than the preset safety factor threshold value as safe-to-be-sent data, and adding the to-be-sent data in the safe-to-be-sent data to the target sending-out data group; the target outgoing data group is used for storing all the data to be outgoing which pass the verification.
5. The method of claim 4, wherein adding the data to be sent out in the form of securely sendable data to the target set of outgoing data comprises:
acquiring the current priority corresponding to the data to be sent out which can safely send out the data;
if the current priority and the priority corresponding to the target to-be-sent-out data with the highest priority in the target outgoing data group are in a preset priority range, adding the to-be-sent-out data in the safe outgoing data to the target outgoing data group;
and if the current priority and the priority corresponding to the target to-be-sent-out data with the highest priority in the target outgoing data group are in a non-preset priority range, updating the priority of the to-be-sent-out data in the safe outgoing data, and adding the updated to-be-sent-out data in the safe outgoing data to the target outgoing data group.
6. The method of claim 1, wherein the outgoing data storage space stores a plurality of data sets to be outgoing, the plurality of data sets to be outgoing including the target data set to be outgoing; the security detection of the data to be sent out stored in the data storage space to be sent out comprises the following steps:
acquiring the multiple data groups to be sent out from the data storage space, and acquiring initial data numbers corresponding to the multiple data groups to be sent out respectively;
and sequencing the plurality of data groups to be sent out according to the number of the initial data groups to be sent out, and sequentially carrying out security detection on the data to be sent out contained in each data group to be sent out according to the sequencing sequence of each data group to be sent out.
7. The method according to claim 6, wherein the obtaining a security vector corresponding to a first data to be sent out if the first data to be sent out in the at least one data to be sent out passes security detection and the first data to be sent out is the data to be sent out with the highest priority in the target data group to be sent out, generating a second data to be sent out according to the original data to be sent out and the security vector, and adding the second data to be sent out to the target data group to be sent out to obtain an updated data storage space to be sent out comprises:
if a target data group to be sent out exists in the multiple data groups to be sent out, wherein the data to be sent out passes the security detection, the data to be sent out with the highest priority in the target data group to be sent out is taken as the first data to be sent out, and a security vector corresponding to the first data to be sent out is obtained;
generating second data to be sent out according to the original data to be sent out and the safety vector, adding the second data to be sent out to the target data group to be sent out, and determining the updated target data group to be sent out and the rest data groups to be sent out as an updated data storage space to be sent out; and the residual data group to be sent out is a data group to be sent out except the target data group to be sent out in the data storage space to be sent out.
8. The method of claim 6, further comprising:
if the data to be sent out which does not pass the security detection exists in the data groups to be sent out, respectively counting the number of target data of the data to be sent out which passes the security detection in each data group to be sent out, and determining the data group to be sent out with the highest number of target data as the target data group to be sent out;
acquiring data to be sent out with the highest priority from data to be sent out which passes security detection and is contained in the target data group to be sent out, wherein the data to be sent out is used as the first data to be sent out, and acquiring a security vector corresponding to the first data to be sent out;
generating second data to be sent out according to the original data to be sent out and the safety vector, and forming a new data group to be sent out by all data to be sent out which pass safety detection in the target data group to be sent out and the second data to be sent out;
and determining the new data group to be sent out and the plurality of data groups to be sent out as the updated outgoing data storage space.
9. The method according to claim 7, wherein the updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space comprises:
acquiring the number of outgoing data corresponding to the updated target outgoing data group and the remaining outgoing data groups from the updated outgoing data storage space, and respectively counting the frequency of each outgoing data in the updated target outgoing data group and the remaining outgoing data groups;
and according to the number of the outgoing data and the occurrence frequency, re-counting the safety factors corresponding to each data to be outgoing in the updated outgoing data storage space.
10. An intelligent management system based on big data information security is applied to a business server, and is characterized by comprising:
the acquisition module is used for acquiring to-be-sent-out original data uploaded by the user terminal and carrying out security detection on to-be-sent-out data stored in the to-be-sent-out data storage space; the outgoing data storage space stores a target data group to be outgoing, the target data group to be outgoing comprises at least one data to be outgoing, and different data to be outgoing are generated by different service servers respectively;
a determining module, configured to, if a first to-be-outgoing data in the at least one to-be-outgoing data passes security detection and the first to-be-outgoing data is to-be-outgoing data with a highest priority in the target to-be-outgoing data group, obtain a security vector corresponding to the first to-be-outgoing data, generate a second to-be-outgoing data according to the to-be-outgoing original data and the security vector, add the second to-be-outgoing data to the target to-be-outgoing data group, and obtain an updated outgoing data storage space;
the outgoing module is used for broadcasting the second data to be outgoing in an outgoing network so as to enable other service servers in the outgoing network except the service server which generates the second data to be outgoing to cache the second data to be outgoing to the storage spaces; and updating the safety factor corresponding to each data to be sent out in the updated outgoing data storage space, and determining the data to be sent out, of which the updated safety factor is greater than a preset safety factor threshold value, as the data to be sent out safely.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111477242.6A CN114115748B (en) | 2021-12-06 | 2021-12-06 | Intelligent management method based on big data information safety and big data information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111477242.6A CN114115748B (en) | 2021-12-06 | 2021-12-06 | Intelligent management method based on big data information safety and big data information system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114115748A true CN114115748A (en) | 2022-03-01 |
| CN114115748B CN114115748B (en) | 2022-06-14 |
Family
ID=80367142
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111477242.6A Active CN114115748B (en) | 2021-12-06 | 2021-12-06 | Intelligent management method based on big data information safety and big data information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114115748B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
| WO2019148568A1 (en) * | 2018-02-02 | 2019-08-08 | 网宿科技股份有限公司 | Method and system for sending request for acquiring data resource |
| CN111338581A (en) * | 2020-03-27 | 2020-06-26 | 尹兵 | Data storage method and device based on cloud computing, cloud server and system |
| CN112507384A (en) * | 2020-12-22 | 2021-03-16 | 北京明朝万达科技股份有限公司 | Method and device for processing data outgoing behavior |
| CN112751644A (en) * | 2019-10-29 | 2021-05-04 | 腾讯科技(深圳)有限公司 | Data transmission method, device and system and electronic equipment |
-
2021
- 2021-12-06 CN CN202111477242.6A patent/CN114115748B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
| WO2019148568A1 (en) * | 2018-02-02 | 2019-08-08 | 网宿科技股份有限公司 | Method and system for sending request for acquiring data resource |
| CN112751644A (en) * | 2019-10-29 | 2021-05-04 | 腾讯科技(深圳)有限公司 | Data transmission method, device and system and electronic equipment |
| CN111338581A (en) * | 2020-03-27 | 2020-06-26 | 尹兵 | Data storage method and device based on cloud computing, cloud server and system |
| CN112507384A (en) * | 2020-12-22 | 2021-03-16 | 北京明朝万达科技股份有限公司 | Method and device for processing data outgoing behavior |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114115748B (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110708171B (en) | Block chain consensus voting method, device, equipment and storage medium | |
| CN106230851B (en) | Data security method and system based on block chain | |
| US20190190987A1 (en) | Peer-to-peer communication system and peer-to-peer processing apparatus | |
| CN109802941A (en) | A kind of login validation method, device, storage medium and server | |
| CN108667717B (en) | Block chain processing method, medium, device and computing equipment based on instant messaging message record | |
| CN113055188B (en) | Data processing method, device, equipment and storage medium | |
| CN110941859A (en) | Method, apparatus, computer-readable storage medium, and computer program product for block chain formation consensus | |
| EP4216077A1 (en) | Blockchain network-based method and apparatus for data processing, and computer device | |
| CN111885050B (en) | Data storage method and device based on block chain network, related equipment and medium | |
| CN112600671B (en) | Data processing method, device, equipment and storage medium | |
| CN111523890A (en) | Data processing method and device based on block chain, storage medium and equipment | |
| CN112631550A (en) | Block chain random number generation method, device, equipment and computer storage medium | |
| CN105991412A (en) | Method and device for pushing message | |
| CN111367923A (en) | Data processing method, data processing device, node equipment and storage medium | |
| CN115941691A (en) | Method, device, equipment and medium for modifying data on block chain | |
| CN114245323B (en) | Message processing method and device, computer equipment and storage medium | |
| CN114115748B (en) | Intelligent management method based on big data information safety and big data information system | |
| Doss et al. | Packet integrity defense mechanism in OppNets | |
| CN110633326A (en) | Method and system for uplink of weather data of Internet of things on block chain | |
| CN114186269A (en) | Big data information safety protection method based on artificial intelligence and artificial intelligence system | |
| Mershad et al. | Blockchain model for environment/infrastructure monitoring in cloud-enabled high-altitude platform systems | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN113592638A (en) | Transaction request processing method and device and alliance chain | |
| CN112995988B (en) | Network port distribution method and device based on multiple network ports of wireless network equipment | |
| CN109657447B (en) | Equipment fingerprint generation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220506 Address after: 514781 No. 117 Guangming Road, Guangming Ju Wei, Songkou Town, Meixian District, Meizhou City, Guangdong Province Applicant after: Li Zhijun Address before: 274009 room 07003, building 6, Shangri La Jiayuan, South and east of Qingnian Road, Mudan District, Heze City, Shandong Province Applicant before: Heze zhuotong Internet Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220530 Address after: 510000 A83, floor 3, No. 108, Keyun North Road, Tianhe District, Guangzhou City, Guangdong Province (office only) Applicant after: Guangzhou helixintong Information Technology Co.,Ltd. Address before: 514781 No. 117 Guangming Road, Guangming Ju Wei, Songkou Town, Meixian District, Meizhou City, Guangdong Province Applicant before: Li Zhijun |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |