CN114168999A - Comprehensive security method and system based on data center - Google Patents

Comprehensive security method and system based on data center Download PDF

Info

Publication number
CN114168999A
CN114168999A CN202111468108.XA CN202111468108A CN114168999A CN 114168999 A CN114168999 A CN 114168999A CN 202111468108 A CN202111468108 A CN 202111468108A CN 114168999 A CN114168999 A CN 114168999A
Authority
CN
China
Prior art keywords
data
security
detection
safety
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111468108.XA
Other languages
Chinese (zh)
Inventor
张美华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai DC Science Co Ltd
Original Assignee
Shanghai DC Science Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai DC Science Co Ltd filed Critical Shanghai DC Science Co Ltd
Priority to CN202111468108.XA priority Critical patent/CN114168999A/en
Publication of CN114168999A publication Critical patent/CN114168999A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Image Analysis (AREA)

Abstract

The comprehensive security protection method and system based on the data center provided by the application generate the detection security identification strategy corresponding to the important attribute of the security detection of the data to be processed globally based on the key security identification strategies corresponding to a plurality of object data security key types and the projection distribution matrix used for representing the projection relation among the object data security key types, and generates a data security identification strategy through the data security contained in the data security to be detected, since the data security identification policy reflects the detection of important attribute information of the data security to be detected, the security identification strategy is important attribute information for representing different detection ranges, and the detection and identification of the data to be detected can be more accurately carried out by detecting the security identification strategy and the data security identification strategy, so that the accuracy of data security detection of the data to be detected is effectively improved.

Description

Comprehensive security method and system based on data center
Technical Field
The application relates to the technical field of data security, in particular to a comprehensive security method and system based on a data center.
Background
The data center is an information resource library of the modern society, can provide various data services, and performs information interaction with the outside through the Internet to respond to service requests. Therefore, key data of the data center can be monitored, stolen, counterfeited and tampered, the server runs slowly, performance is reduced or the server is halted and cannot provide data service to the outside, and even hardware is damaged, so that great loss is caused. The security of the data center is an urgent problem to be solved.
Disclosure of Invention
In view of this, the present application provides a comprehensive security method and system based on a data center.
In a first aspect, a comprehensive security method based on a data center is provided, which includes:
the method comprises the steps of obtaining important attributes of security detection of data to be processed and obtaining detection security identification strategies corresponding to the important attributes of security detection of the data to be processed in a global mode, wherein the important attributes of security detection of the data to be processed are a plurality of important attributes obtained by dividing according to security key types of object data, and the detection security identification strategies are generated on the basis of key security identification strategies corresponding to the security key types of the object data and projection distribution matrixes used for representing projection relations among the security key types of the object data;
generating a data security identification strategy based on data security contained in the data security to be detected;
and judging the important attribute of data security detection to which the data to be detected belongs from the important attributes of data security detection to be processed based on the data security identification strategy and the detection security identification strategy.
Further, the obtaining of the detection security identification policy globally corresponding to the important security detection attribute of the data to be processed includes:
acquiring key safety identification strategies corresponding to a plurality of object data safety key types and acquiring a projection distribution matrix containing projection relations among the object data safety key types;
splicing key safety identification strategies corresponding to a plurality of object data safety key types to generate an object important attribute distribution matrix;
and generating a detection safety identification strategy corresponding to the safety detection important attribute of the data to be processed globally based on the object important attribute distribution matrix and the projection distribution matrix.
Further, the obtaining of the key security identification policy corresponding to the plurality of object data security key categories includes:
respectively acquiring a target reference object containing the object data safety key category aiming at each object data safety key category;
respectively carrying out important attribute selection on the target reference object aiming at each object data security key type to obtain a reference key security identification strategy corresponding to the target reference object;
and generating a key safety identification strategy corresponding to the object data safety key type based on a preset reference vector of a reference key safety identification strategy corresponding to the target reference object aiming at each object data safety key type.
Further, the obtaining a projection distribution matrix containing projection relations among the plurality of object data safety-critical categories includes:
determining confidence between every two object data safety key categories in the plurality of object data safety key categories;
and generating a projection distribution matrix for representing projection relations among object data safety key types based on the confidence degrees.
Further, the generating a data security identification policy based on the data security contained in the data security to be detected includes:
generating a key safety identification strategy corresponding to the object data safety based on the object data safety contained in the data safety to be detected, and generating a key safety identification strategy corresponding to the key data safety based on the key data safety contained in the data safety to be detected;
and performing important attribute splicing on the key safety identification strategy and the key safety identification strategy to generate a data safety identification strategy.
Further, a key security identification strategy corresponding to the object data security is generated through a security network trained in advance, and the data center-based integrated security method further includes:
acquiring an object to be processed containing an object data safety key category corresponding to the important attribute of the data to be processed;
extracting the object to be processed to generate an extracted object; generating a training reference detection range set based on the extracted object and the object to be processed, wherein each reference detection range in the training reference detection range set comprises a reference object and important attributes of safety detection of the data to be processed to which the reference object belongs;
and training the security network to be trained based on the training reference detection range set to obtain the security network trained in advance.
Further, the generating a key security identification policy corresponding to the key data security based on the key data security included in the data security to be detected includes:
identifying key data safety contained in the data safety to be detected to obtain an identification result corresponding to the key data safety and a detection range of each detection range contained in the identification result in which the identification result is located;
generating a range safety identification strategy corresponding to each detection range based on the identification result, and generating a range safety identification strategy based on the detection range of each detection range contained in the identification result in which the identification result is positioned;
and splicing the range security identification strategies corresponding to each detection range based on the range security identification strategies to generate a key security identification strategy containing the global motion state.
Further, the determining, based on the data security identification policy and the detection security identification policy, a data security detection important attribute to which the data to be detected belongs in the to-be-processed data security detection important attributes includes:
judging a detection judgment percentage parameter when the to-be-detected data security belongs to the important security detection attribute of the to-be-processed data based on the data security identification strategy and the detection security identification strategy;
selecting the important attribute of the safety detection of the data to be processed with the largest detection judgment percentage parameter from the important attributes of the safety detection of the data to be processed based on the detection judgment percentage parameter;
and if the detection judgment percentage parameter corresponding to the selected important attribute of the data to be processed for safety detection meets a preset detection judgment percentage parameter threshold, taking the selected important attribute of the data to be processed for safety detection as the important attribute of the data to be detected for safety detection.
Further, after the important attribute of data security detection to which the data to be detected belongs is judged in the important attributes of data security detection to be processed based on the data security identification policy and the detection security identification policy, the comprehensive security protection method based on the data center further includes:
if the important attributes of the detection heat of the object do not have important attributes matched with the important attributes of the data safety detection to which the data to be detected belongs, the data to be detected is safely loaded to a main data safety range which refuses to recommend the object;
and if the important attributes of the detection heat of the object exist, the important attributes are matched with the important attributes of the data safety detection to which the data to be detected belongs, the data to be detected is safely loaded into the secondary range of the data safety recommended to the object.
In a second aspect, a data center-based integrated security system is provided, which includes a processor and a memory, which are in communication with each other, and the processor is configured to read a computer program from the memory and execute the computer program to implement the method described above.
The comprehensive security protection method and system based on the data center provided by the embodiment of the application generate the detection security identification strategy corresponding to the important attribute of the security detection of the data to be processed globally based on the key security identification strategies corresponding to a plurality of object data security key types and the projection distribution matrix used for representing the projection relation among the object data security key types, and generates a data security identification strategy through the data security contained in the data security to be detected, since the data security identification policy reflects the detection of important attribute information of the data security to be detected, the security identification strategy is important attribute information for representing different detection ranges, and the detection and identification of the data to be detected can be more accurately carried out by detecting the security identification strategy and the data security identification strategy, so that the accuracy of data security detection of the data to be detected is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a flowchart of a comprehensive security method based on a data center according to an embodiment of the present disclosure.
Fig. 2 is a block diagram of an integrated security device based on a data center according to an embodiment of the present disclosure.
Fig. 3 is an architecture diagram of an integrated data center-based security system according to an embodiment of the present disclosure.
Detailed Description
In order to better understand the technical solutions, the technical solutions of the present application are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
Referring to fig. 1, a data center-based integrated security method is shown, which may include the technical solutions described in the following steps 100-300.
Step 100, obtaining important attributes of security detection of data to be processed, and obtaining a detection security identification strategy corresponding to the important attributes of security detection of data to be processed globally, where the important attributes of security detection of data to be processed are multiple important attributes obtained by dividing according to security key categories of object data, and the detection security identification strategy is generated based on key security identification strategies corresponding to the security key categories of the multiple object data and a projection distribution matrix used for representing projection relations among the security key categories of the object data.
For example, the important attribute of security detection of the data to be processed represents the relevant data to be detected.
And 200, generating a data security identification strategy based on the data security contained in the data security to be detected.
For example, the data security identification policy indicates that the relevant data corresponds to a single detected range.
Step 300, based on the data security identification policy and the detection security identification policy, determining the important attribute of data security detection to which the data to be detected belongs from the important attributes of data security detection to be processed.
For example, the data security detection important attribute represents a corresponding detection range.
It is understood that, when the technical solutions described in the above steps 100-300 are performed, generating a detection safety identification strategy corresponding to important attributes of safety detection of data to be processed based on key safety identification strategies corresponding to a plurality of object data safety key types and a projection distribution matrix used for representing projection relations among the object data safety key types, and generates a data security identification strategy through the data security contained in the data security to be detected, since the data security identification policy reflects the detection of important attribute information of the data security to be detected, the security identification strategy is important attribute information for representing different detection ranges, and the detection and identification of the data to be detected can be more accurately carried out by detecting the security identification strategy and the data security identification strategy, so that the accuracy of data security detection of the data to be detected is effectively improved.
In an alternative embodiment, the inventor finds that, when obtaining the detection security identification policy globally corresponding to the important security detection attribute of the data to be processed, there is a problem that the key security identification policy is inaccurate, so that it is difficult to accurately obtain the detection security identification policy globally corresponding to the important security detection attribute of the data to be processed, and in order to improve the above technical problem, the step of obtaining the detection security identification policy globally corresponding to the important security detection attribute of the data to be processed, described in step 100, may specifically include the technical solutions described in the following step q 1-step q 3.
And q1, acquiring key safety identification strategies corresponding to a plurality of object data safety key types and acquiring a projection distribution matrix containing the projection relation among the object data safety key types.
And q2, splicing the key security identification strategies corresponding to the plurality of object data security key types to generate an object important attribute distribution matrix.
And q3, generating a detection safety identification strategy corresponding to the safety detection important attribute of the data to be processed based on the object important attribute distribution matrix and the projection distribution matrix.
It can be understood that, when the technical solutions described in the above steps q 1-q 3 are executed and the detection security identification policy globally corresponding to the important attribute of security detection of the data to be processed is obtained, the problem of inaccuracy of the key security identification policy is avoided, so that the detection security identification policy globally corresponding to the important attribute of security detection of the data to be processed can be accurately obtained.
In an alternative embodiment, the inventor finds that, when acquiring the key safety identification policies corresponding to a plurality of object data safety key categories, there is a problem that each object data safety key category is inaccurate, so that it is difficult to accurately acquire the key safety identification policies corresponding to the plurality of object data safety key categories, and in order to improve the above technical problem, the step of acquiring the key safety identification policies corresponding to the plurality of object data safety key categories described in step q1 may specifically include the technical solutions described in the following step q1a 1-step q1a 3.
And q1a1, respectively acquiring target reference objects containing the object data safety key types for each object data safety key type.
And q1a2, respectively selecting important attributes of the target reference object according to each object data security key type to obtain a reference key security identification strategy corresponding to the target reference object.
And q1a3, generating a key safety identification strategy corresponding to each object data safety key type based on a preset reference vector of a reference key safety identification strategy corresponding to the target reference object.
It can be understood that, when the technical solutions described in the above steps q1a 1-q 1a3 are executed, the key security identification policies corresponding to a plurality of object data security key categories are obtained, so that the problem of inaccuracy of each object data security key category is avoided, and the key security identification policies corresponding to a plurality of object data security key categories can be accurately obtained.
In an alternative embodiment, the inventors found that, when acquiring the projection distribution matrix including the projection relationship between the plurality of object data safety critical categories, there is a problem that the matching between every two object data safety critical categories is inaccurate, so that it is difficult to accurately acquire the projection distribution matrix including the projection relationship between the plurality of object data safety critical categories, and in order to improve the above technical problem, the step of acquiring the projection distribution matrix including the projection relationship between the plurality of object data safety critical categories described in step q1 may specifically include the technical solutions described in the following step q1b1 and step q1b 2.
Step q1b1, determining confidence between each two object data safety-critical categories of the plurality of object data safety-critical categories.
And q1b2, generating a projection distribution matrix for representing the projection relation between the object data safety key types based on the confidence coefficient.
It can be understood that, when the technical solutions described in the above step q1b1 and step q1b2 are performed, and a projection distribution matrix including projection relations among the plurality of object data safety key categories is obtained, the problem of inaccurate matching between every two object data safety key categories is avoided, so that the projection distribution matrix including projection relations among the plurality of object data safety key categories can be accurately obtained.
In an alternative embodiment, the inventor finds that, when data security is securely contained in data to be detected, there is a problem that the key security identification policy is inaccurate, so that it is difficult to accurately generate the data security identification policy, and in order to improve the above technical problem, the step of generating the data security identification policy based on the data security is securely contained in the data to be detected in step 200 may specifically include the technical solutions described in step w1 and step w2 below.
And w1, generating a key safety identification strategy corresponding to the object data safety based on the object data safety contained in the data safety to be detected, and generating a key safety identification strategy corresponding to the key data safety based on the key data safety contained in the data safety to be detected.
And step w2, performing important attribute splicing on the key security identification strategy and the key security identification strategy to generate a data security identification strategy.
It can be understood that, when the technical solutions described in the above steps w1 and w2 are executed, when data security is included in the data to be detected, the problem that the key security identification policy is not accurate is avoided, so that the data security identification policy can be accurately generated.
Based on the above basis, the key security identification strategy corresponding to the object data security is generated through a security network trained in advance, and the following technical scheme described in steps e1 to e3 can be further included.
And e1, acquiring the object to be processed containing the object data safety key type corresponding to the important attribute of the data to be processed.
Step e2, extracting the object to be processed to generate an extracted object; generating a training reference detection range set based on the extracted object and the object to be processed, wherein each reference detection range in the training reference detection range set comprises a reference object and important attributes of safety detection of the data to be processed to which the reference object belongs.
And e3, training the security network to be trained based on the training reference detection range set to obtain the security network trained in advance.
It can be understood that when the technical solutions described in the above steps e 1-e 3 are executed, the security network trained in advance can be accurately obtained by accurately extracting the object to be processed.
In an alternative embodiment, the inventor finds that, based on the key data security contained in the data to be detected, there is a problem that the detection range of each detection range in the identification result is inaccurate, so that it is difficult to accurately generate the key security identification policy corresponding to the key data security, and in order to improve the above technical problem, the step of generating the key security identification policy corresponding to the key data security based on the key data security contained in the data to be detected described in step w1 may specifically include the technical solutions described in the following steps w1a 1-w 1a 3.
And w1a1, identifying the key data safety contained in the data safety to be detected, and obtaining an identification result corresponding to the key data safety and a detection range of each detection range contained in the identification result in which the identification result is located.
And w1a2, generating a range security identification policy corresponding to each detection range based on the identification result, and generating a range security identification policy based on the detection range of each detection range contained in the identification result.
And w1a3, splicing the range security identification strategies corresponding to each detection range based on the range security identification strategies, and generating a key security identification strategy containing a global motion state.
It can be understood that, when the technical solutions described in the above steps w1a 1-w 1a3 are executed, based on the security of the critical data included in the data to be detected, the problem that the detection range of each detection range in which the identification result is located is inaccurate is avoided, so that the critical security identification policy corresponding to the security of the critical data can be accurately generated.
In an alternative embodiment, the inventors found that, when the important data security detection attribute to which the data security to be detected belongs is determined in the important data security detection attributes to be processed based on the data security identification policy and the detection security identification policy, there is a problem that a detection percentage parameter is inaccurate, so that it is difficult to accurately determine the important data security detection attribute to which the data security to be detected belongs, and in order to improve the above technical problem, the step of determining the important data security detection attribute to which the data security to be detected belongs in the important data security detection attributes to be processed based on the data security identification policy and the detection security identification policy, which is described in step 300, may specifically include the technical solutions described in the following step t 1-step t 3.
And t1, based on the data security identification strategy and the detection security identification strategy, determining a detection determination percentage parameter when the data security to be detected belongs to the important attribute of the data security detection to be processed.
And t2, based on the detection judgment percentage parameter, selecting the important attribute of the safety detection of the data to be processed with the largest detection judgment percentage parameter from the important attributes of the safety detection of the data to be processed.
And t3, if the detection judgment percentage parameter corresponding to the selected important attribute of the data to be processed for safety detection meets the preset detection judgment percentage parameter threshold, taking the selected important attribute of the data to be processed for safety detection as the important attribute of the data to be detected for safety detection.
It can be understood that, when the technical solutions described in the above steps t 1-t 3 are executed, based on the data security identification policy and the detection security identification policy, when the data security detection important attribute to which the data security to be detected belongs is judged in the to-be-processed data security detection important attributes, the problem of inaccurate detection percentage parameter is avoided, so that the data security detection important attribute to which the data security to be detected belongs can be accurately judged.
Based on the above basis, after the important data security detection attribute to which the data security to be detected belongs is judged in the important data security detection attributes based on the data security identification policy and the detection security identification policy, the following technical solutions described in step y1 and step y2 may also be included.
And y1, if the important attributes of the detection heat of the object do not have important attributes matched with the important attributes of the data safety detection to which the data to be detected belong, safely loading the data to be detected to a main data safety range for refusing to recommend the object.
And y2, if the important attributes of the detection heat of the object have important attributes matched with the important attributes of the data safety detection to which the data to be detected belong, safely loading the data to be detected as a secondary range of the data safety recommended to the object.
It can be understood that, when the technical solutions described in the above steps y1 and y2 are executed, by accurately analyzing the detection heat importance attribute, the data to be detected can be safely loaded as the data safety secondary range divided into the objects.
On the basis, please refer to fig. 2 in combination, a data center-based integrated security apparatus 200 is provided, which is applied to a data terminal, and includes:
a content obtaining module 210, configured to obtain important security detection attributes of data to be processed, and obtain a detection security identification policy corresponding to the important security detection attributes of the data to be processed globally, where the important security detection attributes of the data to be processed are multiple important attributes obtained by dividing according to security key categories of object data, and the detection security identification policy is generated based on key security identification policies corresponding to the security key categories of the object data and a projection distribution matrix used for representing a projection relationship between the security key categories of the object data;
the content generation module 220 is configured to generate a data security identification policy based on data security included in the to-be-detected data security;
an attribute determining module 230, configured to determine, based on the data security identification policy and the detection security identification policy, a data security detection important attribute to which the data to be detected belongs in the to-be-processed data security detection important attributes.
On the basis of the above, please refer to fig. 3, which shows a data center-based integrated security system 300, which includes a processor 310 and a memory 320, which are communicated with each other, wherein the processor 310 is configured to read a computer program from the memory 320 and execute the computer program to implement the above method.
On the basis of the above, there is also provided a computer-readable storage medium on which a computer program is stored, which when executed implements the above-described method.
In summary, based on the above solution, by generating a detection security identification policy corresponding to the important attribute of security detection of the data to be processed based on the key security identification policies corresponding to the plurality of security key categories of the object data and the projection distribution matrix representing the projection relationship between the security key categories of the object data, and generates a data security identification strategy through the data security contained in the data security to be detected, since the data security identification policy reflects the detection of important attribute information of the data security to be detected, the security identification strategy is important attribute information for representing different detection ranges, and the detection and identification of the data to be detected can be more accurately carried out by detecting the security identification strategy and the data security identification strategy, so that the accuracy of data security detection of the data to be detected is effectively improved.
It should be appreciated that the system and its modules shown above may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules of the present application may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific language to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the present application may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present application may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereon. Accordingly, various aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of the present application may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which elements and sequences of the processes described herein are processed, the use of alphanumeric characters, or the use of other designations, is not intended to limit the order of the processes and methods described herein, unless explicitly claimed. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the numbers allow for adaptive variation. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
The entire contents of each patent, patent application publication, and other material cited in this application, such as articles, books, specifications, publications, documents, and the like, are hereby incorporated by reference into this application. Except where the application is filed in a manner inconsistent or contrary to the present disclosure, and except where the claim is filed in its broadest scope (whether present or later appended to the application) as well. It is noted that the descriptions, definitions and/or use of terms in this application shall control if they are inconsistent or contrary to the statements and/or uses of the present application in the material attached to this application.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present application. Other variations are also possible within the scope of the present application. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present application can be viewed as being consistent with the teachings of the present application. Accordingly, the embodiments of the present application are not limited to only those embodiments explicitly described and depicted herein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A comprehensive security method based on a data center is characterized by comprising the following steps:
the method comprises the steps of obtaining important attributes of security detection of data to be processed and obtaining detection security identification strategies corresponding to the important attributes of security detection of the data to be processed in a global mode, wherein the important attributes of security detection of the data to be processed are a plurality of important attributes obtained by dividing according to security key types of object data, and the detection security identification strategies are generated on the basis of key security identification strategies corresponding to the security key types of the object data and projection distribution matrixes used for representing projection relations among the security key types of the object data;
generating a data security identification strategy based on data security contained in the data security to be detected;
and judging the important attribute of data security detection to which the data to be detected belongs from the important attributes of data security detection to be processed based on the data security identification strategy and the detection security identification strategy.
2. The data center-based comprehensive security protection method according to claim 1, wherein the obtaining of the detection security identification policy globally corresponding to the important security detection attributes of the data to be processed comprises:
acquiring key safety identification strategies corresponding to a plurality of object data safety key types and acquiring a projection distribution matrix containing projection relations among the object data safety key types;
splicing key safety identification strategies corresponding to a plurality of object data safety key types to generate an object important attribute distribution matrix;
and generating a detection safety identification strategy corresponding to the safety detection important attribute of the data to be processed globally based on the object important attribute distribution matrix and the projection distribution matrix.
3. The data center-based integrated security method according to claim 2, wherein the obtaining of the key security identification policy corresponding to the plurality of object data security key categories comprises:
respectively acquiring a target reference object containing the object data safety key category aiming at each object data safety key category;
respectively carrying out important attribute selection on the target reference object aiming at each object data security key type to obtain a reference key security identification strategy corresponding to the target reference object;
and generating a key safety identification strategy corresponding to the object data safety key type based on a preset reference vector of a reference key safety identification strategy corresponding to the target reference object aiming at each object data safety key type.
4. The data center-based integrated security method according to claim 2, wherein the obtaining a projection distribution matrix including projection relationships among the plurality of object data security critical categories comprises:
determining confidence between every two object data safety key categories in the plurality of object data safety key categories;
and generating a projection distribution matrix for representing projection relations among object data safety key types based on the confidence degrees.
5. The data center-based integrated security method according to claim 1, wherein generating a data security identification policy based on the data security contained in the data security to be detected comprises:
generating a key safety identification strategy corresponding to the object data safety based on the object data safety contained in the data safety to be detected, and generating a key safety identification strategy corresponding to the key data safety based on the key data safety contained in the data safety to be detected;
and performing important attribute splicing on the key safety identification strategy and the key safety identification strategy to generate a data safety identification strategy.
6. The data center-based integrated security method according to claim 5, wherein the key security identification policy corresponding to the object data security is generated through a security network trained in advance, and the data center-based integrated security method further comprises:
acquiring an object to be processed containing an object data safety key category corresponding to the important attribute of the data to be processed;
extracting the object to be processed to generate an extracted object; generating a training reference detection range set based on the extracted object and the object to be processed, wherein each reference detection range in the training reference detection range set comprises a reference object and important attributes of safety detection of the data to be processed to which the reference object belongs;
and training the security network to be trained based on the training reference detection range set to obtain the security network trained in advance.
7. The data center-based integrated security method according to claim 5, wherein generating a key security identification policy corresponding to key data security based on key data security included in the data security to be detected comprises:
identifying key data safety contained in the data safety to be detected to obtain an identification result corresponding to the key data safety and a detection range of each detection range contained in the identification result in which the identification result is located;
generating a range safety identification strategy corresponding to each detection range based on the identification result, and generating a range safety identification strategy based on the detection range of each detection range contained in the identification result in which the identification result is positioned;
and splicing the range security identification strategies corresponding to each detection range based on the range security identification strategies to generate a key security identification strategy containing the global motion state.
8. The data center-based integrated security protection method according to claim 1, wherein the determining, based on the data security identification policy and the detection security identification policy, the data security detection important attribute to which the data security to be detected belongs from the data security detection important attributes to be processed comprises:
judging a detection judgment percentage parameter when the to-be-detected data security belongs to the important security detection attribute of the to-be-processed data based on the data security identification strategy and the detection security identification strategy;
selecting the important attribute of the safety detection of the data to be processed with the largest detection judgment percentage parameter from the important attributes of the safety detection of the data to be processed based on the detection judgment percentage parameter;
and if the detection judgment percentage parameter corresponding to the selected important attribute of the data to be processed for safety detection meets a preset detection judgment percentage parameter threshold, taking the selected important attribute of the data to be processed for safety detection as the important attribute of the data to be detected for safety detection.
9. The data center-based integrated security method according to claim 1, wherein after the data security detection important attribute to which the data security to be detected belongs is determined from the data security detection important attributes based on the data security identification policy and the detection security identification policy, the data center-based integrated security method further comprises:
if the important attributes of the detection heat of the object do not have important attributes matched with the important attributes of the data safety detection to which the data to be detected belongs, the data to be detected is safely loaded to a main data safety range which refuses to recommend the object;
and if the important attributes of the detection heat of the object exist, the important attributes are matched with the important attributes of the data safety detection to which the data to be detected belongs, the data to be detected is safely loaded into the secondary range of the data safety recommended to the object.
10. A data center based integrated security system comprising a processor and a memory in communication with each other, the processor configured to read a computer program from the memory and execute the computer program to implement the method of any one of claims 1 to 9.
CN202111468108.XA 2021-12-03 2021-12-03 Comprehensive security method and system based on data center Pending CN114168999A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111468108.XA CN114168999A (en) 2021-12-03 2021-12-03 Comprehensive security method and system based on data center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111468108.XA CN114168999A (en) 2021-12-03 2021-12-03 Comprehensive security method and system based on data center

Publications (1)

Publication Number Publication Date
CN114168999A true CN114168999A (en) 2022-03-11

Family

ID=80482838

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111468108.XA Pending CN114168999A (en) 2021-12-03 2021-12-03 Comprehensive security method and system based on data center

Country Status (1)

Country Link
CN (1) CN114168999A (en)

Similar Documents

Publication Publication Date Title
CN114168747A (en) Knowledge base construction method and system based on cloud service
CN113918937A (en) Illegal event identification method and system based on big data
CN115757370A (en) User information communication method and system based on Internet of things
CN113608596A (en) Intelligent cooling method and system for server
CN114168999A (en) Comprehensive security method and system based on data center
CN115359203A (en) Three-dimensional high-precision map generation method and system and cloud platform
CN115391810A (en) Data hierarchical encryption method based on big data and AI system
CN113610373A (en) Information decision processing method and system based on intelligent manufacturing
CN114187552A (en) Method and system for monitoring power environment of machine room
CN113360562A (en) Interface pairing method and system based on artificial intelligence and big data and cloud platform
CN113630336A (en) Data distribution method and system based on optical interconnection
CN113407582A (en) Multi-agent integrated data monitoring method and cloud server
CN114611478B (en) Information processing method and system based on artificial intelligence and cloud platform
CN114167965A (en) High-heat-density intelligent refrigeration method and system based on data center
CN113610117B (en) Underwater sensing data processing method and system based on depth data
CN114691830B (en) Network security analysis method and system based on big data
CN113613252B (en) 5G-based network security analysis method and system
CN113626494B (en) Data multidimensional dimension analysis method and system based on self-adaptive control
CN114745401A (en) Interface access method and system based on artificial intelligence and Internet of things and cloud platform
CN115374839A (en) Data management method and system for energy consumption perception decision
CN113609362A (en) Data management method and system based on 5G
CN114629715A (en) Network security protection method and system based on big data
CN115374368A (en) Internet-based network tag data processing method and system
CN115455803A (en) Indoor energy consumption information analysis method and system
CN115371848A (en) Heat energy information monitoring method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination