CN115065543B - Network security authentication method of distributed system - Google Patents

Network security authentication method of distributed system Download PDF

Info

Publication number
CN115065543B
CN115065543B CN202210746426.6A CN202210746426A CN115065543B CN 115065543 B CN115065543 B CN 115065543B CN 202210746426 A CN202210746426 A CN 202210746426A CN 115065543 B CN115065543 B CN 115065543B
Authority
CN
China
Prior art keywords
data
row
matrix
lbp
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210746426.6A
Other languages
Chinese (zh)
Other versions
CN115065543A (en
Inventor
王雨佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Oriental Jinghai Electronic Technology Co ltd
Original Assignee
Beijing Oriental Jinghai Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Oriental Jinghai Electronic Technology Co ltd filed Critical Beijing Oriental Jinghai Electronic Technology Co ltd
Priority to CN202210746426.6A priority Critical patent/CN115065543B/en
Publication of CN115065543A publication Critical patent/CN115065543A/en
Application granted granted Critical
Publication of CN115065543B publication Critical patent/CN115065543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to the technical field of data identification, in particular to a network security authentication method of a distributed system. The method comprises the steps of converting sending data into a matrix form so as to extract characteristics of the matrix, screening out row vectors with high reference as initial row vectors according to the characteristics, and classifying row data of each row of the data matrix according to the initial row vectors to obtain row data categories. And constructing a sending data tree structure according to the data abstract and the full-text data abstract corresponding to the line data type and the initial line vector, obtaining a receiving data tree structure of the received data by a receiving end by adopting the same method, and determining the position of abnormal data by comparing the two tree structures layer by layer. The invention realizes the abnormal positioning of the data by changing the data storage mode and establishing and comparing the tree structure.

Description

Network security authentication method of distributed system
Technical Field
The invention relates to the technical field of data identification, in particular to a network security authentication method of a distributed system.
Background
Two attack modes that frequently occur in current network connections are an information injection mode and a spoofing network. In the network transmission, the attack threat of the third party using the data packet intrusion or the path change is frequently encountered, and in this way, the normal transmission of the data is subjected to multiple risks, especially in the information transmission process of the transmission node, the data attack generally causes the falsification transmission of the information data, and the legal data cannot be effectively transmitted.
The distributed system includes a large number of data sending terminals and data receiving terminals, and therefore data security during data transmission of the network needs to be considered in the distributed system. In the prior art, whether data is tampered is judged by a data abstract verification mode, and whether data is tampered in a transmission process is judged by comparing a full-text abstract of received data at a receiving end with an abstract of sent data at a sending end. However, the method of digital digest verification can only know whether data is tampered or not, and cannot determine information such as the degree of data tampering and the position of tampered data, and once data is found to be tampered each time, all the data transmitted this time is considered invalid, and data cannot be judged according to the position of tampered data and the degree of tampered data.
Disclosure of Invention
In order to solve the above technical problem, an object of the present invention is to provide a network security authentication method for a distributed system, which adopts the following technical solutions:
the invention provides a network security authentication method of a distributed system, which comprises the following steps:
converting the sending data of the sending end into a matrix form to obtain a data matrix; obtaining a first LBP characteristic descriptor of each position in the data matrix to form an LBP characteristic matrix;
extracting row data characteristics of each row of the LBP characteristic matrix, wherein the row data characteristics form a column vector; extracting independent factor vectors of the column vectors by using a factor analysis algorithm; selecting K elements with the largest occurrence frequency of the element values in the independent factor vector as independent component maximum elements; k is a positive integer; taking a row vector corresponding to the independent component maximum element in the LBP feature matrix as an initial row vector; classifying the other row vectors according to the independent component maximum element values corresponding to the initial row vector and the positions of the other row vectors to obtain a plurality of row data categories;
taking the full-text information abstract of the sending data as a root node of a first layer of a sending data tree structure; integrating data corresponding to all the initial row vectors in the transmitted data to obtain first integrated data; integrating data corresponding to all other row vectors in the sending data to obtain second integrated data; respectively taking the first integrated data abstract and the second integrated data abstract as tree nodes of a second layer of the transmission data tree structure; integrating corresponding data in each row of data category in the sending data respectively to obtain third integrated data; taking a third integrated data abstract as a tree node of a third layer of the sending data tree structure, and taking a corresponding father node as a tree node of a second layer corresponding to the first integrated data; respectively integrating data corresponding to all other row vectors in each row data category in the sending data to obtain fourth integrated data; taking a fourth integrated data abstract and a data abstract corresponding to the initial row vector as tree nodes of a fourth layer of the sending data tree structure, wherein corresponding father nodes are tree nodes of a third layer corresponding to the third integrated data of the same row data type;
obtaining a receiving data tree structure of receiving data of a receiving end; comparing the receiving data tree structure with the sending data tree structure layer by layer; if the comparison is not abnormal, the safety authentication is successful; and if the comparison is abnormal, determining the position of the abnormal information according to the abnormal tree node.
Further, the extracting of the row data feature of each row of the LBP feature matrix includes:
converting the row data of each row of the LBP characteristic matrix into a matrix form to obtain a row data matrix; and performing LBP feature extraction on the row data matrix at different angles to obtain a plurality of second LBP feature descriptors, and taking the largest second LBP feature descriptor as the row data feature of the corresponding row data.
Further, the method of obtaining the second LBP feature descriptor includes:
if the length and the width of the row data matrix are the same and are all the nth power of 3, and n is a positive integer greater than or equal to 2, obtaining the second LBP feature descriptor of the row data matrix by using a nested LBP extraction method; otherwise, obtaining a minimum value of the length and the width in the row data matrix, selecting an nth power which is closest to the minimum value and is not more than 3 of the minimum value as the length and the width of a feature extraction sliding window, wherein the feature extraction sliding window slides in the row data matrix, a third LBP feature descriptor in the feature extraction sliding window is obtained through the nested LBP extraction method during each sliding, and a maximum third LBP feature descriptor is used as the second feature descriptor;
the nested LBP extraction method comprises the following steps: obtaining a fourth LBP feature descriptor of a central 3*3 area and the fourth LBP feature descriptor of a 3*3 area surrounding the fourth LBP feature descriptor, obtaining a matrix of size 3*3 formed by the fourth LBP feature descriptor, and obtaining a fifth LBP feature descriptor of the matrix; and continuously nesting until the row data matrix is converted into a 3*3 matrix consisting of LBP feature descriptors to obtain the LBP features of the matrix, and finishing the nested LBP extraction method.
Further, the selecting K elements with the largest frequency of occurrence of the element values in the independent factor vector as the independent component maximum elements includes:
counting elements in the independent factor vector to construct a histogram; the abscissa of the histogram is an element value, and the ordinate is the occurrence frequency; obtaining an occurrence frequency threshold value by utilizing an Otsu threshold segmentation algorithm; taking the element corresponding to the occurrence times larger than the occurrence time threshold value as an initial independent component maximum element;
if the number of the initial independent component maximum elements is less than or equal to K, taking all the initial independent component maximum elements as the independent component maximum elements; and if the number of the initial independent component maximum elements is larger than K, selecting the K with the largest occurrence frequency as the independent component maximum elements.
Further, the classifying the other row vectors according to the independent component maximum element value corresponding to the initial row vector and the positions of the other row vectors to obtain a plurality of row data categories includes:
obtaining the row number difference absolute value of the initial row vector and the other row vectors; taking the ratio of the maximum element value of the independent component corresponding to the initial row vector to the absolute value of the difference of the row number as the attribution rate of the other row vectors to the initial row vector; and the initial row vector corresponding to the maximum attribution rate of the other row vectors is used as the category center of the other row vectors to obtain the row data category.
The invention has the following beneficial effects:
the embodiment of the invention converts the sending data into a matrix form, and further describes the characteristics of the sending data by using the LBP characteristics. And further converting the LBP characteristic matrix into a column vector, and finding out a special independent factor vector. And classifying the row vectors in the LBP characteristic matrix by taking the independent component maximum elements in the independent factor vectors as a reference to obtain a plurality of row data categories. The classification method can endow part of data position information of the sending data, and the receiving end can quickly and accurately identify the abnormal data position by constructing a tree structure chart with rich information. The embodiment of the invention extracts the features by changing the data form, further constructs the tree structure chart for comparison, and realizes the network security authentication of a safe and effective distributed system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a network security authentication method for a distributed system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a conventional information verification method according to an embodiment of the present invention;
fig. 3 is a diagram illustrating a structure of a transmission data tree according to an embodiment of the present invention.
Detailed Description
To further illustrate the technical means and effects of the present invention adopted to achieve the predetermined object, the following detailed description of the network security authentication method of a distributed system according to the present invention, its specific implementation, structure, features and effects will be given with reference to the accompanying drawings and preferred embodiments. In the following description, the different references to "one embodiment" or "another embodiment" do not necessarily refer to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following describes a specific scheme of the network security authentication method for a distributed system in detail with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a network security authentication method for a distributed system according to an embodiment of the present invention is shown, where the method includes:
step S1: converting the sending data of the sending end into a matrix form to obtain a data matrix; and obtaining a first LBP characteristic descriptor of each position in the data matrix to form an LBP characteristic matrix.
Referring to fig. 2, which shows a schematic diagram of a conventional information verification method according to an embodiment of the present invention, a sending end 101 sends sending information and a generated information digest to a receiving end 102, the receiving end 102 still generates a corresponding information digest according to the received information, and determines whether tampering occurs during transmission by comparing the information digests. However, the comparison of the message digests only can determine whether the message is tampered, and the location and the degree of tampering of the message cannot be determined.
It should be noted that the common information digest is a 128-bit digest or a 160-bit digest generated by MD5 and SHA, and in the embodiment of the present invention, all digest formation methods are the same, and an appropriate digest generation method may be selected according to a specific data type, which is not limited herein.
In order to avoid the defect caused by only comparing the information summaries, before the information summary is formed at the sending end, the sending data is converted into a matrix form to obtain a data matrix. The data is converted into a form, so that subsequent feature extraction and data processing can be facilitated.
It should be noted that, in the matrix format conversion, the data matrix should be sized to contain the original data while ensuring the minimum free position as much as possible. In the embodiment of the invention, the element number in the original data is rounded down to obtain the length of the data matrix, and the original data is sequentially arranged according to the length of the data matrix to obtain the final data matrix. For example, the original data is data composed of 100 elements, the length of the data feature matrix is 10, and a 10 × 10 data matrix is formed after arrangement; if the element of the original data is 101, a 10 × 11 data matrix is formed after arrangement, the element value at the vacant position is set to be 0, and the method is used in the subsequent matrix form conversion process.
The LBP characteristic operator has the advantages of simple calculation, good effect and small data quantity, because the sending data is converted into a matrix form, the LBP characteristic operator is also suitable for the data matrix, and the first LBP characteristic descriptor of each position in the data matrix can be obtained to form the LBP characteristic matrix. The texture feature of the image expressed by the LBP feature, namely the feature with obvious gray level change in the image, is applied to the data matrix, namely the feature with obvious data change, so that the effective and strong-referential independent factor is extracted in the subsequent steps by the processing of the LBP feature.
It should be noted that the LBP feature is obtained by a technique known to those skilled in the art, and is not described herein.
Step S2: extracting row data characteristics of each row of the LBP characteristic matrix, wherein the row data characteristics form a column vector; extracting independent factor vectors of the column vectors by using a factor analysis algorithm; selecting K elements with the largest occurrence frequency of element values in the independent factor vector as independent component maximum elements; k is a positive integer; taking a row vector corresponding to the independent component maximum element in the LBP characteristic matrix as an initial row vector; and classifying other line vectors according to the independent component maximum element value corresponding to the initial line vector and the positions of the other line vectors to obtain a plurality of line data categories.
Since the object of the factor analysis algorithm is a column vector, the data of each row of the LBP feature matrix needs to be compressed into one-dimensional data. Therefore, it is necessary to extract the row data feature of each row of the LBP feature matrix first, and form a column vector by using the row data feature. The method for specifically obtaining the line data characteristics comprises the following steps:
and converting the row data of each row of the LBP characteristic matrix into a matrix form to obtain a row data matrix. Because the LBP characteristics of the matrix at different angles are different, the LBP characteristics of the row data matrix at different angles are extracted to obtain a plurality of second LBP characteristic descriptors, and the largest second LBP characteristic descriptor is used as the row data characteristic of the corresponding row data.
Preferably, the method for obtaining the second LBP feature descriptor under an angle specifically includes:
and if the length and the width of the row data matrix are the same and are all the nth power of 3, and n is a positive integer greater than or equal to 2, obtaining a second LBP feature descriptor of the row data matrix by using a nested LBP extraction method. And otherwise, obtaining the minimum value of the length and the width in the row data matrix, selecting the nth power of 3 which is closest to the minimum value and not more than the minimum value as the length and the width of the feature extraction sliding window, sliding the feature extraction sliding window in the row data matrix, obtaining a third LBP feature descriptor in the feature extraction sliding window through a nested LBP extraction method in each sliding process, and taking the maximum third LBP feature descriptor as a second feature descriptor.
The nested LBP extraction method comprises the following steps: a fourth LBP feature descriptor for the central 3*3 region and a fourth LBP feature descriptor for its surrounding 3*3 region are obtained, a matrix of size 3*3 is obtained that is made up of the fourth LBP feature descriptors, and a fifth LBP feature descriptor for the matrix is obtained. And continuously nesting until the row data matrix is converted into a 3*3 matrix formed by LBP feature descriptors to obtain the LBP features of the matrix, thereby completing the nested LBP extraction method.
A preferred method of obtaining the second LBP signature is illustrated here:
(1) If the size of the column data matrix is 9*9, the length and width are the same and are all powers of 3 to the power of 2. The row data matrix is processed by a nested LBP extraction method, a 9*9 matrix is composed of 9 3*3 matrixes, so that a 3*3 matrix composed of the fourth LBP feature descriptor is formed by a fourth LBP feature descriptor obtained from a central 3*3 area and fourth LBP feature descriptors obtained from other 3*3 areas, and a fifth LBP feature descriptor of the matrix is obtained, and the fifth LBP feature descriptor is the LBP feature obtained by the final nested LBP extraction method because all areas of the row data matrix are calculated at the moment.
(2) If the size of the row data matrix is 27 × 27, then the nesting is continued on the basis of 9*9 to obtain a 3*3 matrix formed by the fifth LBP feature descriptor, and the LBP feature descriptor of the matrix is obtained to complete the nested LBP extraction method.
(3) If the size of the row data matrix is 9 × 10, the minimum value 9 in the length and width is obtained, the nth power of 3 closest to 3 and not greater than 3 is 9, so that the feature extraction sliding window size is 9*9, that is, the feature extraction sliding window slides twice on the row data matrix, a third LBP feature descriptor in the feature extraction sliding window is obtained by using a nested LBP extraction method, and the maximum third LBP feature descriptor is used as the second feature descriptor of the row data matrix.
Independent factor vectors in the column vectors can be extracted by using a factor analysis algorithm. It should be noted that the factor analysis algorithm is a technical means well known to those skilled in the art, and the basic principle is as follows: and (3) regarding the original data as the sum of a linear function of the common factor and the special factor, and obtaining the special factor, namely the independent factor vector, by solving.
The independent factor vector can represent the particularity of a position in the column vector, because each element of the column vector represents one row in the LBP feature matrix, and therefore, the element in the independent factor vector can represent the uniqueness of each row of information in the LBP feature matrix, and the larger the value of the corresponding element of each row, the stronger the uniqueness of the row is, and the greater the importance of the row of information is. However, it is not reliable to analyze only the element values in the independent factor vectors, and although the specific information has specificity, the regular distribution needs to be satisfied in the data, otherwise, the abnormal data may be abrupt. Therefore, the elements in the independent factor vectors need to be further screened according to the distribution characteristics of the elements in the independent factor vectors, K elements with the largest frequency of occurrence of the element values in the independent factor vectors are selected as independent component large elements, K is a positive integer, and the independent component large elements are selected, so that the subsequent classification process has higher referential performance, the data can be divided into a plurality of data categories, and the subsequent abnormal data can be conveniently positioned. The specific screening process comprises the following steps:
and (5) counting elements in the independent factor vector to construct a histogram. The abscissa of the histogram is the element value, and the ordinate is the number of occurrences. And obtaining the occurrence frequency threshold value by utilizing an Otsu threshold segmentation algorithm. And taking the element corresponding to the occurrence frequency larger than the occurrence frequency threshold value as an initial independent component maximum element.
And if the number of the initial independent component maximum elements is less than or equal to K, taking all the initial independent component maximum elements as independent component maximum elements. And if the number of the initial independent component maximum elements is larger than K, selecting the K with the largest number of times as the independent component maximum elements.
Each independent component maximum element corresponds to one row of data in the LBP feature matrix, which can be regarded as a matrix formed by a plurality of row vectors. Therefore, the row vector corresponding to the independent component maximum element in the LBP characteristic matrix is used as an initial row vector, and other row vectors are classified according to the independent component maximum element value corresponding to the initial row vector and the positions of the other row vectors. Obtaining a plurality of line data categories, specifically comprising:
and obtaining the row number difference absolute value of the initial row vector and other row vectors. And taking the ratio of the maximum element value of the independent component corresponding to the initial row vector to the absolute value of the difference of the row number as the attribution rate of other row vectors to the initial row vector. That is, the closer the initial row vector is, and the larger the independent component maximum element value corresponding to the initial row vector is, the larger the attribution rate is, wherein the larger the independent component maximum element value is, the stronger the uniqueness of the data of the row in the whole data is.
And taking the initial row vector corresponding to the maximum attribution rate of the other row vectors as the category center of the other row vectors to obtain the row data category.
And step S3: a transmission data tree structure of transmission data is constructed.
Referring to fig. 3, a diagram of a sending data tree structure according to an embodiment of the present invention is shown. And taking the full-text information abstract of the sending data as a root node of a first layer of a sending data tree structure. And integrating data corresponding to all initial row vectors in the transmitted data to obtain first integrated data. And integrating data corresponding to all other row vectors in the transmitted data to obtain second integrated data. And respectively taking the first integrated data abstract and the second integrated data abstract as tree nodes of a second layer of the sending data tree structure, namely the second layer has two tree nodes, and father nodes are root nodes of the first layer. And integrating the corresponding data in each row of data category in the transmitted data respectively to obtain third integrated data. And taking the third integrated data abstract as a tree node of a third layer of the sending data tree structure, wherein the corresponding father node is a tree node of a second layer corresponding to the first integrated data, namely the number of the tree nodes of the third layer is the number of the data types. And integrating data corresponding to all other row vectors in each row of data category in the transmitted data respectively to obtain fourth integrated data. And taking the fourth integrated data abstract and the data abstract corresponding to the initial row vector as tree nodes of a fourth layer of the sending data tree structure, wherein the corresponding father nodes are tree nodes of a third layer corresponding to third integrated data of the same row data type.
In the embodiment of the invention, during data integration, the data corresponding to each row vector is sequentially arranged according to the arithmetic coding value to realize data integration, and in the tree structure, the tree nodes in the third layer are sequentially arranged according to the arithmetic coding value of the abstract.
And step S4: obtaining a receiving data tree structure of receiving data of a receiving end; comparing the receiving data tree structure with the sending data tree structure layer by layer; if the comparison is not abnormal, the safety authentication is successful; and if the comparison is abnormal, determining the position of the abnormal information according to the abnormal tree node.
In the data transmission process, partial data may be tampered, but because the abstract data is the encoded data which is formed after the encoding processing and has a low data volume and is relatively stable, the safety of the abstract data is higher, the abstract data does not need to be tampered in the transmission process, therefore, a receiving data tree structure can be built at a receiving end according to the information in the receiving data by the same method, whether the receiving data tree structure is abnormal or not can be judged by comparing the receiving data tree structure with a sending data tree structure layer by layer, namely if the comparison is not abnormal, the safety authentication is successful; and if the comparison is abnormal, determining the position of the abnormal information according to the abnormal tree node. The specific layer-by-layer comparison process comprises the following steps:
(1) And comparing root nodes of the first layer of the two tree structures, wherein the root nodes represent full text abstracts of the data, and if the two root nodes are the same, the sent data is not tampered in the transmission process and can directly pass the security authentication.
If the root nodes are different, it is indicated that the sent data is tampered, and comparison is carried out on the next layer.
(2) Comparing each tree node of the second layer of the two tree structures, because the root node is abnormal in comparison, which indicates that tampering must occur in the data, the second layer must be abnormal. If only one of the first integrated data abstract and the second integrated data abstract in the second layer is different, it is indicated that the data at this time may have an abnormality of data corresponding to other row vectors or an abnormality of data corresponding to the initial row vector, so that the row data type corresponding to the abnormal data can be determined only by comparing nodes in the third layer, thereby determining the position of the abnormal data, and obtaining the data abnormality degree according to the number of abnormal tree nodes in the third layer; if the tree nodes in the second layer of the two tree structures are different, the data are indicated to have the abnormality of the data corresponding to other row vectors and the abnormality of the data corresponding to the initial row vector at the same time, the third layer and the fourth layer are continuously compared, the position of the abnormal data is determined according to the abnormal tree nodes in the fourth layer, the abnormal positioning is realized, and similarly, the data abnormality degree can be determined according to the number of the abnormal tree nodes.
The receiving end can choose to intercept the normal data part or reject the whole received data through the safety verification, and resend the data request to the sending end to resend the data transmission. If the data is high in abnormal degree, the malicious attack is violent in the transmission process, the receiving end can conduct safety verification for multiple times, the normal data part is reserved in each safety verification, and complete, real and safe data information is obtained through multiple safety verifications.
In summary, in the embodiments of the present invention, the sending data is converted into the matrix form to extract the characteristics of the matrix, the row vector with a higher referential property is screened out as the initial row vector according to the characteristics, and the row data of each row of the data matrix is classified according to the initial row vector to obtain the row data category. And constructing a sending data tree structure according to the data abstract and the full-text data abstract corresponding to the line data type and the initial line vector, obtaining a receiving data tree structure of the received data by a receiving end by adopting the same method, and determining the position of abnormal data by comparing the two tree structures layer by layer. The embodiment of the invention realizes the abnormal positioning of the data by changing the data storage mode and establishing and comparing the tree structure.
It should be noted that: the precedence order of the above embodiments of the present invention is only for description, and does not represent the merits of the embodiments. The processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (1)

1. A network security authentication method for a distributed system, the method comprising:
converting the sending data of the sending end into a matrix form to obtain a data matrix; obtaining a first LBP characteristic descriptor of each position in the data matrix to form an LBP characteristic matrix;
extracting row data characteristics of each row of the LBP characteristic matrix, wherein the row data characteristics form a column vector; extracting independent factor vectors of the column vectors by using a factor analysis algorithm; selecting K elements with the largest frequency of occurrence of the element values in the independent factor vector as independent component maximum elements; k is a positive integer; taking a row vector corresponding to the independent component maximum element in the LBP feature matrix as an initial row vector; classifying the other row vectors according to the independent component maximum element values corresponding to the initial row vectors and the positions of the other row vectors to obtain a plurality of row data categories;
taking the full-text information abstract of the sending data as a root node of a first layer of a sending data tree structure; integrating data corresponding to all the initial row vectors in the sending data to obtain first integrated data; integrating data corresponding to all the other row vectors in the transmitted data to obtain second integrated data; respectively taking the first integrated data abstract and the second integrated data abstract as tree nodes of a second layer of the transmission data tree structure; integrating corresponding data in each row of data category in the sending data respectively to obtain third integrated data; taking the third integrated data abstract as a tree node of a third layer of the sending data tree structure, and taking a corresponding father node as a tree node of a second layer corresponding to the first integrated data; integrating data corresponding to all the other row vectors in each row of data category in the transmitted data respectively to obtain fourth integrated data; taking a fourth integrated data abstract and a data abstract corresponding to the initial row vector as tree nodes of a fourth layer of the sending data tree structure, wherein corresponding father nodes are tree nodes of a third layer corresponding to the third integrated data of the same row data type;
obtaining a receiving data tree structure of receiving data of a receiving end; comparing the receiving data tree structure with the sending data tree structure layer by layer; if the comparison is not abnormal, the safety authentication is successful; if the comparison is abnormal, determining the position of the abnormal information according to the abnormal tree node;
the extracting of the row data feature of each row of the LBP feature matrix comprises:
converting the row data of each row of the LBP characteristic matrix into a matrix form to obtain a row data matrix; performing LBP feature extraction on the row data matrix at different angles to obtain a plurality of second LBP feature descriptors, and taking the largest second LBP feature descriptor as the row data feature of the corresponding row data;
the method for obtaining the second LBP feature descriptor comprises:
if the length and the width of the row data matrix are the same and are all the nth power of 3, and n is a positive integer greater than or equal to 2, obtaining the second LBP feature descriptor of the row data matrix by using a nested LBP extraction method; otherwise, obtaining a minimum value of the length and the width in the row data matrix, selecting an nth power which is closest to the minimum value and is not more than 3 of the minimum value as the length and the width of a feature extraction sliding window, wherein the feature extraction sliding window slides in the row data matrix, a third LBP feature descriptor in the feature extraction sliding window is obtained through the nested LBP extraction method during each sliding, and a maximum third LBP feature descriptor is used as the second feature descriptor;
the nested LBP extraction method comprises the following steps: obtaining a fourth LBP feature descriptor of a central 3*3 area and the fourth LBP feature descriptor of a 3*3 area surrounding the fourth LBP feature descriptor, obtaining a matrix of size 3*3 formed by the fourth LBP feature descriptor, and obtaining a fifth LBP feature descriptor of the matrix; continuously nesting until the row data matrix is converted into a 3*3 matrix formed by LBP feature descriptors to obtain the LBP features of the matrix, and finishing the nested LBP extraction method;
the selecting K elements with the largest occurrence frequency of the element values in the independent factor vector as the independent component maximum elements comprises the following steps:
counting elements in the independent factor vector to construct a histogram; the horizontal coordinate of the histogram is an element value, and the vertical coordinate is the occurrence frequency; obtaining an occurrence frequency threshold value by utilizing an Otsu threshold segmentation algorithm; taking the element corresponding to the occurrence times larger than the occurrence time threshold value as an initial independent component maximum element;
if the number of the initial independent component maximum elements is less than or equal to K, taking all the initial independent component maximum elements as the independent component maximum elements; if the number of the initial independent component maximum elements is larger than K, selecting K with the largest occurrence frequency as the independent component maximum elements;
the classifying the other row vectors according to the independent component maximum element values corresponding to the initial row vector and the positions of the other row vectors to obtain a plurality of row data categories comprises:
obtaining the row number difference absolute value of the initial row vector and the other row vectors; taking the ratio of the maximum element value of the independent component corresponding to the initial row vector to the absolute value of the difference of the row number as the attribution rate of the other row vectors to the initial row vector; and the initial row vector corresponding to the maximum attribution rate of the other row vectors is used as the category center of the other row vectors to obtain the row data category.
CN202210746426.6A 2022-06-28 2022-06-28 Network security authentication method of distributed system Active CN115065543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210746426.6A CN115065543B (en) 2022-06-28 2022-06-28 Network security authentication method of distributed system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210746426.6A CN115065543B (en) 2022-06-28 2022-06-28 Network security authentication method of distributed system

Publications (2)

Publication Number Publication Date
CN115065543A CN115065543A (en) 2022-09-16
CN115065543B true CN115065543B (en) 2023-04-18

Family

ID=83203577

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210746426.6A Active CN115065543B (en) 2022-06-28 2022-06-28 Network security authentication method of distributed system

Country Status (1)

Country Link
CN (1) CN115065543B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5891409B2 (en) * 2012-01-12 2016-03-23 パナソニックIpマネジメント株式会社 Feature extraction device, feature extraction method, and feature extraction program
CN106127114A (en) * 2016-06-16 2016-11-16 北京数智源科技股份有限公司 Intelligent video analysis method
CN112579823B (en) * 2020-12-28 2022-06-24 山东师范大学 Video abstract generation method and system based on feature fusion and incremental sliding window

Also Published As

Publication number Publication date
CN115065543A (en) 2022-09-16

Similar Documents

Publication Publication Date Title
CN108768986B (en) Encrypted traffic classification method, server and computer readable storage medium
Xie et al. Approximate image message authentication codes
Lerch-Hostalot et al. LSB matching steganalysis based on patterns of pixel differences and random embedding
Singh et al. Fast and efficient region duplication detection in digital images using sub-blocking method
CN109446804B (en) Intrusion detection method based on multi-scale feature connection convolutional neural network
Hou et al. Reversible data hiding based on multiple histograms modification and deep neural networks
CN110751591B (en) Self-adaptive color image steganography method based on fuzzy inference system
Naik et al. A ransomware detection method using fuzzy hashing for mitigating the risk of occlusion of information systems
Wang et al. Double compression detection based on feature fusion
CN116389170B (en) Network information security management method
CN114372530A (en) Abnormal flow detection method and system based on deep self-coding convolutional network
Yang et al. A Novel Universal Steganalysis Algorithm Based on the IQM and the SRM.
CN115065543B (en) Network security authentication method of distributed system
CN114598514A (en) Industrial control threat detection method and device
Hong et al. Hybrid feature selection for efficient detection of DDoS attacks in IoT
CN110889467A (en) Company name matching method and device, terminal equipment and storage medium
CN115913764A (en) Malicious domain name training data generation method based on generation of countermeasure network
CN114401116B (en) Trusted data transmission method based on HK-Means and security detection
Ma et al. A Novel Reversible Watermarking Scheme for Relational Databases Protection Based on Histogram Shifting.
CN111586052B (en) Multi-level-based crowd sourcing contract abnormal transaction identification method and identification system
Barni et al. Dealing with uncertainty in image forensics: A fuzzy approach
CN114362988A (en) Network traffic identification method and device
CN113672932A (en) Electric power Internet of things intelligent terminal trusted computing trust value obtaining method based on self-adaptive entropy value weight
Tang et al. Reversible data hiding based on improved block selection strategy and pixel value ordering
Zhao et al. Detecting double compressed JPEG images by using moment features of mode based DCT histograms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230331

Address after: 100000 West Side of 2nd Floor, Building 4, Zone 1, Shangdi Dongli, Haidian District, Beijing

Applicant after: Beijing Oriental Jinghai Electronic Technology Co.,Ltd.

Address before: Room 2502-2503, Block C, Tuoji Plaza, No. 689, Changjiang West Road, High-tech Zone, Hefei City, Anhui Province, 230000

Applicant before: Hefei Chuyun Information Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant