CN115270164B - Method for monitoring transmission data safety based on micro-service architecture - Google Patents

Method for monitoring transmission data safety based on micro-service architecture Download PDF

Info

Publication number
CN115270164B
CN115270164B CN202211186214.3A CN202211186214A CN115270164B CN 115270164 B CN115270164 B CN 115270164B CN 202211186214 A CN202211186214 A CN 202211186214A CN 115270164 B CN115270164 B CN 115270164B
Authority
CN
China
Prior art keywords
data
key node
binary image
black pixel
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211186214.3A
Other languages
Chinese (zh)
Other versions
CN115270164A (en
Inventor
葛平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiazhuo Intelligent Technology Nantong Co ltd
Original Assignee
Jiazhuo Intelligent Technology Nantong Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiazhuo Intelligent Technology Nantong Co ltd filed Critical Jiazhuo Intelligent Technology Nantong Co ltd
Priority to CN202211186214.3A priority Critical patent/CN115270164B/en
Publication of CN115270164A publication Critical patent/CN115270164A/en
Application granted granted Critical
Publication of CN115270164B publication Critical patent/CN115270164B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/20Image preprocessing
    • G06V10/26Segmentation of patterns in the image field; Cutting or merging of image elements to establish the pattern region, e.g. clustering-based techniques; Detection of occlusion
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/20Image preprocessing
    • G06V10/28Quantising the image, e.g. histogram thresholding for discrimination between background and foreground patterns
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Image Processing (AREA)

Abstract

The invention relates to a method for monitoring transmission data safety based on a micro-service architecture, belonging to the technical field of wireless communication networks. This method belongs to a method of detecting access security or fraud, for example checking user identity or rights. The method comprises the following steps: the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating corresponding key node data, black pixel point data and abstract data, and forming encrypted data; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; and the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the sending end micro-service has potential safety hazard if the decoded data is abnormal. The invention realizes the safety monitoring of the transmission data in the micro-service.

Description

Method for monitoring transmission data safety based on micro-service architecture
Technical Field
The invention relates to the technical field of wireless communication networks, in particular to a method for monitoring the safety of transmission data based on a micro-service architecture.
Background
Due to the adoption of the micro-service architecture, the problems of long development period, difficulty in maintenance and the like of the traditional system are well solved. However, a software system based on a micro-service architecture is composed of a plurality of fine-grained services, and complex system internal communication easily introduces more security problems, for example, when each micro-service is deployed in a relatively open shared operating environment, the security of transmission data in each micro-service cannot be guaranteed. How to realize the safety monitoring of the transmission data in each microservice is necessary.
Disclosure of Invention
In order to realize the safety monitoring of transmission data in each micro service, the invention aims to provide a method for safety monitoring of transmission data based on a micro service architecture, which comprises the following steps:
the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree greater than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the abstract data is a result of Hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
and the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the sending end micro-service has potential safety hazard if the decoded data is abnormal.
Further, the method for calculating the importance degree comprises the following steps:
calculating the importance degree of each black pixel point by using the following formula:
Figure 100002_DEST_PATH_IMAGE002
in the formula (I), the compound is shown in the specification,
Figure 100002_DEST_PATH_IMAGE003
representing black pixels
Figure 100002_DEST_PATH_IMAGE004
To the degree of importance of (a) the,
Figure 100002_DEST_PATH_IMAGE005
representing over-black pixels
Figure 352058DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the x-axis,
Figure 100002_DEST_PATH_IMAGE006
representing over-black pixels
Figure 564733DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the y-axis,
Figure 100002_DEST_PATH_IMAGE007
indicating over-black pixels
Figure 487559DEST_PATH_IMAGE004
And has an included angle with the x-axis of
Figure 100002_DEST_PATH_IMAGE008
The number of black pixel points on the straight line of (1),
Figure 100002_DEST_PATH_IMAGE009
indicating over-black pixels
Figure 497296DEST_PATH_IMAGE004
The number of pixel points on all the straight lines.
Further, the calculation formula of the key node segmentation threshold is as follows:
Figure 100002_DEST_PATH_IMAGE011
in the formula (I), the compound is shown in the specification,
Figure 100002_DEST_PATH_IMAGE012
represents the key node segmentation threshold value(s),
Figure 100002_DEST_PATH_IMAGE013
the importance of the ith black pixel point in the binary image,
Figure 100002_DEST_PATH_IMAGE014
the number of lines representing the binary image,
Figure DEST_PATH_IMAGE015
and S represents the number of the black pixel points in the binary image.
Further, the method for calculating the degree of dispersion corresponding to each key node includes:
calculating the dispersion degree corresponding to each key node by using the following formula:
Figure 100002_DEST_PATH_IMAGE017
in the formula (I), the compound is shown in the specification,
Figure 100002_DEST_PATH_IMAGE019
indicating the degree of dispersion corresponding to a certain key node,
Figure DEST_PATH_IMAGE021
the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,
Figure DEST_PATH_IMAGE023
represents the vector modulo length of the key node corresponding to the v +1 th black pixel point in the window centered on it,
Figure DEST_PATH_IMAGE025
is composed of
Figure DEST_PATH_IMAGE027
The included angle between the X-axis and the X-axis,
Figure DEST_PATH_IMAGE029
and p represents the number of black pixel points in the window taking the key node as the center.
Further, the method for calculating the size of the window includes:
performing convex hull detection on key nodes in the binary image, acquiring J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull:
Figure DEST_PATH_IMAGE031
Figure DEST_PATH_IMAGE033
in the formula (I), the compound is shown in the specification,
Figure 100002_DEST_PATH_IMAGE034
the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,
Figure DEST_PATH_IMAGE035
the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a)
Figure 100002_DEST_PATH_IMAGE036
Figure DEST_PATH_IMAGE037
) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (
Figure 100002_DEST_PATH_IMAGE038
Figure 100002_DEST_PATH_IMAGE039
) The coordinates of the o-th black pixel point outside the convex hull are represented, and o =1,2, …, Q is the number of the black pixel points outside the convex hull;
the size of the calculation window is:
Figure 100002_DEST_PATH_IMAGE041
in the formula (I), the compound is shown in the specification,
Figure 100002_DEST_PATH_IMAGE042
the side length of the window is represented,
Figure 100002_DEST_PATH_IMAGE043
represents the aboveA maximum of the lateral distance and the longitudinal distance.
Further, the encrypted data = key node data + black pixel data + summary data.
Further, the calculation process of the sparse information comprises:
taking the discrete degree corresponding to each key node in the binary image as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is an optional discrete degree; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is less than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the discrete degrees corresponding to all the key nodes according to the position precedence relationship corresponding to all the key nodes, and obtaining a discrete degree sequence after arrangement
Figure 100002_DEST_PATH_IMAGE044
As sparse information corresponding to the binary image, wherein,
Figure DEST_PATH_IMAGE045
indicating the degree of dispersion corresponding to the 1 st key node,
Figure 100002_DEST_PATH_IMAGE046
indicating the degree of dispersion corresponding to the 2 nd key node,
Figure 100002_DEST_PATH_IMAGE047
indicating the degree of dispersion corresponding to the q-1 key node,
Figure 100002_DEST_PATH_IMAGE048
and expressing the discrete degree corresponding to the qth key node, wherein q is the number of key nodes in the binary image.
The invention has the beneficial effects that: the method comprises the steps of converting data to be transmitted of micro-service at a transmitting end into a binary image, and analyzing the binary image to construct encrypted data, wherein the encrypted data consists of key node data, black pixel point data and abstract data corresponding to the binary image; the sending end micro-service sends the encrypted data to the receiving end micro-service, and the receiving end micro-service can judge whether the sending end micro-service has potential safety hazards according to whether the decoded data is abnormal or not; the invention provides a safe and reliable data encryption process, which increases the difficulty of counterfeiting the micro-service identity of the sending end, further can judge that the micro-service identity of the sending end is not counterfeited when the current decoded data is not abnormal, and judge that the micro-service identity of the sending end is counterfeited when the current decoded data is abnormal, thereby achieving the purpose of carrying out safe monitoring on the transmission data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for monitoring transmission data security based on micro-service architecture according to the present invention.
Detailed Description
For further explanation of the present invention, the following detailed description is provided with reference to the drawings and preferred embodiments.
In order to implement security monitoring on transmission data in each microservice, as shown in fig. 1, the method for security monitoring on transmission data based on a microservice architecture of the present embodiment includes the following steps:
step 1, a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree greater than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the summary data is a result of hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
the sending end microservice of the embodiment internally comprises a data acquisition module, an encryption module and a data sending module, wherein the encryption module is used for encrypting data to be transmitted acquired by the acquisition module and obtaining encrypted data after encryption; and the data sending module is used for sending the encrypted data to the receiving end micro-service. The process of encrypting the data to be transmitted by the encryption module is crucial, and the encryption process of this embodiment will be described in detail next.
Data to be transmitted of microservices is often one-dimensional time series data, and when the time series data is operated, because the change condition of the transmitted data is large, the randomness is high, and an encryption method with strong robustness is difficult to obtain, the data to be transmitted is segmented to obtain a plurality of pieces of transmitted data with preset sizes, and each piece of transmitted data with preset sizes is converted into corresponding binary coded data; for each binary coded data, dividing the binary coded data into M binary (0,1) digit strings with the length of N, and arranging the M divided digit strings according to the dividing sequence to obtain the binary coded data with the size of N
Figure DEST_PATH_IMAGE049
The two-dimensional data matrix of (2) converts the two-dimensional data matrix into a binary image, namely, a number 1 in the matrix is represented by a black pixel point, and a number 0 in the matrix is represented by a white pixel point.
Therefore, the data to be transmitted can be converted into a plurality of corresponding binary images, the number of the binary images to be specifically converted is related to the size of the data to be transmitted, and the larger the size of the data to be transmitted is, the more the number of the binary images obtained through conversion is. In this embodiment, the size of the data to be transmitted and the preset size are measured by the number of bytes. Next, the following processing will be described by taking a binary image as an example.
The binary image has a plurality of black pixel points with the value of 1, the importance degree of the points at different coordinate positions is different, and one black pixel point is selected
Figure 284949DEST_PATH_IMAGE004
The more black pixels are contained in the straight line, the more black pixels are shown
Figure 215996DEST_PATH_IMAGE004
The more important the black pixel point is, the more the black pixel point needs to be considered preferentially in the subsequent encryption and decoding
Figure 422855DEST_PATH_IMAGE004
(ii) a The embodiment is based on the over-black pixel points
Figure 97550DEST_PATH_IMAGE004
The number of black pixels contained in the straight line calculates the number of the black pixels
Figure 807886DEST_PATH_IMAGE004
According to the importance of the black pixel
Figure 568556DEST_PATH_IMAGE004
Judging black pixel point according to the importance degree
Figure 747865DEST_PATH_IMAGE004
Whether it is a critical node. The following describes the determination process of the key node in detail:
with black pixel
Figure 475518DEST_PATH_IMAGE004
As a reference point, a reference point is obtained
Figure 56672DEST_PATH_IMAGE004
The correlation straight line is a cross reference point
Figure 844369DEST_PATH_IMAGE004
And the straight line parallel to the x and y axes and the included angle with the x axis are
Figure 510973DEST_PATH_IMAGE008
The straight lines at other angles are not beneficial to calculation because the straight lines at other angles can segment other black pixel points, so that the straight lines at other angles of the black pixel point a are not considered for obtaining the accuracy of the importance degree and shortening the calculation time. This embodiment calculates black pixels by collinear relationship
Figure 42318DEST_PATH_IMAGE004
The more the number of the black pixel points on the straight line passing through the reference point is, the higher the importance degree of the reference point is, and a formula for calculating the importance degree of each black pixel point is as follows:
Figure 477978DEST_PATH_IMAGE002
in the formula (I), the compound is shown in the specification,
Figure 580451DEST_PATH_IMAGE003
representing black pixels
Figure 718040DEST_PATH_IMAGE004
To the degree of importance of (a) the,
Figure 803808DEST_PATH_IMAGE005
indicating over-black pixels
Figure 343242DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the x-axis,
Figure 489053DEST_PATH_IMAGE006
indicating over-black pixels
Figure 520463DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the y-axis,
Figure 396539DEST_PATH_IMAGE007
representing over-black pixels
Figure 72371DEST_PATH_IMAGE004
And has an included angle with the x-axis of
Figure 638351DEST_PATH_IMAGE008
The number of black pixel points on the straight line of (1),
Figure 891478DEST_PATH_IMAGE009
indicating over-black pixels
Figure 53469DEST_PATH_IMAGE004
The number of pixels on all the straight lines (the total number of black pixels and white pixels).
In this embodiment, the key node is screened according to the key node segmentation threshold, and the method for calculating the key node segmentation threshold includes:
Figure 567496DEST_PATH_IMAGE011
in the formula (I), the compound is shown in the specification,
Figure 789529DEST_PATH_IMAGE012
represents the key node segmentation threshold value(s),
Figure 934814DEST_PATH_IMAGE013
the importance of the ith black pixel point in the binary image,
Figure DEST_PATH_IMAGE050
representing the size of the binary image, S representing the number of black pixel points in the binary image,
Figure DEST_PATH_IMAGE051
the proportion of black pixels in the binary image is represented, the higher the proportion is, the more the black pixels with the median of 1 in the binary image are, the more the black pixels on the straight line are, and the segmentation threshold of the importance degree is larger at the moment. The key node segmentation threshold value is initially taken as a key node segmentation threshold value by using the average value of the importance degrees of all the reference points a, in order to control the number of key nodes and avoid the problems of large number of key nodes caused by large number of black pixels with the median of 1 in an image and low cooperation speed caused by large storage amount of subsequent data, the key node segmentation threshold value is adjusted according to the proportion of the black pixels in the image, the larger the proportion of the black pixels in the image is, the larger the key node segmentation threshold value is, and therefore the number of the key nodes is controlled.
After the key node segmentation threshold is obtained, whether each black pixel point is the key node is judged, and this embodiment will
Figure DEST_PATH_IMAGE052
The black pixel point is marked as a key node, so that the coordinates of all key nodes can be obtained, and the form is as follows:
Figure DEST_PATH_IMAGE053
Figure DEST_PATH_IMAGE054
the number of key nodes in the binary image and the corresponding importance degree of the key nodes meet the requirements. And using the number of the key nodes and the coordinates of each key point for later-stage construction of encrypted data.
In this embodiment, the encrypted data has 3 parts, including summary data in addition to the key node data (the number of key nodes in the binary image and the coordinates of each key point) and the black pixel data (the number of black pixels in each column in the binary image, excluding the key nodes), and the summary data calculation process will be described below:
establishing a self-adaptive window, the size L of the window is determined according to the following process in this embodiment, and the specific process is as follows: firstly, performing convex hull detection on key nodes to obtain J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull, namely:
Figure 870802DEST_PATH_IMAGE031
Figure 770494DEST_PATH_IMAGE033
in the formula (I), the compound is shown in the specification,
Figure 553642DEST_PATH_IMAGE034
the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,
Figure 656727DEST_PATH_IMAGE035
the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a)
Figure 675368DEST_PATH_IMAGE036
Figure 307862DEST_PATH_IMAGE037
) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (
Figure 871698DEST_PATH_IMAGE038
Figure 976927DEST_PATH_IMAGE039
) And coordinates of the o-th black pixel point outside the convex hull are represented, and o =1,2, …, Q and Q are the number of the black pixel points outside the convex hull. Calculate to obtain a plurality of
Figure 940203DEST_PATH_IMAGE034
Figure 34061DEST_PATH_IMAGE035
A plurality of values of (A) are selected
Figure 424591DEST_PATH_IMAGE034
Figure 20045DEST_PATH_IMAGE035
Of the values of (1)
Figure 521434DEST_PATH_IMAGE043
Then the window size is:
Figure 735377DEST_PATH_IMAGE041
in the formula (I), the compound is shown in the specification,
Figure 155863DEST_PATH_IMAGE042
the side length of the adaptive window is indicated,
Figure 455258DEST_PATH_IMAGE043
the maximum of the lateral distance and the longitudinal distance is indicated.
Calculating the discrete degree corresponding to each key node, namely establishing the discrete degree by taking each key node as a central point
Figure DEST_PATH_IMAGE055
A window of size, obtaining the corresponding vector modular length of the key node in the corresponding window and the corresponding black pixel point in the window
Figure DEST_PATH_IMAGE056
Sum vector
Figure DEST_PATH_IMAGE057
Angle with the X-axis
Figure DEST_PATH_IMAGE058
Key node and black pixel within windowThe corresponding vector is a vector taking the key node as a starting point and the corresponding black pixel point as an end point, and p binary groups can be obtained
Figure DEST_PATH_IMAGE059
And p is the number of black pixels in the window (excluding the key point as the center point of the sliding window and excluding other key points in the window). In this embodiment, the dispersion degree corresponding to each key node is calculated according to the following formula:
Figure DEST_PATH_IMAGE060
in the formula (I), the compound is shown in the specification,
Figure 174384DEST_PATH_IMAGE019
indicating the degree of dispersion corresponding to a certain key node,
Figure 508414DEST_PATH_IMAGE021
the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,
Figure 240746DEST_PATH_IMAGE023
represents the vector modular length of the key node corresponding to the v +1 th black pixel point in the window taking the key node as the center,
Figure 276704DEST_PATH_IMAGE025
is composed of
Figure 729682DEST_PATH_IMAGE027
The included angle between the X-axis and the X-axis,
Figure 308431DEST_PATH_IMAGE029
p represents the number of the black pixels in the window taking the key node as the center, and the more the dispersion degree of the black pixels in the window is larger, the more the data restoration can be performed according to the window.
According to the discrete degree corresponding to the key node and the number of black pixel points in the window, the description of the distribution information of the binary image can be realized, but because the total area of all windows is far greater than the area of the binary image, the redundancy degree of the obtained discrete degree data is high, the data volume for encrypting the information is as small as possible, and the verification is as fast and convenient as possible, the embodiment also obtains the corresponding sparse summary data according to the importance of the discrete degree, namely, the optimal threshold value is obtained according to the data distribution condition, and the specific method comprises the following steps:
taking the discrete degree corresponding to each key node as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is the optional discrete degree; and if not, judging that the dispersion degree corresponding to the key node is the non-selectable dispersion degree. Thereby, a plurality of selectable degrees of dispersion are possible; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is smaller than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the discrete degrees corresponding to all the key nodes according to the position precedence relationship corresponding to all the key nodes, and obtaining a discrete degree sequence after arrangement
Figure 604808DEST_PATH_IMAGE044
As the sparse information corresponding to the binary image, the sparse information is information converted into binary representation, wherein
Figure 3428DEST_PATH_IMAGE045
Indicating the degree of dispersion corresponding to the 1 st key node,
Figure 791256DEST_PATH_IMAGE048
indicating the degree of dispersion corresponding to the qth key node. The position sequence in this embodiment is: in the first line of the binary imageThe key points are the key points in the second row in the binary image, and the rest is done in the same way; for keypoints in the same row, the keypoints on the left precede the keypoints on the right.
The sparse information corresponding to the binary image is subjected to hash processing, the hash processing can process data with different lengths into data sequences with equal length, in this embodiment, the sparse information corresponding to different binary images has different lengths, and data with the same length can be obtained after the hash processing. The process of the hash processing is the prior art and is not described herein again.
And taking the hashed sparse information as abstract data, and constructing encrypted data according to the abstract data, the key node data and the black pixel data, wherein the encrypted data = the key node data + the black pixel data + the abstract data.
According to the method of the embodiment, firstly, data to be transmitted is converted into a plurality of binary images, and through the hash processing, encrypted data corresponding to each binary image is equal in size, so that the encrypted data corresponding to the data to be transmitted is a combination of the encrypted data with the equal size; when the sending end micro service packs the encrypted data to be transmitted and transmits the packed encrypted data to the receiving end micro service, the receiving end micro service can judge how many binary images the received encrypted data comprises according to the size of the received encrypted data and the size corresponding to one binary image, and then can decode the encrypted data corresponding to each binary image, and finally obtains the data content which the sending end micro service wants to transmit.
And 2, decoding the received encrypted data by the receiving end micro service according to the composition of the encrypted data, judging whether the decoded data is abnormal, and judging that the sending end micro service has potential safety hazards if the decoded data is abnormal.
The receiving end microservice of the embodiment internally comprises a data receiving module, a decoding module and an abnormity judging module, wherein the decoding module is used for decoding the encrypted data received by the data receiving module according to the composition of the encrypted data in the sending end microservice, and the abnormity judging module is used for judging whether the decoded data is abnormal or not and judging that the sending end microservice has potential safety hazards and is possibly invaded when the data is abnormal.
As described above, the receiving end microserver can convert the received encrypted data into encrypted data corresponding to a plurality of binary images, and then take the encrypted data corresponding to one binary image as an example to perform decoding description:
1) Splitting data, namely separating the encrypted data according to corresponding separation marks when the encrypted data are combined, and separating the whole encrypted data into key node data, black pixel point data and summary data;
2) And extracting key node data, wherein the key node data are black pixel points with an important value of 1 in the binary image, and the value of the important position is not changed at all, so that the black pixel points of the subsequent non-important points are recovered on the basis.
3) On the premise of key node data, by combining black pixel data, how many black pixels with the value of 1 are in each row of the binary image except the key nodes can be known.
4) And optimizing and adjusting the positions of the black pixel points except the key nodes, comparing the abstract data, and determining recovery data. Specifically, the fixed base point (i.e., the key node) is obtained, and how many black pixel points (excluding the key node) are known in each row, and then the positions of the black pixel points except the base point are adjusted; through the processing mode, corresponding recovery summary data is obtained. And comparing the abstract data, and when the abstract data are consistent, indicating that the data are restored.
And after the decoding module in the receiving end micro-service decodes the received encrypted data, judging whether the decoded data is abnormal or not, and judging that the sending end micro-service has potential safety hazard and is possibly invaded when the decoded data is abnormal. In specific application, whether the decoded data is abnormal or not can be judged according to a specific application scene, for example, the receiving end micro server can judge whether the currently decoded data is abnormal or not by comparing the currently decoded data with the decoded data when no security problem exists before, or judge whether the currently decoded data is abnormal or not by judging whether the currently decoded data has certain characteristics or not. After the encrypted data is decoded, how to judge that the decoded data is abnormal is the prior art, and details are not repeated here, and the embodiment is mainly used for providing a relatively safe and reliable data encryption process so as to increase the difficulty of forging the micro-service identity of the sending end, so that the micro-service identity of the sending end can be judged not to be forged when the current decoded data is not abnormal, and the micro-service identity of the sending end can be judged to be forged when the current decoded data is abnormal, so that the purpose of carrying out safety monitoring on the transmission data is achieved.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (5)

1. A method for monitoring transmission data safety based on a micro-service architecture is characterized by comprising the following steps:
the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree larger than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the abstract data is a result of Hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the transmitting end micro-service has potential safety hazards if the decoded data is abnormal;
calculating the importance degree of each black pixel point by using the following formula:
Figure DEST_PATH_IMAGE002
in the formula (I), the compound is shown in the specification,
Figure DEST_PATH_IMAGE003
representing black pixels
Figure DEST_PATH_IMAGE004
To the degree of importance of (a) the,
Figure DEST_PATH_IMAGE005
indicating over-black pixels
Figure 124066DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the x-axis,
Figure DEST_PATH_IMAGE006
indicating over-black pixels
Figure 431419DEST_PATH_IMAGE004
And the number of black pixels on a line parallel to the y-axis,
Figure DEST_PATH_IMAGE007
to representOver black pixel point
Figure 604299DEST_PATH_IMAGE004
And has an included angle with the x-axis of
Figure DEST_PATH_IMAGE008
The number of black pixel points on the straight line of (1),
Figure DEST_PATH_IMAGE009
representing over-black pixels
Figure 327404DEST_PATH_IMAGE004
The number of pixel points on all the straight lines;
the calculation process of the sparse information comprises the following steps:
taking the discrete degree corresponding to each key node in the binary image as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is an optional discrete degree; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is smaller than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the dispersion degrees corresponding to all key nodes according to the position precedence relationship corresponding to all key nodes, and obtaining a dispersion degree sequence after arrangement
Figure DEST_PATH_IMAGE010
As sparse information corresponding to the binary image, wherein,
Figure DEST_PATH_IMAGE011
indicating the degree of dispersion corresponding to the 1 st key node,
Figure DEST_PATH_IMAGE012
indicating the degree of dispersion corresponding to the 2 nd key node,
Figure DEST_PATH_IMAGE013
indicating the degree of dispersion corresponding to the q-1 key node,
Figure DEST_PATH_IMAGE014
and expressing the discrete degree corresponding to the q-th key node, wherein q is the number of the key nodes in the binary image.
2. The microservice-architecture-based method for security monitoring of transmitted data according to claim 1, wherein the key node partition threshold is calculated as follows:
Figure DEST_PATH_IMAGE016
in the formula (I), the compound is shown in the specification,
Figure DEST_PATH_IMAGE017
represents the key node segmentation threshold value(s),
Figure DEST_PATH_IMAGE018
the importance of the ith black pixel point in the binary image,
Figure DEST_PATH_IMAGE019
a number of lines representing a binary image,
Figure DEST_PATH_IMAGE020
and S represents the number of the black pixel points in the binary image.
3. The microservice architecture-based method for security monitoring of transmitted data according to claim 1, wherein the method for calculating the degree of dispersion corresponding to each key node comprises:
calculating the dispersion degree corresponding to each key node by using the following formula:
Figure DEST_PATH_IMAGE022
in the formula (I), the compound is shown in the specification,
Figure DEST_PATH_IMAGE024
indicating the degree of dispersion corresponding to a certain key node,
Figure DEST_PATH_IMAGE026
the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,
Figure DEST_PATH_IMAGE028
represents the vector modular length of the key node corresponding to the v +1 th black pixel point in the window taking the key node as the center,
Figure DEST_PATH_IMAGE030
is composed of
Figure DEST_PATH_IMAGE032
The included angle between the X-axis and the X-axis,
Figure DEST_PATH_IMAGE034
and p represents the number of black pixel points in the window taking the key node as the center.
4. The microservice architecture-based method for security monitoring of transmitted data according to claim 3, wherein the window size is calculated by:
performing convex hull detection on key nodes in the binary image, acquiring J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull:
Figure DEST_PATH_IMAGE036
Figure DEST_PATH_IMAGE038
in the formula (I), the compound is shown in the specification,
Figure DEST_PATH_IMAGE039
the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,
Figure DEST_PATH_IMAGE040
the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a)
Figure DEST_PATH_IMAGE041
Figure DEST_PATH_IMAGE042
) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (
Figure DEST_PATH_IMAGE043
Figure DEST_PATH_IMAGE044
) Coordinates of the o-th black pixel point outside the convex hull are represented, wherein o =1,2, …, Q and Q are the number of the black pixel points outside the convex hull;
the size of the calculation window is:
Figure DEST_PATH_IMAGE046
in the formula (I), the compound is shown in the specification,
Figure DEST_PATH_IMAGE047
the side length of the window is represented,
Figure DEST_PATH_IMAGE048
represents the maximum of the lateral distance and the longitudinal distance.
5. The microservice-architecture-based security monitoring method for transmitted data according to claim 1, wherein encrypted data = key node data + black pixel data + digest data.
CN202211186214.3A 2022-09-28 2022-09-28 Method for monitoring transmission data safety based on micro-service architecture Active CN115270164B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211186214.3A CN115270164B (en) 2022-09-28 2022-09-28 Method for monitoring transmission data safety based on micro-service architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211186214.3A CN115270164B (en) 2022-09-28 2022-09-28 Method for monitoring transmission data safety based on micro-service architecture

Publications (2)

Publication Number Publication Date
CN115270164A CN115270164A (en) 2022-11-01
CN115270164B true CN115270164B (en) 2022-12-13

Family

ID=83757130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211186214.3A Active CN115270164B (en) 2022-09-28 2022-09-28 Method for monitoring transmission data safety based on micro-service architecture

Country Status (1)

Country Link
CN (1) CN115270164B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724582A (en) * 2012-05-31 2012-10-10 福州瑞芯微电子有限公司 Method for displaying color key based on user interface
CN111290900A (en) * 2020-01-16 2020-06-16 中山大学 Software fault detection method based on micro-service log
CN113965420A (en) * 2021-12-23 2022-01-21 西安道法数器信息科技有限公司 Network security encryption method and system based on artificial intelligence

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516540B (en) * 2015-12-14 2018-09-14 天津津芯微电子科技有限公司 The compression method and device of bianry image
US11734435B2 (en) * 2020-10-16 2023-08-22 Qilu University Of Technology Image encryption and decryption communication algorithm based on two-dimensional lag complex logistic map
CN113872762B (en) * 2021-11-29 2022-03-25 国网浙江省电力有限公司金华供电公司 Quantum encryption communication system based on power distribution terminal equipment and use method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724582A (en) * 2012-05-31 2012-10-10 福州瑞芯微电子有限公司 Method for displaying color key based on user interface
CN111290900A (en) * 2020-01-16 2020-06-16 中山大学 Software fault detection method based on micro-service log
CN113965420A (en) * 2021-12-23 2022-01-21 西安道法数器信息科技有限公司 Network security encryption method and system based on artificial intelligence

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"关于网络隐私保护的数字信息加密技术";林玉香,段新东;《现代电子技术》;20180501;第41卷(第9期);全文 *

Also Published As

Publication number Publication date
CN115270164A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN104284190B (en) Compressed image steganography encoding method based on AMBTC high-low mean value optimization
JP6289680B2 (en) Packet transmission device, packet reception device, packet transmission program, and packet reception program
CN114491610B (en) Intelligent shared financial platform and system based on Hash encryption algorithm and quantum key
Edwards et al. Quality of information-aware mobile applications
CN115460382A (en) Security and protection engineering monitoring data safety transmission method
CN110855512A (en) Ultra-large-scale DPI data processing system based on edge calculation
Halboos et al. Hiding text using the least significant bit technique to improve cover image in the steganography system
CN111416683A (en) Concealed communication method based on structural countermeasure sample
CN115270164B (en) Method for monitoring transmission data safety based on micro-service architecture
CN117201501B (en) Intelligent engineering sharing management system and operation method
CN117221894B (en) Big data-based 5G communication transmission method
Mahana et al. Image steganography: Analysis & Evaluation of secret communication
CN108600168A (en) A kind of secure coding method and system for the attack of artificial intelligence image identification
CN115861034B (en) Wireless routing data intelligent management system
CN116341582A (en) Electronic traffic data management method and system based on two-dimension code
CN115834792A (en) Video data processing method and system based on artificial intelligence
CN112910797B (en) I2P flow identification method and system based on feature matching
CN111246460B (en) Low-complexity and low-time-delay secure transmission method
CN110392051B (en) Time hidden channel robust construction method based on active packet loss
Kaljahi et al. Saliency-based bit plane detection for network applications
CN111586052A (en) Multi-level-based crowd sourcing contract abnormal transaction identification method and identification system
CN110769128B (en) Gray level image information steganography method with adaptive embedding rate
Srayyih Almaliki Multilevel secure digital image steganography framework using random function and advanced encryption standard
CN113988243B (en) Three-dimensional code generation and verification method, system, equipment and medium with verification code
CN116073929B (en) Data detection method in MIMO satellite communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant