CN115270164B - Method for monitoring transmission data safety based on micro-service architecture - Google Patents
Method for monitoring transmission data safety based on micro-service architecture Download PDFInfo
- Publication number
- CN115270164B CN115270164B CN202211186214.3A CN202211186214A CN115270164B CN 115270164 B CN115270164 B CN 115270164B CN 202211186214 A CN202211186214 A CN 202211186214A CN 115270164 B CN115270164 B CN 115270164B
- Authority
- CN
- China
- Prior art keywords
- data
- key node
- binary image
- black pixel
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/20—Image preprocessing
- G06V10/26—Segmentation of patterns in the image field; Cutting or merging of image elements to establish the pattern region, e.g. clustering-based techniques; Detection of occlusion
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V10/00—Arrangements for image or video recognition or understanding
- G06V10/20—Image preprocessing
- G06V10/28—Quantising the image, e.g. histogram thresholding for discrimination between background and foreground patterns
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Image Processing (AREA)
Abstract
The invention relates to a method for monitoring transmission data safety based on a micro-service architecture, belonging to the technical field of wireless communication networks. This method belongs to a method of detecting access security or fraud, for example checking user identity or rights. The method comprises the following steps: the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating corresponding key node data, black pixel point data and abstract data, and forming encrypted data; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; and the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the sending end micro-service has potential safety hazard if the decoded data is abnormal. The invention realizes the safety monitoring of the transmission data in the micro-service.
Description
Technical Field
The invention relates to the technical field of wireless communication networks, in particular to a method for monitoring the safety of transmission data based on a micro-service architecture.
Background
Due to the adoption of the micro-service architecture, the problems of long development period, difficulty in maintenance and the like of the traditional system are well solved. However, a software system based on a micro-service architecture is composed of a plurality of fine-grained services, and complex system internal communication easily introduces more security problems, for example, when each micro-service is deployed in a relatively open shared operating environment, the security of transmission data in each micro-service cannot be guaranteed. How to realize the safety monitoring of the transmission data in each microservice is necessary.
Disclosure of Invention
In order to realize the safety monitoring of transmission data in each micro service, the invention aims to provide a method for safety monitoring of transmission data based on a micro service architecture, which comprises the following steps:
the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree greater than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the abstract data is a result of Hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
and the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the sending end micro-service has potential safety hazard if the decoded data is abnormal.
Further, the method for calculating the importance degree comprises the following steps:
calculating the importance degree of each black pixel point by using the following formula:
in the formula (I), the compound is shown in the specification,representing black pixelsTo the degree of importance of (a) the,representing over-black pixelsAnd the number of black pixels on a line parallel to the x-axis,representing over-black pixelsAnd the number of black pixels on a line parallel to the y-axis,indicating over-black pixelsAnd has an included angle with the x-axis ofThe number of black pixel points on the straight line of (1),indicating over-black pixelsThe number of pixel points on all the straight lines.
Further, the calculation formula of the key node segmentation threshold is as follows:
in the formula (I), the compound is shown in the specification,represents the key node segmentation threshold value(s),the importance of the ith black pixel point in the binary image,the number of lines representing the binary image,and S represents the number of the black pixel points in the binary image.
Further, the method for calculating the degree of dispersion corresponding to each key node includes:
calculating the dispersion degree corresponding to each key node by using the following formula:
in the formula (I), the compound is shown in the specification,indicating the degree of dispersion corresponding to a certain key node,the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,represents the vector modulo length of the key node corresponding to the v +1 th black pixel point in the window centered on it,is composed ofThe included angle between the X-axis and the X-axis,and p represents the number of black pixel points in the window taking the key node as the center.
Further, the method for calculating the size of the window includes:
performing convex hull detection on key nodes in the binary image, acquiring J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull:
in the formula (I), the compound is shown in the specification,the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a),) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (,) The coordinates of the o-th black pixel point outside the convex hull are represented, and o =1,2, …, Q is the number of the black pixel points outside the convex hull;
in the formula (I), the compound is shown in the specification,the side length of the window is represented,represents the aboveA maximum of the lateral distance and the longitudinal distance.
Further, the encrypted data = key node data + black pixel data + summary data.
Further, the calculation process of the sparse information comprises:
taking the discrete degree corresponding to each key node in the binary image as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is an optional discrete degree; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is less than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the discrete degrees corresponding to all the key nodes according to the position precedence relationship corresponding to all the key nodes, and obtaining a discrete degree sequence after arrangementAs sparse information corresponding to the binary image, wherein,indicating the degree of dispersion corresponding to the 1 st key node,indicating the degree of dispersion corresponding to the 2 nd key node,indicating the degree of dispersion corresponding to the q-1 key node,and expressing the discrete degree corresponding to the qth key node, wherein q is the number of key nodes in the binary image.
The invention has the beneficial effects that: the method comprises the steps of converting data to be transmitted of micro-service at a transmitting end into a binary image, and analyzing the binary image to construct encrypted data, wherein the encrypted data consists of key node data, black pixel point data and abstract data corresponding to the binary image; the sending end micro-service sends the encrypted data to the receiving end micro-service, and the receiving end micro-service can judge whether the sending end micro-service has potential safety hazards according to whether the decoded data is abnormal or not; the invention provides a safe and reliable data encryption process, which increases the difficulty of counterfeiting the micro-service identity of the sending end, further can judge that the micro-service identity of the sending end is not counterfeited when the current decoded data is not abnormal, and judge that the micro-service identity of the sending end is counterfeited when the current decoded data is abnormal, thereby achieving the purpose of carrying out safe monitoring on the transmission data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for monitoring transmission data security based on micro-service architecture according to the present invention.
Detailed Description
For further explanation of the present invention, the following detailed description is provided with reference to the drawings and preferred embodiments.
In order to implement security monitoring on transmission data in each microservice, as shown in fig. 1, the method for security monitoring on transmission data based on a microservice architecture of the present embodiment includes the following steps:
step 1, a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree greater than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the summary data is a result of hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
the sending end microservice of the embodiment internally comprises a data acquisition module, an encryption module and a data sending module, wherein the encryption module is used for encrypting data to be transmitted acquired by the acquisition module and obtaining encrypted data after encryption; and the data sending module is used for sending the encrypted data to the receiving end micro-service. The process of encrypting the data to be transmitted by the encryption module is crucial, and the encryption process of this embodiment will be described in detail next.
Data to be transmitted of microservices is often one-dimensional time series data, and when the time series data is operated, because the change condition of the transmitted data is large, the randomness is high, and an encryption method with strong robustness is difficult to obtain, the data to be transmitted is segmented to obtain a plurality of pieces of transmitted data with preset sizes, and each piece of transmitted data with preset sizes is converted into corresponding binary coded data; for each binary coded data, dividing the binary coded data into M binary (0,1) digit strings with the length of N, and arranging the M divided digit strings according to the dividing sequence to obtain the binary coded data with the size of NThe two-dimensional data matrix of (2) converts the two-dimensional data matrix into a binary image, namely, a number 1 in the matrix is represented by a black pixel point, and a number 0 in the matrix is represented by a white pixel point.
Therefore, the data to be transmitted can be converted into a plurality of corresponding binary images, the number of the binary images to be specifically converted is related to the size of the data to be transmitted, and the larger the size of the data to be transmitted is, the more the number of the binary images obtained through conversion is. In this embodiment, the size of the data to be transmitted and the preset size are measured by the number of bytes. Next, the following processing will be described by taking a binary image as an example.
The binary image has a plurality of black pixel points with the value of 1, the importance degree of the points at different coordinate positions is different, and one black pixel point is selectedThe more black pixels are contained in the straight line, the more black pixels are shownThe more important the black pixel point is, the more the black pixel point needs to be considered preferentially in the subsequent encryption and decoding(ii) a The embodiment is based on the over-black pixel pointsThe number of black pixels contained in the straight line calculates the number of the black pixelsAccording to the importance of the black pixelJudging black pixel point according to the importance degreeWhether it is a critical node. The following describes the determination process of the key node in detail:
with black pixelAs a reference point, a reference point is obtainedThe correlation straight line is a cross reference pointAnd the straight line parallel to the x and y axes and the included angle with the x axis areThe straight lines at other angles are not beneficial to calculation because the straight lines at other angles can segment other black pixel points, so that the straight lines at other angles of the black pixel point a are not considered for obtaining the accuracy of the importance degree and shortening the calculation time. This embodiment calculates black pixels by collinear relationshipThe more the number of the black pixel points on the straight line passing through the reference point is, the higher the importance degree of the reference point is, and a formula for calculating the importance degree of each black pixel point is as follows:
in the formula (I), the compound is shown in the specification,representing black pixelsTo the degree of importance of (a) the,indicating over-black pixelsAnd the number of black pixels on a line parallel to the x-axis,indicating over-black pixelsAnd the number of black pixels on a line parallel to the y-axis,representing over-black pixelsAnd has an included angle with the x-axis ofThe number of black pixel points on the straight line of (1),indicating over-black pixelsThe number of pixels on all the straight lines (the total number of black pixels and white pixels).
In this embodiment, the key node is screened according to the key node segmentation threshold, and the method for calculating the key node segmentation threshold includes:
in the formula (I), the compound is shown in the specification,represents the key node segmentation threshold value(s),the importance of the ith black pixel point in the binary image,representing the size of the binary image, S representing the number of black pixel points in the binary image,the proportion of black pixels in the binary image is represented, the higher the proportion is, the more the black pixels with the median of 1 in the binary image are, the more the black pixels on the straight line are, and the segmentation threshold of the importance degree is larger at the moment. The key node segmentation threshold value is initially taken as a key node segmentation threshold value by using the average value of the importance degrees of all the reference points a, in order to control the number of key nodes and avoid the problems of large number of key nodes caused by large number of black pixels with the median of 1 in an image and low cooperation speed caused by large storage amount of subsequent data, the key node segmentation threshold value is adjusted according to the proportion of the black pixels in the image, the larger the proportion of the black pixels in the image is, the larger the key node segmentation threshold value is, and therefore the number of the key nodes is controlled.
After the key node segmentation threshold is obtained, whether each black pixel point is the key node is judged, and this embodiment willThe black pixel point is marked as a key node, so that the coordinates of all key nodes can be obtained, and the form is as follows:,the number of key nodes in the binary image and the corresponding importance degree of the key nodes meet the requirements. And using the number of the key nodes and the coordinates of each key point for later-stage construction of encrypted data.
In this embodiment, the encrypted data has 3 parts, including summary data in addition to the key node data (the number of key nodes in the binary image and the coordinates of each key point) and the black pixel data (the number of black pixels in each column in the binary image, excluding the key nodes), and the summary data calculation process will be described below:
establishing a self-adaptive window, the size L of the window is determined according to the following process in this embodiment, and the specific process is as follows: firstly, performing convex hull detection on key nodes to obtain J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull, namely:
in the formula (I), the compound is shown in the specification,the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a),) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (,) And coordinates of the o-th black pixel point outside the convex hull are represented, and o =1,2, …, Q and Q are the number of the black pixel points outside the convex hull. Calculate to obtain a plurality of,A plurality of values of (A) are selected,Of the values of (1)Then the window size is:
in the formula (I), the compound is shown in the specification,the side length of the adaptive window is indicated,the maximum of the lateral distance and the longitudinal distance is indicated.
Calculating the discrete degree corresponding to each key node, namely establishing the discrete degree by taking each key node as a central pointA window of size, obtaining the corresponding vector modular length of the key node in the corresponding window and the corresponding black pixel point in the windowSum vectorAngle with the X-axisKey node and black pixel within windowThe corresponding vector is a vector taking the key node as a starting point and the corresponding black pixel point as an end point, and p binary groups can be obtainedAnd p is the number of black pixels in the window (excluding the key point as the center point of the sliding window and excluding other key points in the window). In this embodiment, the dispersion degree corresponding to each key node is calculated according to the following formula:
in the formula (I), the compound is shown in the specification,indicating the degree of dispersion corresponding to a certain key node,the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,represents the vector modular length of the key node corresponding to the v +1 th black pixel point in the window taking the key node as the center,is composed ofThe included angle between the X-axis and the X-axis,p represents the number of the black pixels in the window taking the key node as the center, and the more the dispersion degree of the black pixels in the window is larger, the more the data restoration can be performed according to the window.
According to the discrete degree corresponding to the key node and the number of black pixel points in the window, the description of the distribution information of the binary image can be realized, but because the total area of all windows is far greater than the area of the binary image, the redundancy degree of the obtained discrete degree data is high, the data volume for encrypting the information is as small as possible, and the verification is as fast and convenient as possible, the embodiment also obtains the corresponding sparse summary data according to the importance of the discrete degree, namely, the optimal threshold value is obtained according to the data distribution condition, and the specific method comprises the following steps:
taking the discrete degree corresponding to each key node as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is the optional discrete degree; and if not, judging that the dispersion degree corresponding to the key node is the non-selectable dispersion degree. Thereby, a plurality of selectable degrees of dispersion are possible; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is smaller than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the discrete degrees corresponding to all the key nodes according to the position precedence relationship corresponding to all the key nodes, and obtaining a discrete degree sequence after arrangementAs the sparse information corresponding to the binary image, the sparse information is information converted into binary representation, whereinIndicating the degree of dispersion corresponding to the 1 st key node,indicating the degree of dispersion corresponding to the qth key node. The position sequence in this embodiment is: in the first line of the binary imageThe key points are the key points in the second row in the binary image, and the rest is done in the same way; for keypoints in the same row, the keypoints on the left precede the keypoints on the right.
The sparse information corresponding to the binary image is subjected to hash processing, the hash processing can process data with different lengths into data sequences with equal length, in this embodiment, the sparse information corresponding to different binary images has different lengths, and data with the same length can be obtained after the hash processing. The process of the hash processing is the prior art and is not described herein again.
And taking the hashed sparse information as abstract data, and constructing encrypted data according to the abstract data, the key node data and the black pixel data, wherein the encrypted data = the key node data + the black pixel data + the abstract data.
According to the method of the embodiment, firstly, data to be transmitted is converted into a plurality of binary images, and through the hash processing, encrypted data corresponding to each binary image is equal in size, so that the encrypted data corresponding to the data to be transmitted is a combination of the encrypted data with the equal size; when the sending end micro service packs the encrypted data to be transmitted and transmits the packed encrypted data to the receiving end micro service, the receiving end micro service can judge how many binary images the received encrypted data comprises according to the size of the received encrypted data and the size corresponding to one binary image, and then can decode the encrypted data corresponding to each binary image, and finally obtains the data content which the sending end micro service wants to transmit.
And 2, decoding the received encrypted data by the receiving end micro service according to the composition of the encrypted data, judging whether the decoded data is abnormal, and judging that the sending end micro service has potential safety hazards if the decoded data is abnormal.
The receiving end microservice of the embodiment internally comprises a data receiving module, a decoding module and an abnormity judging module, wherein the decoding module is used for decoding the encrypted data received by the data receiving module according to the composition of the encrypted data in the sending end microservice, and the abnormity judging module is used for judging whether the decoded data is abnormal or not and judging that the sending end microservice has potential safety hazards and is possibly invaded when the data is abnormal.
As described above, the receiving end microserver can convert the received encrypted data into encrypted data corresponding to a plurality of binary images, and then take the encrypted data corresponding to one binary image as an example to perform decoding description:
1) Splitting data, namely separating the encrypted data according to corresponding separation marks when the encrypted data are combined, and separating the whole encrypted data into key node data, black pixel point data and summary data;
2) And extracting key node data, wherein the key node data are black pixel points with an important value of 1 in the binary image, and the value of the important position is not changed at all, so that the black pixel points of the subsequent non-important points are recovered on the basis.
3) On the premise of key node data, by combining black pixel data, how many black pixels with the value of 1 are in each row of the binary image except the key nodes can be known.
4) And optimizing and adjusting the positions of the black pixel points except the key nodes, comparing the abstract data, and determining recovery data. Specifically, the fixed base point (i.e., the key node) is obtained, and how many black pixel points (excluding the key node) are known in each row, and then the positions of the black pixel points except the base point are adjusted; through the processing mode, corresponding recovery summary data is obtained. And comparing the abstract data, and when the abstract data are consistent, indicating that the data are restored.
And after the decoding module in the receiving end micro-service decodes the received encrypted data, judging whether the decoded data is abnormal or not, and judging that the sending end micro-service has potential safety hazard and is possibly invaded when the decoded data is abnormal. In specific application, whether the decoded data is abnormal or not can be judged according to a specific application scene, for example, the receiving end micro server can judge whether the currently decoded data is abnormal or not by comparing the currently decoded data with the decoded data when no security problem exists before, or judge whether the currently decoded data is abnormal or not by judging whether the currently decoded data has certain characteristics or not. After the encrypted data is decoded, how to judge that the decoded data is abnormal is the prior art, and details are not repeated here, and the embodiment is mainly used for providing a relatively safe and reliable data encryption process so as to increase the difficulty of forging the micro-service identity of the sending end, so that the micro-service identity of the sending end can be judged not to be forged when the current decoded data is not abnormal, and the micro-service identity of the sending end can be judged to be forged when the current decoded data is abnormal, so that the purpose of carrying out safety monitoring on the transmission data is achieved.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (5)
1. A method for monitoring transmission data safety based on a micro-service architecture is characterized by comprising the following steps:
the method comprises the steps that a sending end micro-service carries out segmentation processing on data to be transmitted to obtain a plurality of transmission data with preset sizes, and the transmission data with the preset sizes are converted into corresponding binary images; for any binary image, calculating key node data, black pixel point data and abstract data corresponding to the binary image, and forming encrypted data according to the key node data, the black pixel point data and the abstract data corresponding to the binary image; sending the encrypted data corresponding to each binary image corresponding to the data to be transmitted to a receiving end micro service; the key node data comprise the number of key nodes in the binary image and the coordinates of each key node, and the key nodes are black pixel points with the importance degree larger than or equal to the key node segmentation threshold; the black pixel data is the number of black pixels which are not in the key node and are included in each row of the binary image; the abstract data is a result of Hash processing on sparse information corresponding to the binary image, and the sparse information is a sequence formed according to the discrete degree corresponding to each key node;
the receiving end micro-service decodes the received encrypted data according to the composition of the encrypted data, judges whether the decoded data is abnormal or not, and judges that the transmitting end micro-service has potential safety hazards if the decoded data is abnormal;
calculating the importance degree of each black pixel point by using the following formula:
in the formula (I), the compound is shown in the specification,representing black pixelsTo the degree of importance of (a) the,indicating over-black pixelsAnd the number of black pixels on a line parallel to the x-axis,indicating over-black pixelsAnd the number of black pixels on a line parallel to the y-axis,to representOver black pixel pointAnd has an included angle with the x-axis ofThe number of black pixel points on the straight line of (1),representing over-black pixelsThe number of pixel points on all the straight lines;
the calculation process of the sparse information comprises the following steps:
taking the discrete degree corresponding to each key node in the binary image as a threshold, judging whether all pixel points in a window corresponding to the key nodes with the discrete degrees being more than or equal to the threshold can cover all pixel points of the binary image, and if so, judging that the discrete degree corresponding to the key node is an optional discrete degree; taking the maximum value in the selectable discrete degrees as a target segmentation threshold, judging whether the discrete degree corresponding to each key node is greater than or equal to the target segmentation threshold, and if the discrete degree corresponding to each key node is smaller than the target segmentation threshold, representing the discrete degree corresponding to the key node as 0; if the discrete degree is larger than or equal to the preset discrete degree, maintaining the discrete degree corresponding to the key node unchanged; arranging the dispersion degrees corresponding to all key nodes according to the position precedence relationship corresponding to all key nodes, and obtaining a dispersion degree sequence after arrangementAs sparse information corresponding to the binary image, wherein,indicating the degree of dispersion corresponding to the 1 st key node,indicating the degree of dispersion corresponding to the 2 nd key node,indicating the degree of dispersion corresponding to the q-1 key node,and expressing the discrete degree corresponding to the q-th key node, wherein q is the number of the key nodes in the binary image.
2. The microservice-architecture-based method for security monitoring of transmitted data according to claim 1, wherein the key node partition threshold is calculated as follows:
in the formula (I), the compound is shown in the specification,represents the key node segmentation threshold value(s),the importance of the ith black pixel point in the binary image,a number of lines representing a binary image,and S represents the number of the black pixel points in the binary image.
3. The microservice architecture-based method for security monitoring of transmitted data according to claim 1, wherein the method for calculating the degree of dispersion corresponding to each key node comprises:
calculating the dispersion degree corresponding to each key node by using the following formula:
in the formula (I), the compound is shown in the specification,indicating the degree of dispersion corresponding to a certain key node,the vector modular length of the key node corresponding to the v-th black pixel point in the window taking the key node as the center is represented,represents the vector modular length of the key node corresponding to the v +1 th black pixel point in the window taking the key node as the center,is composed ofThe included angle between the X-axis and the X-axis,and p represents the number of black pixel points in the window taking the key node as the center.
4. The microservice architecture-based method for security monitoring of transmitted data according to claim 3, wherein the window size is calculated by:
performing convex hull detection on key nodes in the binary image, acquiring J key nodes at the outermost periphery of the convex hull, and calculating the transverse and longitudinal distances between any black pixel point outside the convex hull and any key node at the outermost periphery of the convex hull:
in the formula (I), the compound is shown in the specification,the lateral distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull,the longitudinal distance between the jth key node at the outermost periphery of the convex hull and the o-th black pixel point outside the convex hull is (a),) Coordinates representing the J-th critical node of the outermost periphery of the convex hull, J =1,2, …, J, (,) Coordinates of the o-th black pixel point outside the convex hull are represented, wherein o =1,2, …, Q and Q are the number of the black pixel points outside the convex hull;
5. The microservice-architecture-based security monitoring method for transmitted data according to claim 1, wherein encrypted data = key node data + black pixel data + digest data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211186214.3A CN115270164B (en) | 2022-09-28 | 2022-09-28 | Method for monitoring transmission data safety based on micro-service architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211186214.3A CN115270164B (en) | 2022-09-28 | 2022-09-28 | Method for monitoring transmission data safety based on micro-service architecture |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115270164A CN115270164A (en) | 2022-11-01 |
CN115270164B true CN115270164B (en) | 2022-12-13 |
Family
ID=83757130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211186214.3A Active CN115270164B (en) | 2022-09-28 | 2022-09-28 | Method for monitoring transmission data safety based on micro-service architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115270164B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102724582A (en) * | 2012-05-31 | 2012-10-10 | 福州瑞芯微电子有限公司 | Method for displaying color key based on user interface |
CN111290900A (en) * | 2020-01-16 | 2020-06-16 | 中山大学 | Software fault detection method based on micro-service log |
CN113965420A (en) * | 2021-12-23 | 2022-01-21 | 西安道法数器信息科技有限公司 | Network security encryption method and system based on artificial intelligence |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105516540B (en) * | 2015-12-14 | 2018-09-14 | 天津津芯微电子科技有限公司 | The compression method and device of bianry image |
US11734435B2 (en) * | 2020-10-16 | 2023-08-22 | Qilu University Of Technology | Image encryption and decryption communication algorithm based on two-dimensional lag complex logistic map |
CN113872762B (en) * | 2021-11-29 | 2022-03-25 | 国网浙江省电力有限公司金华供电公司 | Quantum encryption communication system based on power distribution terminal equipment and use method thereof |
-
2022
- 2022-09-28 CN CN202211186214.3A patent/CN115270164B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102724582A (en) * | 2012-05-31 | 2012-10-10 | 福州瑞芯微电子有限公司 | Method for displaying color key based on user interface |
CN111290900A (en) * | 2020-01-16 | 2020-06-16 | 中山大学 | Software fault detection method based on micro-service log |
CN113965420A (en) * | 2021-12-23 | 2022-01-21 | 西安道法数器信息科技有限公司 | Network security encryption method and system based on artificial intelligence |
Non-Patent Citations (1)
Title |
---|
"关于网络隐私保护的数字信息加密技术";林玉香,段新东;《现代电子技术》;20180501;第41卷(第9期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN115270164A (en) | 2022-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104284190B (en) | Compressed image steganography encoding method based on AMBTC high-low mean value optimization | |
JP6289680B2 (en) | Packet transmission device, packet reception device, packet transmission program, and packet reception program | |
CN114491610B (en) | Intelligent shared financial platform and system based on Hash encryption algorithm and quantum key | |
Edwards et al. | Quality of information-aware mobile applications | |
CN115460382A (en) | Security and protection engineering monitoring data safety transmission method | |
CN110855512A (en) | Ultra-large-scale DPI data processing system based on edge calculation | |
Halboos et al. | Hiding text using the least significant bit technique to improve cover image in the steganography system | |
CN111416683A (en) | Concealed communication method based on structural countermeasure sample | |
CN115270164B (en) | Method for monitoring transmission data safety based on micro-service architecture | |
CN117201501B (en) | Intelligent engineering sharing management system and operation method | |
CN117221894B (en) | Big data-based 5G communication transmission method | |
Mahana et al. | Image steganography: Analysis & Evaluation of secret communication | |
CN108600168A (en) | A kind of secure coding method and system for the attack of artificial intelligence image identification | |
CN115861034B (en) | Wireless routing data intelligent management system | |
CN116341582A (en) | Electronic traffic data management method and system based on two-dimension code | |
CN115834792A (en) | Video data processing method and system based on artificial intelligence | |
CN112910797B (en) | I2P flow identification method and system based on feature matching | |
CN111246460B (en) | Low-complexity and low-time-delay secure transmission method | |
CN110392051B (en) | Time hidden channel robust construction method based on active packet loss | |
Kaljahi et al. | Saliency-based bit plane detection for network applications | |
CN111586052A (en) | Multi-level-based crowd sourcing contract abnormal transaction identification method and identification system | |
CN110769128B (en) | Gray level image information steganography method with adaptive embedding rate | |
Srayyih Almaliki | Multilevel secure digital image steganography framework using random function and advanced encryption standard | |
CN113988243B (en) | Three-dimensional code generation and verification method, system, equipment and medium with verification code | |
CN116073929B (en) | Data detection method in MIMO satellite communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |