CN116108426A - Detection method and system for improving security evaluation efficiency of commercial password application - Google Patents
Detection method and system for improving security evaluation efficiency of commercial password application Download PDFInfo
- Publication number
- CN116108426A CN116108426A CN202310325711.5A CN202310325711A CN116108426A CN 116108426 A CN116108426 A CN 116108426A CN 202310325711 A CN202310325711 A CN 202310325711A CN 116108426 A CN116108426 A CN 116108426A
- Authority
- CN
- China
- Prior art keywords
- task
- security
- result
- execution
- efficiency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to the technical field of data processing, and provides a detection method and a detection system for improving the security evaluation efficiency of commercial password application. The security assessment task list and task characteristics of each task in the list are obtained through task analysis application assessment demand information, equipment processing capacity information, the security assessment task list and task characteristics are input into a task allocation model to obtain various execution schemes, and the execution schemes are obtained through screening of the various execution schemes by running load-efficiency balance parameters to carry out commercial password application security detection of each task in the security assessment task list. The technical problems that commercial password security detection strategies converge in the prior art, so that when commercial password security assessment is carried out, the assessment accuracy requirement and the assessment efficiency requirement cannot be balanced, and the assessment result reliability is insufficient are solved, the technical effects of balancing the commercial password assessment accuracy and the high efficiency requirement and improving the commercial password application security assessment reliability are achieved.
Description
Technical Field
The application relates to the technical field of data processing, in particular to a detection method and a detection system for improving the security evaluation efficiency of commercial password application.
Background
The commercial cipher application safety evaluation is an important means for evaluating the compliance, correctness and effectiveness of the cipher technology applied by the encryption protection to ensure that the commercial cipher normally plays a safety guarantee function when the commercial cipher technology, a network and an information system built by integrating products and services are adopted and after the commercial cipher is put into operation.
It is understood that the commercial password application security assessment is independently and regularly developed by a user based on the commercial password, and is limited by professional capability, so that the commercial password application security assessment is invalid, the commercial password compliance defect cannot be effectively and timely eliminated, the defect of information security vulnerability risk is caused, the commercial password application security assessment is entrusted to a third party for execution, and the defects of insufficient timeliness of the commercial password application security assessment and insufficient credibility of an assessment result are also caused.
In summary, in the prior art, commercial password security detection strategies converge, which results in technical problems that when commercial password security evaluation is performed, the requirement for evaluating accuracy and the requirement for evaluating high efficiency cannot be balanced, and reliability of an evaluation result is insufficient.
Disclosure of Invention
Based on the above, it is necessary to provide a detection method and a detection system for improving the security evaluation efficiency of commercial passwords, which can balance the requirements of accuracy and high efficiency of commercial password evaluation and improve the reliability of commercial password application security evaluation.
A detection method for improving the security evaluation efficiency of commercial password application comprises the following steps: acquiring application evaluation demand information, carrying out task analysis on the application evaluation demand information, and generating a security evaluation task list; the commercial password application system is communicated, and task characteristics of each task in the security evaluation task list are acquired and obtained, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier; acquiring equipment processing capability information of the detection equipment; inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes; acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes; and carrying out commercial password application security detection of each task in the security assessment task list based on the screening execution scheme.
A detection system for improving security assessment efficiency of a commercial cryptographic application, the system comprising: the task list generation module is used for acquiring application evaluation requirement information, carrying out task analysis on the application evaluation requirement information and generating a security evaluation task list; the task feature acquisition module is used for communicating with a commercial password application system and acquiring task features of each task in the security evaluation task list, wherein the task features comprise an efficiency identifier and an accuracy identifier; the capability information acquisition module is used for acquiring the equipment processing capability information of the detection equipment; the task allocation analysis module is used for inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes; the execution scheme screening module is used for acquiring and obtaining operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to obtain screening execution schemes; and the application security detection module is used for carrying out commercial password application security detection on each task in the security evaluation task list based on the screening execution scheme.
A computer device comprising a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring application evaluation demand information, carrying out task analysis on the application evaluation demand information, and generating a security evaluation task list;
the commercial password application system is communicated, and task characteristics of each task in the security evaluation task list are acquired and obtained, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier;
acquiring equipment processing capability information of the detection equipment;
inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes;
and carrying out commercial password application security detection of each task in the security assessment task list based on the screening execution scheme.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring application evaluation demand information, carrying out task analysis on the application evaluation demand information, and generating a security evaluation task list;
the commercial password application system is communicated, and task characteristics of each task in the security evaluation task list are acquired and obtained, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier;
acquiring equipment processing capability information of the detection equipment;
inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes;
and carrying out commercial password application security detection of each task in the security assessment task list based on the screening execution scheme.
The detection method and the detection system for improving the safety evaluation efficiency of the commercial password application solve the technical problems that the commercial password application safety inspection strategy is converged in the prior art, so that the requirement on the evaluation accuracy and the requirement on the evaluation efficiency cannot be balanced when the commercial password safety evaluation is carried out, and the reliability of the evaluation result is insufficient, so that the technical effects of balancing the requirements on the evaluation accuracy and the high efficiency of the commercial password application and improving the reliability of the commercial password application safety evaluation are realized.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
FIG. 1 is a flow chart of a detection method for improving security assessment efficiency of a commercial cryptographic application in one embodiment;
FIG. 2 is a schematic flow chart of task allocation results obtained in a detection method for improving security evaluation efficiency of commercial cryptographic applications in one embodiment;
FIG. 3 is a block diagram illustrating an exemplary architecture of a detection system for improving security assessment efficiency of a commercial cryptographic application;
FIG. 4 is an internal block diagram of a computer device in one embodiment;
reference numerals illustrate: the system comprises a task list generation module 1, a task characteristic acquisition module 2, a capability information acquisition module 3, a task allocation analysis module 4, an execution scheme screening module 5 and an application security detection module 6.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
As shown in fig. 1, the present application provides a detection method for improving security evaluation efficiency of a commercial cryptographic application, where the method includes:
s100, acquiring application evaluation demand information, and carrying out task analysis on the application evaluation demand information to generate a security evaluation task list;
in particular, it should be understood that the commercial passwords are cryptographic techniques and password products applied to cryptographically protecting or securely authenticating information not related to secret content. The commercial password application security assessment is to assess compliance, correctness and effectiveness of the applied password technology for realizing encryption protection when a network and an information system built by commercial password technology, products and services are adopted, and meanwhile, the commercial password security assessment still needs to be carried out periodically after the commercial password is put into operation.
In this embodiment, a detection device is set, and based on the detection device, a certain evaluation policy is set for performing security evaluation of commercial cryptographic applications of a plurality of users using commercial passwords within a certain area, and for improving security evaluation efficiency of commercial cryptographic applications of multiple users.
The application evaluation requirement is the encryption grade of the commercial password used by the user and the encryption security degree customized in the encryption grade, and the detection equipment has credibility only according to the encryption grade of the commercial password used by the user and the encryption security degree customized in the encryption grade, the evaluation data acquisition is carried out, and the evaluation result obtained by the application security evaluation of the commercial password is executed.
The application evaluation requirement information is an information set formed by application evaluation requirement information given by application security evaluation on the commercial passwords currently used by a plurality of users who perform commercial password application security evaluation based on the same detection equipment.
And carrying out task analysis on the application evaluation requirement information based on the same detection equipment by a plurality of users corresponding to a plurality of tasks, and generating a security evaluation task list, wherein each user in the security evaluation task list correspondingly marks a security evaluation task, and each security evaluation task specifically comprises encryption grade information of commercial passwords used by the users and customized encryption security degree requirement information in the encryption grade.
S200, connecting a commercial password application system, and acquiring task characteristics of each task in the security evaluation task list, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier;
specifically, in this embodiment, the commercial password application system is a carrier for actually playing the encryption protection or security authentication function for the commercial password, and the user applies the commercial password application system to implement the required login security protection function and the data security uploading and saving function, and the commercial password application system is invoked in different functions.
Each user is correspondingly provided with a commercial password application system, the detection equipment is actually used for carrying out evaluation data acquisition characteristics of commercial password application safety evaluation in the commercial password application system, it is understood that the users adopting the commercial password application system for carrying out login safety protection function and data safety uploading and saving function actually comprise a plurality of sub-users, when different numbers of sub-users synchronously use the commercial password application system for carrying out login tasks or data protection tasks, the occupancy rate of computing resources of the commercial password application system is different, the corresponding generated real-time data flow information amount has difference, correspondingly, the detection equipment is used for capturing the data acquisition rate of acquired data from the commercial password application system and the reliability of analysis results of commercial password application safety analysis based on the acquired data has difference.
It should be understood that each user corresponds to an evaluation task in the security evaluation task list, where the task features are data collection features that the detection device collects evaluation data in a commercial cryptographic application system of the user, where the data collection features can effectively perform commercial cryptographic application security evaluation, and the data collection features specifically include an efficiency identifier and an accuracy identifier, where the efficiency identifier is efficiency of data collection and capture under the condition of occupation of computing resources of different commercial cryptographic application systems, and the higher the computing resource occupation rate is, the slower the rate of data capture performed by the detection device is, and the accuracy identifier is accuracy identifier of analysis results obtained by performing commercial cryptographic application security analysis on data collected by the detection device under the condition of computing resource occupation rates of different commercial cryptographic application systems.
And connecting the detection equipment with the commercial password application system equipped by each user, and acquiring task characteristics of each task in the security assessment task list, wherein the task characteristics comprise the efficiency identifier and the accuracy identifier for executing data acquisition under the condition that the commercial password application systems occupy different computing power resources to perform application security analysis.
S300, obtaining equipment processing capability information of the detection equipment;
specifically, in this embodiment, the detection device has a comprehensive function device with a data acquisition function and a data analysis capability, acquires evaluation data of the commercial password application security evaluation based on the data acquisition function, and performs the commercial password application security evaluation on the acquired data based on the data analysis capability.
The equipment processing capability information comprises data acquisition capability information representing the data acquisition quantity in unit time and equipment operation load limit representing equipment data analysis processing for carrying out commercial password application safety evaluation based on the acquired data in unit time.
S400, inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
in one embodiment, as shown in fig. 2, the method steps provided in the present application further include:
s410, performing task analysis on the security assessment task list to obtain the task initial grade and task latitude of each task;
s420, generating task constraint information based on the task initial level and the task latitude;
s430, inputting the task constraint information and the task characteristics to a node allocation module of the task allocation model, and obtaining the task allocation result based on the output result and the equipment processing capability information.
In one embodiment, the method steps provided herein further comprise:
s431, inputting the output result and the equipment processing capability information into a processing distribution module of the task distribution model;
s432, generating a processing constraint value based on the equipment processing capability information, and executing constraint on a task allocation result in the output result through the processing constraint value;
s433, generating the task allocation result according to the execution constraint result.
In one embodiment, the method steps provided herein further comprise:
s432-1, obtaining equipment history use information of the detection equipment;
s432-2, carrying out equipment stability analysis of the detection equipment based on the historical use information to obtain a stability influence coefficient;
s432-3, adjusting the processing constraint value through the stability influence coefficient, and executing constraint on the task allocation result in the output result according to the adjusted processing constraint value.
Specifically, in this embodiment, the multiple execution schemes are a pre-collection and post-collection sequence scheme for collecting data of the commercial cryptographic application systems of multiple users (tasks) when evaluating the security of the commercial cryptographic application of the multiple users (tasks).
In order to ensure that the data acquisition of the commercial password application systems of a plurality of users is executed based on the execution schemes and the commercial password security evaluation is carried out based on the acquired data, the commercial password application security evaluation result with higher reliability can be obtained.
The task allocation model comprises a node allocation submodule and a processing allocation module, wherein the node allocation submodule is connected with the processing allocation module, and an output result of the node allocation submodule is input data of the processing allocation module.
In this embodiment, in step S100, a security evaluation task is correspondingly marked for each user in the security evaluation task list, and each security evaluation task specifically includes encryption level information of a commercial password used by the user, and encryption security level requirement information customized in the encryption level.
The task initial level is encryption level information of commercial passwords used by users, and the task latitude is encryption security level requirement information customized by the users in the encryption level.
Therefore, in this embodiment, task analysis is performed on the security evaluation task list to obtain a task initial level and task tolerance of each task, and task constraint information is generated by integrating the task initial level and the task tolerance, where the task constraint information is used to constrain a data type of the detection device for data acquisition in each task, so as to avoid that data not belonging to the task initial level and the task tolerance corresponding to a task is mixed into acquired data, thereby causing security evaluation deviation of commercial password application.
The node distribution module is constructed based on a neural network, a plurality of sample task constraint information, a plurality of sample task constraint features and a plurality of sample task distribution results of commercial password application security detection of each task are acquired and obtained through the history of the detection device, and each sample task distribution result in the plurality of sample task distribution results comprises a plurality of sample execution schemes.
And carrying out data identification and division on the plurality of sample task constraint information, the plurality of sample task constraint features and the plurality of sample task distribution results according to a ratio of 17:2:1 to obtain a training set, a testing set and a verification set, carrying out supervised model training and testing of the node distribution module based on the training set and the testing set, and carrying out model output result accuracy verification based on the verification set until the output accuracy of the node distribution module is higher than 97%.
And inputting the task constraint information and the task characteristics to a node distribution module of the task distribution model to obtain an output result, wherein the output result is a task distribution result, and the task distribution result comprises a plurality of execution schemes.
Based on the foregoing, it can be known that, based on the multiple execution schemes, the commercial password application system data of the multiple users is acquired, and the commercial password security assessment is performed based on the acquired data, so that the commercial password application security assessment result with higher reliability can be obtained.
Meanwhile, it should be understood that the evaluation efficiency of actually evaluating the security of the commercial cryptographic applications of a plurality of users is objectively limited by the data acquisition capability and the security evaluation analysis capability of the detection device. Thus, the present embodiment inputs the output result obtained based on the node allocation module analysis and the device processing capability information to a processing allocation module of the task allocation model, determines the processing constraint value based on the processing allocation module analysis, the processing constraint value being an upper limit of device operation for the detection device to perform task data collection and application security analysis, and marks the task allocation result with the processing constraint value at the processing allocation module.
The construction method of the processing distribution module is based on neural network construction, and the processing constraint values given by a plurality of commercial password security field experts to a plurality of sample detection devices are acquired, wherein the processing constraint values are the upper equipment operation limits of task data acquisition and application security analysis of the detection equipment, and when the detection devices perform data acquisition and application security analysis in the processing constraint values, overload and dead halt of the operation load of the detection devices or slow down of the data acquisition analysis rate are not caused.
And carrying out data identification and division on the plurality of sample detection devices and the plurality of sample processing constraint values according to the ratio of 8:1:1 to obtain a training set, a testing set and a verification set, carrying out supervised model training and testing of the processing distribution module based on the training set and the testing set, and carrying out model output result accuracy verification based on the verification set until the output accuracy of the processing distribution module is higher than 97%.
Inputting the output result and the equipment processing capacity information obtained based on node allocation module analysis into a processing allocation module of the task allocation model, wherein the processing allocation module firstly analyzes a detection device to obtain the processing constraint value, then marks the processing constraint value on the output result to finish executing constraint on a task allocation result in the output result through the processing constraint value, and generates the task allocation result according to the executing constraint result, wherein the task allocation result comprises a plurality of executing schemes marked with the processing constraint value.
It should be further understood that, in actual operation of the detection device, there is fluctuation in operation stability due to the influence of external factors or changes in consumption of own computing power resources, so that in this embodiment, by obtaining device history usage information of the detection device, obtaining, based on the history usage information, a failure stopping frequency occurring in a history usage time, dividing the failure stopping frequency by 100 to obtain data as the stability influence coefficient, multiplying the stability influence coefficient by the processing constraint value to obtain an adjustment processing constraint value, and performing constraint on a task allocation result in the output result based on the adjustment processing constraint value. The method achieves the technical effects of obtaining multiple execution schemes which truly reflect the use performance of the detection device and can evaluate the commercial password application security of each user with high credibility, and providing a screening execution scheme for evaluating the high-efficiency commercial password application security by selecting the optimal execution scheme subsequently.
S500, acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes;
in one embodiment, the method steps provided herein further comprise:
s510, carrying out fitting reading of load trigger values and load trigger frequency data on the various execution schemes;
s520, fitting efficiency results of the multiple execution schemes;
s530, calculating to obtain a load coefficient based on the load trigger value and the load trigger frequency, carrying out data normalization processing on the load coefficient and the efficiency result, and carrying out comparison final value calculation of the multiple execution schemes according to the processing result and the operation load-efficiency balance parameter;
s540, carrying out adaptive screening according to the comparison final value calculation result to obtain the screening execution scheme.
Specifically, in this embodiment, the detecting device performs security evaluation of commercial cryptographic applications of multiple users according to the multiple execution schemes, and the load trigger value is a specific overload value of overload operation of the detecting device in the process of performing security evaluation of commercial cryptographic applications of multiple users according to any execution scheme. And the load triggering frequency data is the number of times of overload operation of the detection device in the process of carrying out safety evaluation on commercial password application of a plurality of users according to any execution scheme in the overload operation of the detection device, and each time corresponds to a specific overload value.
And obtaining a plurality of load trigger values and a plurality of load trigger frequency data of the detection device for carrying out the commercial password application security evaluation of a plurality of users according to the plurality of execution schemes, and reflecting a plurality of efficiency results of the time spent by the execution of the plurality of execution schemes.
And carrying out data normalization processing on the load coefficient and the efficiency result again to obtain the processing result based on the load trigger value and the load trigger frequency normalization processing calculation mean value as the load coefficient, wherein the processing result is a load coefficient-efficiency result of various execution schemes.
The operating load-efficiency balance parameter characterizes an operating balance state in which the detection device is operated near a load limit, but is not operated in overload, and the detection device continuously operates in an optimal operating state.
And traversing and comparing the processing result with the operation load-efficiency balance parameter for one time, removing an execution scheme that any value of the operation load and the efficiency result exceeds the operation load-efficiency balance parameter, and calculating a comparison final value for the rest execution scheme, wherein the comparison final value is a plurality of groups of data combinations of the operation load data subtracted by the load coefficient and the efficiency result subtracted by the efficiency balance parameter.
The data of the plurality of groups of data combinations are ordered from small to large, and an execution scheme corresponding to the smallest group of data combinations is selected as the screening execution scheme, so that the technical effects of obtaining the multi-user commercial password application security evaluation execution scheme which is the shortest in time consumption and higher in reliability of obtained results, balancing the requirements on commercial password evaluation accuracy and high efficiency and improving the reliability of commercial password application security evaluation are achieved.
And S600, carrying out commercial password application security detection on each task in the security assessment task list based on the screening execution scheme.
In one embodiment, the method steps provided herein further comprise:
s610, performing execution monitoring of commercial password application security detection on the screening execution scheme to obtain an execution monitoring result;
s620, performing efficiency error analysis according to the execution monitoring result to obtain an efficiency error analysis result;
s630, carrying out characteristic association on the efficiency error analysis result and an error task, and generating feedback information according to the association result;
and S640, carrying out optimization adjustment of subsequent scheme screening through the feedback information.
Specifically, in this embodiment, the commercial cryptographic application security detection of each task in the security evaluation task list is performed based on the filtering execution scheme, and time-consuming data of the filtering execution scheme is completed at a timing, so as to obtain the execution monitoring result, where the execution monitoring result includes commercial cryptographic application security evaluation time-consuming data of a plurality of tasks
The efficiency result of the screening execution scheme theory for the security evaluation of the commercial cryptographic applications of the plurality of tasks is obtained based on the step S500, and the efficiency result comprises time consumption of the security evaluation of the commercial cryptographic applications of the plurality of tasks.
According to the task name traversal comparison, efficiency error analysis is carried out on the execution detection result and the efficiency result of the screening execution scheme, so that an efficiency error analysis result is obtained, the efficiency error analysis result is time-consuming in actually carrying out commercial password application security assessment on an error task which does not meet the time-consuming requirement of the efficiency result, the efficiency error analysis result is subjected to characteristic association with the error task, feedback information is generated according to the association result, and optimization adjustment of subsequent scheme screening is carried out through the feedback information, so that verification optimization on the actual execution condition of the screening execution scheme is realized, the multi-user commercial password application security assessment execution scheme which is the shortest in time consumption and higher in reliability of the obtained result is achieved in theory and practical application, the requirements of commercial password assessment accuracy and high efficiency are balanced, and the technical effect of commercial password application security assessment reliability is improved.
In one embodiment, the method steps provided herein further comprise:
s441, performing task execution priority evaluation on the security evaluation task list to obtain a task execution priority evaluation result;
s442, task sequence allocation is carried out based on the task execution priority evaluation result, and task sequence allocation calibration data are obtained;
s443, inputting the task allocation calibration data serving as incremental data into the task allocation model;
s444, outputting and obtaining the task allocation result.
Specifically, based on the step S100, in the present embodiment, each user marks a security evaluation task in the security evaluation task list, and each security evaluation task specifically includes encryption level information of a commercial password used by the user, and encryption security level requirement information is customized in the encryption level.
Therefore, in this embodiment, a plurality of users are initially classified based on encryption levels, so as to obtain a plurality of users belonging to the same encryption levels, and in each encryption level, a plurality of users within the same encryption level are ordered according to user-defined encryption security requirement information, where a specific ordering rule is that the higher the encryption security requirement is, the higher the ordering is.
And according to the ordering information of a plurality of users in the same level, combining a plurality of users with the same encryption level to divide, obtaining the task execution priority evaluation result, and carrying out task sequence allocation of each user based on the task execution priority evaluation result to obtain task sequence allocation calibration data.
And the task allocation calibration data is used as incremental data and is input into the task allocation model, each task in a plurality of execution schemes in the task allocation result output by the task allocation model is marked, the optimized task allocation result is obtained, and the technical effects of providing references for the detection device to the plurality of execution schemes in the task allocation result, data acquisition of commercial password application security evaluation of each task and data analysis sequence are achieved.
In one embodiment, as shown in fig. 3, there is provided a detection system for improving security assessment efficiency of a commercial cryptographic application, including: the system comprises a task list generation module 1, a task characteristic acquisition module 2, a capability information acquisition module 3, a task allocation analysis module 4, an execution scheme screening module 5 and an application security detection module 6, wherein:
the task list generation module 1 is used for acquiring application evaluation requirement information, carrying out task analysis on the application evaluation requirement information and generating a security evaluation task list;
the task feature acquisition module 2 is used for communicating with a commercial password application system and acquiring task features of each task in the security evaluation task list, wherein the task features comprise an efficiency identifier and an accuracy identifier;
a capability information obtaining module 3, configured to obtain device processing capability information of the detection device;
the task allocation analysis module 4 is used for inputting the equipment processing capability information, the security evaluation task list and the task characteristics into a task allocation model and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
the execution scheme screening module 5 is used for acquiring and obtaining operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to obtain screening execution schemes;
and the application security detection module 6 is used for carrying out commercial password application security detection on each task in the security evaluation task list based on the screening execution scheme.
In one embodiment, the system further comprises:
the task analysis execution unit is used for carrying out task analysis on the security evaluation task list to obtain the task initial grade and task tolerance of each task;
the constraint information generation unit is used for generating task constraint information based on the task initial level and the task latitude;
and the task allocation obtaining unit is used for inputting the task constraint information and the task characteristics to a node allocation module of the task allocation model, and obtaining the task allocation result based on the output result and the equipment processing capability information.
In one embodiment, the system further comprises:
an analysis data input unit for inputting the output result and the device processing capability information to a processing distribution module of the task distribution model;
the constraint information generation unit is used for generating a processing constraint value based on the equipment processing capability information, and executing constraint on a task allocation result in the output result through the processing constraint value;
and the task allocation obtaining unit is used for generating the task allocation result according to the execution constraint result.
In one embodiment, the system further comprises:
a usage information obtaining unit configured to obtain device history usage information of the detection device;
the equipment analysis execution unit is used for carrying out equipment stability analysis of the detection equipment based on the historical use information to obtain a stability influence coefficient;
and the constraint execution processing unit is used for adjusting the processing constraint value through the stability influence coefficient and executing constraint on the task allocation result in the output result according to the adjusted processing constraint value.
In one embodiment, the system further comprises:
the load information reading unit is used for carrying out fitting reading on the load trigger value and the load trigger frequency data of the multiple execution schemes;
an efficiency result fitting unit, configured to fit efficiency results of the multiple execution schemes;
the load coefficient calculation unit is used for calculating and obtaining a load coefficient based on the load trigger value and the load trigger frequency, carrying out data normalization processing on the load coefficient and the efficiency result, and carrying out comparison final value calculation of the multiple execution schemes according to the processing result and the operation load-efficiency balance parameter;
and the adaptive screening execution unit is used for carrying out adaptive screening according to the comparison final value calculation result to obtain the screening execution scheme.
In one embodiment, the system further comprises:
the task priority evaluation unit is used for evaluating the task execution priority of the security evaluation task list and obtaining a task execution priority evaluation result;
the task sequence distribution unit is used for carrying out task sequence distribution based on the task execution priority evaluation result to obtain task sequence distribution calibration data;
the model input execution unit is used for inputting the task allocation calibration data serving as incremental data to the task allocation model;
and the allocation result obtaining unit is used for outputting and obtaining the task allocation result.
In one embodiment, the system further comprises:
the safety monitoring execution unit is used for performing execution monitoring of commercial password application safety detection on the screening execution scheme to obtain an execution monitoring result;
the efficiency error analysis unit is used for carrying out efficiency error analysis through the execution monitoring result to obtain an efficiency error analysis result;
the characteristic association execution unit is used for carrying out characteristic association on the efficiency error analysis result and the error task and generating feedback information according to the association result;
and the screening optimization adjustment unit is used for carrying out optimization adjustment of subsequent scheme screening through the feedback information.
For a specific embodiment of a detection system for improving the security evaluation efficiency of the commercial cryptographic application, reference may be made to the above embodiment of a detection method for improving the security evaluation efficiency of the commercial cryptographic application, which is not described herein. The above-mentioned each module in the detection device for improving the security evaluation efficiency of the commercial cryptographic application may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing news data, time attenuation factors and other data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a detection method that improves the efficiency of security assessment of a commercial cryptographic application.
Those skilled in the art will appreciate that the structures shown in FIG. 4 are block diagrams only and do not constitute a limitation of the computer device on which the present aspects apply, and that a particular computer device may include more or less components than those shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of: acquiring application evaluation demand information, carrying out task analysis on the application evaluation demand information, and generating a security evaluation task list; the commercial password application system is communicated, and task characteristics of each task in the security evaluation task list are acquired and obtained, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier; acquiring equipment processing capability information of the detection equipment; inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes; acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes; and carrying out commercial password application security detection of each task in the security assessment task list based on the screening execution scheme.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (10)
1. A detection method for improving security evaluation efficiency of commercial cryptographic applications, the method comprising:
acquiring application evaluation demand information, carrying out task analysis on the application evaluation demand information, and generating a security evaluation task list;
the commercial password application system is communicated, and task characteristics of each task in the security evaluation task list are acquired and obtained, wherein the task characteristics comprise an efficiency identifier and an accuracy identifier;
acquiring equipment processing capability information of the detection equipment;
inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model, and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
acquiring operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to acquire screening execution schemes;
and carrying out commercial password application security detection of each task in the security assessment task list based on the screening execution scheme.
2. The method of claim 1, wherein the method comprises:
performing task analysis on the security assessment task list to obtain the task initial grade and task tolerance of each task;
generating task constraint information based on the task initial level and the task latitude;
and inputting the task constraint information and the task characteristics to a node allocation module of the task allocation model, and obtaining a task allocation result based on an output result and the equipment processing capability information.
3. The method according to claim 2, wherein the method comprises:
the processing distribution module is used for inputting the output result and the equipment processing capability information into the task distribution model;
generating a processing constraint value based on the equipment processing capability information, and executing constraint on a task allocation result in the output result through the processing constraint value;
and generating the task allocation result according to the execution constraint result.
4. A method according to claim 3, wherein the method comprises:
obtaining device history use information of the detection device;
performing equipment stability analysis of the detection equipment based on the historical use information to obtain a stability influence coefficient;
and adjusting the processing constraint value through the stability influence coefficient, and executing constraint on the task allocation result in the output result according to the adjusted processing constraint value.
5. The method of claim 1, wherein the method comprises:
carrying out fitting reading on the load trigger value and the load trigger frequency data of the multiple execution schemes;
fitting efficiency results of the plurality of execution schemes;
calculating to obtain a load coefficient based on the load trigger value and the load trigger frequency, carrying out data normalization processing on the load coefficient and the efficiency result, and carrying out comparison final value calculation of the multiple execution schemes according to the processing result and the operation load-efficiency balance parameter;
and carrying out adaptive screening according to the comparison final value calculation result to obtain the screening execution scheme.
6. The method of claim 1, wherein the method comprises:
performing task execution priority evaluation on the security evaluation task list to obtain a task execution priority evaluation result;
performing task sequence allocation based on the task execution priority evaluation result to obtain task sequence allocation calibration data;
the task allocation calibration data are used as incremental data and are input to the task allocation model;
and outputting and obtaining the task allocation result.
7. The method of claim 1, wherein the method comprises:
performing execution monitoring of commercial password application security detection on the screening execution scheme to obtain an execution monitoring result;
performing efficiency error analysis through the execution monitoring result to obtain an efficiency error analysis result;
performing characteristic association on the efficiency error analysis result and an error task, and generating feedback information according to the association result;
and carrying out optimization adjustment of subsequent scheme screening through the feedback information.
8. A detection system for improving security assessment efficiency of a commercial cryptographic application, the system comprising:
the task list generation module is used for acquiring application evaluation requirement information, carrying out task analysis on the application evaluation requirement information and generating a security evaluation task list;
the task feature acquisition module is used for communicating with a commercial password application system and acquiring task features of each task in the security evaluation task list, wherein the task features comprise an efficiency identifier and an accuracy identifier;
the capability information acquisition module is used for acquiring the equipment processing capability information of the detection equipment;
the task allocation analysis module is used for inputting the equipment processing capability information, the security assessment task list and the task characteristics into a task allocation model and outputting a task allocation result, wherein the task allocation result comprises a plurality of execution schemes;
the execution scheme screening module is used for acquiring and obtaining operation load-efficiency balance parameters, and carrying out scheme screening on the multiple execution schemes through the operation load-efficiency balance parameters to obtain screening execution schemes;
and the application security detection module is used for carrying out commercial password application security detection on each task in the security evaluation task list based on the screening execution scheme.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310325711.5A CN116108426A (en) | 2023-03-30 | 2023-03-30 | Detection method and system for improving security evaluation efficiency of commercial password application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310325711.5A CN116108426A (en) | 2023-03-30 | 2023-03-30 | Detection method and system for improving security evaluation efficiency of commercial password application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116108426A true CN116108426A (en) | 2023-05-12 |
Family
ID=86264047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310325711.5A Pending CN116108426A (en) | 2023-03-30 | 2023-03-30 | Detection method and system for improving security evaluation efficiency of commercial password application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116108426A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116414360A (en) * | 2023-06-09 | 2023-07-11 | 杭州易靓好车互联网科技有限公司 | Artificial intelligence-based application system integrated management method and system |
-
2023
- 2023-03-30 CN CN202310325711.5A patent/CN116108426A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116414360A (en) * | 2023-06-09 | 2023-07-11 | 杭州易靓好车互联网科技有限公司 | Artificial intelligence-based application system integrated management method and system |
| CN116414360B (en) * | 2023-06-09 | 2023-10-03 | 杭州易靓好车互联网科技有限公司 | Artificial intelligence-based application system integrated management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105283849B (en) | For the Parallel Tracking of performance and details | |
| US8966492B2 (en) | Service provision quality control device | |
| Sanders et al. | A unified approach for specifying measures of performance, dependability and performability | |
| US8095641B2 (en) | Method and system for virtualized health monitoring of resources | |
| US9088615B1 (en) | Determining a reduced set of remediation actions for endpoint integrity | |
| CN105103147A (en) | Tracing with a workload distributor | |
| CN105122230A (en) | Tracing as a service | |
| US20100094990A1 (en) | Platform-level Indicators of Application Performance | |
| Powers et al. | Short term performance forecasting in enterprise systems | |
| CN105283852A (en) | Obfuscating trace data | |
| US20040257985A1 (en) | System and method of monitoring e-service Quality of Service at a transaction level | |
| CN101576844A (en) | Method and system for testing software system performances | |
| CN116108426A (en) | Detection method and system for improving security evaluation efficiency of commercial password application | |
| CN113595926B (en) | API data transmission method, device, equipment and medium based on data middlebox | |
| CN112711757A (en) | Data security centralized management and control method and system based on big data platform | |
| da Silva et al. | A science-gateway workload archive to study pilot jobs, user activity, bag of tasks, task sub-steps, and workflow executions | |
| CN106803815B (en) | Flow control method and device | |
| CN113158435A (en) | Complex system simulation running time prediction method and device based on ensemble learning | |
| CN116506206A (en) | Big data behavior analysis method and system based on zero trust network user | |
| Wu et al. | A quality model for evaluating encryption-as-a-service | |
| Hanczewski et al. | A Multiparameter Analytical Model of the Physical Infrastructure of a Cloud-Based System | |
| CN111598390A (en) | Server high availability evaluation method, device, equipment and readable storage medium | |
| CN113392385B (en) | User trust measurement method and system in cloud environment | |
| CN116521344B (en) | AI algorithm scheduling method and system based on resource bus | |
| CN110708165A (en) | Multi-CA automatic scheduling method based on request response |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |