CN117272386A

CN117272386A - Internet big data information security encryption method, device, equipment and system

Info

Publication number: CN117272386A
Application number: CN202311313118.5A
Authority: CN
Inventors: 谭海中; 何波; 王世安; 吴明珠; 陈雨恩; 吴杰楠; 黄浩
Original assignee: Guangzhou Institute of Technology
Current assignee: Guangzhou Institute of Technology
Priority date: 2023-10-10
Filing date: 2023-10-10
Publication date: 2023-12-22
Anticipated expiration: 2043-10-10
Also published as: CN117272386B

Abstract

The invention belongs to the technical field of big data service, and discloses an internet big data information security encryption method, which is characterized in that the cloud storage equipment and a connected network before data storage encryption are analyzed so as to reasonably and accurately select the data storage equipment and the network preferentially, so that data can be stored safely and reasonably, and the two dimensions of a node risk score value and a Yun Chu matching evaluation value are analyzed, so that the accuracy of an analysis result is improved, the numbers corresponding to the security storage equipment and the storage node are displayed in an information feedback mode, the data is stored and encrypted safely, the security of the data storage can be improved, and meanwhile, the information leakage caused by the fact that the data information is cracked in the cloud storage is avoided; in addition, safety supervision evaluation analysis is carried out by collecting access data of the information storage encrypted equipment, and the encrypted supervision degree is improved according to the feedback signal so as to improve the information encrypted supervision degree and information safety.

Description

Internet big data information security encryption method, device, equipment and system

Technical Field

The invention belongs to the technical field of big data service, and particularly relates to an internet big data information security encryption method, device, equipment and system.

Background

Today of big data, the internet is further moving, and emerging contents such as social networks are also continuously rising, so people can conveniently acquire wanted information, and information security is also important, and the information security is the technical and administrative security protection established and adopted by a data processing system, so as to protect computer hardware, software and data from being destroyed, changed and revealed due to accidental and malicious reasons.

The security problem of the large data is more and more challenging when the large data is processed and stored in a centralized way, the data stored by a user are easy to be stolen by other people, so that the loss of the user is caused, however, the existing data are required to be sent to a central server and then are stored in an encrypted way, the selection of the cloud storage equipment and the selection of the network nodes connected with the cloud storage equipment cannot be reasonably and safely selected, the storage security of the data is further reduced, the information leakage is easy to be caused, and the encrypted information cannot be monitored and early-warned.

Disclosure of Invention

The invention aims to provide a method, a device, equipment and a system for safely encrypting internet big data information, which can realize reasonable and safe preferential selection for cloud storage equipment and network nodes connected with the cloud storage equipment, further improve the storage safety of the data and monitor and early warn the encrypted information.

The invention discloses a safe encryption method for Internet big data information, which comprises the following steps:

when a management instruction generated by a server is received, collecting position data of a plurality of cloud storage devices;

selecting a plurality of preferred devices from a plurality of cloud storage devices according to the position data;

collecting storage network data of each preferred device, and performing node supervision evaluation analysis on the storage network data to obtain node risk scoring values of each preferred device;

collecting operation risk data of each preferred device, and calculating according to the operation risk data to obtain cloud storage fit evaluation values of the preferred devices;

calculating to obtain a storage security score value of each preferred device according to the node risk score value and Yun Chu coincidence score value of each preferred device;

marking the preferred equipment with the largest stored security score value as a security storage device, and marking the node corresponding to the node risk score value of the security storage device as a storage node;

according to the numbers corresponding to the secure storage equipment and the storage nodes, the information to be stored is securely stored and encrypted;

after information storage encryption, marking the time length of a designated period after information encryption as a supervision time length, and collecting access data of a safety storage device in the supervision time length;

And generating a feedback signal according to the access data, and executing early warning supervision operation corresponding to the feedback signal.

In some embodiments, selecting a plurality of preferred devices from a plurality of cloud storage devices according to the location data comprises:

determining a first position to a cloud storage device according to the position data;

calculating the distance difference between the first position and the second position of the data encryption to obtain a transmission distance;

marking the cloud storage equipment with the transmission distance smaller than a set distance threshold as equipment to be selected;

and obtaining the residual memory value of each device to be selected, and marking the device to be selected with the residual memory value larger than the occupying value of the information to be stored as the preferred device.

In some embodiments, the storage network data includes a data transmission bandwidth, a data transmission connection value, and a data transmission risk value; collecting storage network data of each preferred device, and performing node supervision evaluation analysis on the storage network data to obtain node risk scoring values of each preferred device, wherein the node risk scoring values comprise:

obtaining a storage network of each preferred device, setting i child nodes in the storage network, wherein i is a natural number greater than zero;

acquiring the data transmission bandwidth of each sub-node in each sub-time node in the time threshold, and calculating to obtain a transmission risk multiple value;

Acquiring data transmission connection values of all the sub-nodes in all the sub-time nodes, marking the average value of the data transmission connection values of all the sub-nodes in the time threshold as a stable connection value, and marking the part with the stable connection value larger than the preset stable connection value threshold as an access risk value if the stable connection value is larger than the preset stable connection value threshold;

acquiring data transmission risk values of all sub-nodes in all sub-time nodes, and marking the ratio of the total number of sub-time nodes to the total number of sub-time nodes corresponding to the data transmission risk values larger than a preset data transmission risk value threshold as the data risk value if the data transmission risk values are larger than the preset data transmission risk value threshold;

and calculating to obtain node transmission risk assessment coefficients of all the sub-nodes of all the preferred equipment according to the transmission risk multiple value, the access risk value and the data risk value, determining the minimum value of the node transmission risk assessment coefficients of all the sub-nodes of the preferred equipment, and marking the minimum value as the node risk assessment value.

In some embodiments, obtaining the data transmission bandwidth of each child node in each child time node in the time threshold, and calculating to obtain the transmission risk multiple value includes:

Acquiring the data transmission bandwidth of each sub-node in each sub-time node in the time threshold, constructing a set of the data transmission bandwidth of each sub-node, acquiring the difference value between two connected sub-sets in the set, and marking the average value of the difference value between the two connected sub-sets in the set as a transmission floating average value;

obtaining the average vulnerability number of each child node in a time threshold;

and marking a product value obtained by carrying out data normalization processing on the transmission floating average value and the average vulnerability number as a transmission risk multiple value.

In some embodiments, the operational risk data includes a self-safety assessment value and an environmental interference value; collecting operation risk data of each preferred device, and calculating to obtain a cloud storage fit evaluation value of the preferred device according to the operation risk data, wherein the cloud storage fit evaluation value comprises the following steps:

collecting the time length from the starting time of each piece of preferable equipment to the current time, marking the time length as analysis time length, and obtaining the self-safety evaluation value of each piece of preferable equipment in the analysis time length;

dividing the analysis duration into n sub-time periods, wherein n is a natural number greater than zero, acquiring the environmental interference value of each preferred device in each sub-time period, and calculating according to the environmental interference value to obtain an average external interference value;

And according to the self-safety evaluation value and the average external interference value, calculating to obtain cloud storage fit evaluation values of all the preferred devices.

In some embodiments, the access data includes a number of accesses and an access duration; and generating a feedback signal from the access data, comprising:

obtaining the maximum value and the minimum value of the access time length, and marking the difference value between the maximum value and the minimum value of the access time length as a tampering risk value;

acquiring interval duration between two connected access times in the supervision duration, marking the interval duration corresponding to the interval duration smaller than a preset interval duration threshold as a first mark, and acquiring the total number of the first marks as a dense value; marking the interval time length corresponding to the interval time length being greater than or equal to a preset interval time length threshold as a second mark, and obtaining the total number mark of the second mark as a dispersion value; marking the ratio of the dense value to the scattered value as a frequent ratio;

and if the ratio between the tampering risk value and the preset tampering risk value threshold is greater than or equal to one, and the ratio between the frequent ratio and the preset frequent ratio threshold is greater than or equal to one, generating a feedback signal.

In some embodiments, the method further comprises:

If the ratio between the tampering risk value and the preset tampering risk value threshold is smaller than one, and the ratio between the frequent ratio and the preset frequent ratio threshold is smaller than one, no signal is generated.

The second aspect of the invention discloses an internet big data information security encryption device, comprising:

the preferred analysis unit is used for collecting the position data of the plurality of cloud storage devices when receiving the management command generated by the server; selecting a plurality of preferred devices from a plurality of cloud storage devices according to the position data;

the network analysis unit is used for collecting the storage network data of each preferred device and carrying out node supervision evaluation analysis on the storage network data so as to obtain node risk scoring values of each preferred device;

the pairing analysis unit is used for collecting the operation risk data of each preferred device and calculating and obtaining cloud storage fit evaluation values of the preferred devices according to the operation risk data;

the integration analysis unit is used for calculating and obtaining the storage security score value of each preferred device according to the node risk score value and the Yun Chu coincidence score value of each preferred device; the preferred equipment with the largest stored security score value is marked as a security storage device, and meanwhile, a node corresponding to the node risk score value of the security storage device is marked as a storage node;

The management display unit is used for safely storing and encrypting the information to be stored according to the numbers corresponding to the safety storage equipment and the storage nodes;

the encryption supervision unit is used for marking the time length of the appointed time period after the information is encrypted as supervision time length after the information is stored and encrypted, and collecting access data of the safety storage equipment in the supervision time length; and generating a feedback signal according to the access data;

and the safety management unit is used for executing the early warning supervision operation corresponding to the feedback signal.

A third aspect of the invention discloses an electronic device comprising a memory storing executable program code and a processor coupled to the memory; the processor invokes the executable program code stored in the memory for executing the internet big data information security encryption method disclosed in the first aspect.

A fourth aspect of the present invention discloses a computer-readable storage medium storing a computer program, wherein the computer program causes a computer to execute the internet big data information security encryption method disclosed in the first aspect.

The fifth aspect of the invention discloses an internet big data information security encryption system, which comprises a server and the internet big data information security encryption device disclosed in the second aspect, wherein the server is in communication connection with the internet big data information security encryption device.

The method has the advantages that the data storage is carried out in a reasonable and precise mode through analysis from two angles of the cloud storage equipment before encryption of the data storage and the network connected with the cloud storage equipment, so that the data storage equipment and the transmission network are selected preferentially and reasonably, the data storage is carried out safely and reasonably, the analysis is carried out through two dimensions of the node risk scoring value and the Yun Chu matching scoring value, the accuracy of an analysis result is improved, the numbers corresponding to the safety storage equipment and the storage node are displayed in an information feedback mode, the data is stored and encrypted safely, the safety of the data storage is improved, and important information leakage caused by cracking of the data information in the cloud storage can be avoided; in addition, the method analyzes from the supervision angle after storage encryption, namely, collects the access data of the safety storage equipment after information storage encryption, carries out safety supervision evaluation analysis, and reasonably and pertinently improves the supervision intensity after information encryption according to the feedback signal so as to improve the supervision intensity and information safety after information encryption.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles and effects of the invention.

Unless specifically stated or otherwise defined, the same reference numerals in different drawings denote the same or similar technical features, and different reference numerals may be used for the same or similar technical features.

FIG. 1 is a flow chart of an internet big data information security encryption method disclosed by the invention;

fig. 2 is a schematic structural diagram of an internet big data information security encryption device disclosed in the present invention;

FIG. 3 is a schematic diagram of an electronic device according to the present disclosure;

fig. 4 is a schematic diagram of an architecture of an internet big data information security encryption system disclosed in the present invention.

Reference numerals illustrate:

201. a preference analysis unit; 202. a network analysis unit; 203. a pairing analysis unit; 204. an integrated analysis unit; 205. a management display unit; 206. an encryption supervision unit; 207. a security management unit; 301. a memory; 302. a processor; 200. an internet big data information security encryption device; 400. and a server.

Detailed Description

In order that the invention may be readily understood, a more particular description of specific embodiments thereof will be rendered by reference to specific embodiments that are illustrated in the appended drawings.

Unless defined otherwise or otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. In the context of a realistic scenario in connection with the technical solution of the invention, all technical and scientific terms used herein may also have meanings corresponding to the purpose of the technical solution of the invention. The terms "first and second …" are used herein merely for distinguishing between names and not for describing a particular number or order. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.

It will be understood that when an element is referred to as being "fixed" to another element, it can be directly fixed to the other element or intervening elements may also be present; when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present; when an element is referred to as being "mounted to" another element, it can be directly mounted to the other element or intervening elements may also be present. When an element is referred to as being "disposed on" another element, it can be directly on the other element or intervening elements may also be present.

As used herein, unless specifically stated or otherwise defined, "the" means that the feature or technical content mentioned or described before in the corresponding position may be the same or similar to the feature or technical content mentioned. Furthermore, the terms "comprising," "including," and "having," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.

The invention relates to an internet big data information security encryption method which can be realized through computer programming. The execution main body of the method can be electronic equipment such as a computer, a notebook computer, a tablet computer and the like, or an internet big data information security encryption device (hereinafter referred to as a security encryption device) embedded in the electronic equipment, and the invention is not limited to the above.

As shown in fig. 1, the embodiment of the invention discloses an internet big data information security encryption method, which comprises the following steps 110 to 180:

110. and when receiving the management command generated by the server, collecting the position data of the plurality of cloud storage devices, and selecting a plurality of preferred devices from the plurality of cloud storage devices according to the position data.

In the embodiment of the invention, after receiving the management instruction generated by the server, the position data of the plurality of cloud storage devices are immediately collected, and the preferred safety analysis is carried out on the cloud storage devices according to the position data, so that the preferred selection is carried out on the cloud storage devices reasonably and accurately. Specifically, the preferential safety analysis process comprises the following steps:

determining a first position of the cloud storage device according to the position data, performing distance difference calculation on the first position and a second position of the data encryption to obtain a transmission distance, marking the cloud storage device with the transmission distance smaller than a set distance threshold as a device to be selected, marking the device to be selected as g, and obtaining a residual memory value SXg of each device to be selected, wherein g is a natural number larger than zero; and obtaining a occupation value of the information to be stored, comparing and analyzing the residual memory value SXg with the occupation value, and if the residual memory value SXg is larger than the occupation value, generating a coincidence signal of the cloud storage device, wherein the coincidence signal is used for representing that the equipment to be selected corresponding to the residual memory value SXg larger than the occupation value is marked as preferential equipment, the preferential equipment is marked as k, k is a natural number larger than zero, and k is smaller than g.

120. And collecting storage network data of each preferred device, and performing node supervision evaluation analysis on the storage network data to obtain node risk score values JPk of each preferred device.

The storage network data includes a data transmission bandwidth, a data transmission connection value and a data transmission risk value, which can be used for judging whether the storage network connected by each preferred device has an information transmission risk, so as to perform reasonable storage and protection management, and simultaneously facilitate reasonable selection of each preferred device node, and the specific node supervision, evaluation and analysis process includes the following steps 1201-1205 not shown:

1201. and obtaining a storage network of each preferred device, setting i child nodes in the storage network, wherein i is a natural number larger than zero.

1202. And acquiring the data transmission bandwidth of each sub-node in each sub-time node in the time threshold, and calculating to obtain a transmission risk multiple value.

The time threshold may be a specified historical time period, or a time period before the information is collected and stored for encryption, and is marked as a time threshold, and then the time threshold is divided into o sub-time nodes, where o is a natural number greater than zero.

Acquiring the data transmission bandwidth of each sub-node in each sub-time node in the time threshold, constructing a set A of the data transmission bandwidth of each sub-node, acquiring the difference value between two connected sub-sets in the set A, marking the average value of the difference value between the two connected sub-sets in the set A as a transmission floating average value, acquiring the average vulnerability number of each sub-node in the time threshold, marking the product value obtained by carrying out data normalization processing on the transmission floating average value and the average vulnerability number as a transmission risk multiple value, and marking the product value as CFki. It should be noted that the transmission risk multiplier CFki is an influence parameter reflecting the data condition of each node.

1203. The method comprises the steps of obtaining data transmission connection values of all sub-nodes in all sub-time nodes, marking the average value of the data transmission connection values of all the sub-nodes in a time threshold as a stable connection value, and marking the part with the stable connection value larger than a preset stable connection value threshold as an access risk value if the stable connection value is larger than the preset stable connection value threshold.

The data transmission connection value represents the sum of the network key connection number and the network key-free connection number, and further the average value of the data transmission connection values of all the child nodes in the time threshold is obtained, the average value is marked as a stable connection value, the stable connection value is compared with a preset stable connection value threshold for analysis, if the stable connection value is larger than the preset stable connection value threshold, the part with the stable connection value larger than the preset stable connection value threshold is marked as an access risk value, the label is JFki, and the larger the value of the access risk value JFki is, the larger the abnormal risk of node data transmission is.

1204. Acquiring data transmission risk values of all sub-nodes in all sub-time nodes, and marking the ratio of the total number of sub-time nodes to the total number of sub-time nodes corresponding to the data transmission risk values larger than the preset data transmission risk value threshold as the data risk value if the data transmission risk values are larger than the preset data transmission risk value threshold.

The data transmission risk value represents the ratio of the frequency of network attack to the successful defense frequency, the data transmission risk value is compared with a preset data transmission risk value threshold, if the data transmission risk value is greater than the preset data transmission risk value threshold, the ratio of the total number of sub-time nodes corresponding to the data transmission risk value greater than the preset data transmission risk value threshold to the total number of sub-time nodes is marked as the data risk value, and the mark is SFki. It should be noted that, the larger the value of the data risk value SFki, the greater the risk of abnormal data transmission of the node.

1205. And according to the transmission risk multiple value, the access risk value and the data risk value, calculating to obtain node transmission risk assessment coefficients of all the sub-nodes of all the preferred equipment, determining the minimum value of the node transmission risk assessment coefficients of all the sub-nodes of the preferred equipment, and marking the minimum value as the node risk assessment value.

As an alternative embodiment, the node transmission risk assessment coefficient JCki of each child node of each preferred apparatus may be calculated according to the following formula (1):

the a1, a2 and a3 are preset scale factor coefficients of a transmission risk factor value, an access risk value and a data risk value respectively, and the scale factor coefficients are used for correcting deviation of various parameters in a formula calculation process, so that calculation results are more accurate, a1, a2 and a3 are positive numbers larger than zero, a4 is a preset correction factor coefficient, and the value is 1.432.JCki is a node transmission risk assessment coefficient of each sub-node of each preferred device, the size of the coefficient is a specific numerical value obtained by quantizing each parameter, so that subsequent comparison is convenient, the size of the coefficient depends on the number of sample data and the corresponding coefficient preliminarily set by a person skilled in the art for each group of sample data, as long as the proportional relation between the parameter and the quantized numerical value is not affected, the minimum value of the node transmission risk assessment coefficient JCki of each sub-node of the preferred device is obtained, and the minimum value is marked as a node risk scoring value JPk.

130. And acquiring operation risk data of each preferred device, and calculating and obtaining cloud storage fit evaluation values of the preferred devices according to the operation risk data.

The operation risk data comprises a self safety evaluation value and an environment interference value, the operation risk data can be subjected to pairing supervision evaluation analysis, and cloud storage fit evaluation values of the preferred equipment are obtained through calculation and are used for judging whether storage conditions of the preferred equipment reach standards or not so as to ensure the safety of data storage encryption. Specifically, the process of pairing supervision evaluation analysis and calculation to obtain the cloud storage fit evaluation value of the preferred device includes the following steps 1301-1303, not shown:

1301. and acquiring the time length from the starting time of each piece of preferable equipment to the current time, marking the time length as analysis time length, and acquiring the self-safety evaluation value SPk of each piece of preferable equipment in the analysis time length.

The self-safety evaluation value SPk is an influence parameter reflecting the data storage risk of the preferred equipment.

1302. Dividing analysis duration into n sub-time periods, wherein n is a natural number greater than zero, acquiring the environmental interference value of each preferred device in each sub-time period, and calculating according to the environmental interference value to obtain an average external interference value.

The environmental interference value represents the product value obtained by carrying out data normalization processing on the sum value of the corresponding values of the average temperature and the average humidity and the environmental dust change value, so as to construct a set B of the environmental interference value, obtain the average value of the set B, and mark the average value of the set B as an average external interference value WGk, and it is noted that the larger the value of the average external interference value WGk is, the larger the preferable equipment data storage risk is.

1303. And according to the self-safety evaluation value and the average external interference value, calculating to obtain cloud storage fit evaluation values of all the preferred devices.

Specifically, the cloud storage matching evaluation value of each preferred device can be obtained by calculation according to the following formula (2):

wherein f1 and f2 are respectively preset weight factor coefficients of self-safety evaluation values and average external interference values, f1 and f2 are natural numbers of unit zero, f3 is a preset fault tolerance factor coefficient, the value is 1.446, and pk is a cloud storage fit evaluation value of each preferred device.

140. And calculating the stored security score value of each preferred device according to the node risk score values JPk and Yun Chu of each preferred device and the coincidence score value Pk.

Specifically, the stored security score value of each preferred device may be calculated according to the following formula (3):

Wherein, alpha and beta are respectively the node risk scoring value and the preset error factor coefficient of Yun Chu coincidence scoring value, epsilon is the preset error factor coefficient, and CPk is the storage security scoring value of each preferred device.

150. And marking the preferred equipment with the largest storage security score value as security storage equipment, marking the node corresponding to the node risk score value of the security storage equipment as storage node, and performing security storage and encryption on the information to be stored according to the numbers corresponding to the security storage equipment and the storage node.

Optionally, after the stored security score value of each preferred device is obtained by calculation, a rectangular coordinate system is established by taking the preferred device number as an X axis and taking the stored security score value CPk as a Y axis, a stored security score value curve is drawn in a dot drawing mode, the maximum peak value in the stored security score value curve is obtained, and the preferred device corresponding to the maximum peak value is marked as a security storage device. And further determining the numbers corresponding to the safe storage equipment and the storage nodes, outputting and displaying the numbers corresponding to the safe storage equipment and the storage nodes, and further carrying out safe storage and encryption on the information to be stored.

160. And after the information storage is encrypted, marking the time length of the appointed time period after the information is encrypted as the supervision time length, and collecting the access data of the safety storage equipment in the supervision time length.

Specifically, the access data includes access times and access time length, the time length of a period of time after information encryption is collected and marked as a supervision time length, the access times of the safety storage device in the supervision time length are obtained, the access times are marked as v, v is a natural number larger than one, and the access time length of each access time in the supervision time length is obtained.

170. A feedback signal is generated from the access data.

The access duration is subjected to security supervision evaluation analysis, so that the supervision degree of the encrypted information can be improved, and the security of the information is ensured. Specifically, the security supervision evaluation analysis process includes the following steps 1701 to 1703, not shown:

1701. and acquiring the maximum value and the minimum value of the access time length, and marking the difference value between the maximum value and the minimum value of the access time length as a tampering risk value.

And obtaining the maximum value and the minimum value of the access time length, so as to obtain the difference value between the maximum value and the minimum value of the access time length, and marking the difference value between the maximum value and the minimum value of the access time length as a tamper risk value. It should be noted that, the larger the value of the tamper risk value is, the larger the risk of information loss is, and the larger the requirement of supervision is.

1702. The method comprises the steps of obtaining interval duration between two connected access times in a supervision duration, marking the interval duration corresponding to the interval duration smaller than a preset interval duration threshold as a first sign, obtaining the total number of the first signs as a dense value, marking the interval duration corresponding to the interval duration larger than or equal to the preset interval duration threshold as a second sign, obtaining the total number of the second signs as a scattered value, and marking the ratio of the dense value to the scattered value as a frequent ratio.

For example, the interval duration between two access times connected in the supervision duration is obtained, the interval duration is compared with a preset interval duration threshold, if the interval duration is smaller than the preset interval duration threshold, the interval duration corresponding to the interval duration smaller than the preset interval duration threshold is marked as '1', if the interval duration is greater than or equal to the preset interval duration threshold, the interval duration corresponding to the interval duration greater than or equal to the preset interval duration threshold is marked as '2', the total number of all '1' and '2' is respectively obtained, the interval duration is respectively marked as a dense value and a disperse value, and the ratio of the dense value to the disperse value is marked as a frequent ratio.

1703. And if the ratio between the tampering risk value and the preset tampering risk value threshold is greater than or equal to one, and the ratio between the frequent ratio and the preset frequent ratio threshold is greater than or equal to one, generating a feedback signal.

In some embodiments, if the ratio between the tamper risk value and the preset tamper risk value threshold is less than one and the ratio between the frequent ratio and the preset frequent ratio threshold is less than one, no signal is generated.

180. And executing early warning supervision operation corresponding to the feedback signal.

After receiving the feedback signal, early warning supervision operation corresponding to the feedback signal is immediately performed, so that the supervision level of the safety storage device is improved, and the supervision strength and the information safety after information encryption are improved.

It should be noted that, in the embodiment of the present invention, the setting of the size of the threshold (including setting a distance threshold, a preset stable connection value threshold, a preset data transmission risk value threshold, a preset interval duration threshold, a preset tampering risk value threshold, a preset frequent ratio threshold, etc.) is for convenience of comparison, and regarding the size of the threshold, the size of the threshold depends on the number of sample data and the number of base set by a person skilled in the art for each group of sample data; as long as the proportional relation between the parameter and the quantized value is not affected.

In summary, the embodiment of the invention analyzes from two angles of the storage device before data storage encryption and the network connected with the storage device, so as to reasonably and accurately perform preferential selection on the storage device and the transmission network of the data, so as to safely and reasonably perform data storage, analyze through two dimensions of the node risk score value and the Yun Chu matching evaluation value, help to improve the accuracy of analysis results, display the numbers corresponding to the safety storage device and the storage node in an information feedback manner, further perform safe storage and encryption on the data, improve the safety of data storage, and simultaneously avoid important information leakage caused by cracking of data information in cloud storage.

As shown in fig. 2, the embodiment of the invention discloses an internet big data information security encryption device, which comprises a preference analysis unit 201, a network analysis unit 202, a pairing analysis unit 203, an integration analysis unit 204, a management display unit 205, an encryption supervision unit 206 and a security management unit 207, wherein,

a preferential analysis unit 201, configured to collect location data of a plurality of cloud storage devices when receiving a management instruction generated by a server; selecting a plurality of preferred devices from a plurality of cloud storage devices according to the position data;

the network analysis unit 202 is configured to collect storage network data of each preferred device, and perform node supervision evaluation analysis on the storage network data to obtain node risk score values of each preferred device;

the pairing analysis unit 203 is configured to collect operation risk data of each preferred device, and calculate and obtain a cloud storage matching evaluation value of the preferred device according to the operation risk data;

an integration analysis unit 204, configured to calculate a stored security score value of each preferred device according to the node risk score value and the Yun Chu matching score value of each preferred device; the preferred equipment with the largest stored security score value is marked as a security storage device, and meanwhile, a node corresponding to the node risk score value of the security storage device is marked as a storage node;

A management display unit 205, configured to securely store and encrypt information to be stored according to numbers corresponding to the secure storage device and the storage node;

the encryption supervision unit 206 is configured to, after encryption of the information storage, mark a duration of a specified period after encryption of the information as a supervision duration, and collect access data of the secure storage device within the supervision duration; and generating a feedback signal from the access data;

the security management unit 207 is configured to perform an early warning supervision operation corresponding to the feedback signal.

As an optional implementation manner, the manner in which the preferential analysis unit 201 is configured to select, according to the location data, a plurality of preferred devices from a plurality of cloud storage devices is specifically:

the preferential analysis unit 201 is configured to determine a first location to the cloud storage device according to the location data; calculating the distance difference between the first position and the second position of the data encryption to obtain a transmission distance; marking the cloud storage equipment with the transmission distance smaller than a set distance threshold as equipment to be selected; and obtaining the residual memory value of each device to be selected, and marking the device to be selected with the residual memory value larger than the occupying value of the information to be stored as the preferred device.

As an alternative embodiment, the storage network data includes a data transmission bandwidth, a data transmission connection value, and a data transmission risk value; the network analysis unit 202 specifically includes the following sub-units, not shown:

the acquisition subunit is used for acquiring the storage network of each piece of preferable equipment, and setting i child nodes in the storage network, wherein i is a natural number larger than zero;

the first calculating subunit is used for obtaining the data transmission bandwidth of each sub-node in each sub-time node in the time threshold and calculating to obtain a transmission risk multiple value;

the second calculation subunit is configured to obtain a data transmission connection value of each sub-node in each sub-time node, mark a mean value of the data transmission connection values of each sub-node in a time threshold as a stable connection value, and mark a portion of the stable connection value greater than a preset stable connection value threshold as an access risk value if the stable connection value is greater than the preset stable connection value threshold;

the third calculation subunit is configured to obtain a data transmission risk value of each child node in each child time node, and if the data transmission risk value is greater than a preset data transmission risk value threshold, mark a ratio of the total number of the child time nodes to the total number of the child time nodes corresponding to the data transmission risk value greater than the preset data transmission risk value threshold as a data risk value;

And the integration calculation subunit is used for calculating the node transmission risk assessment coefficient of each sub-node of each preferred device according to the transmission risk multiple value, the access risk value and the data risk value, determining the minimum value of the node transmission risk assessment coefficient of each preferred device sub-node, and marking the minimum value as the node risk assessment value.

Further optionally, the first calculating subunit may be specifically configured to obtain a data transmission bandwidth of each sub-node in each sub-time node in the time threshold, so as to construct a set of data transmission bandwidths of each sub-node, obtain a difference value between two connected sub-sets in the set, and mark a mean value of the difference value between two connected sub-sets in the set as a transmission floating mean value; simultaneously obtaining the average vulnerability number of each child node in the time threshold; and marking a product value obtained by carrying out data normalization processing on the transmission floating average value and the average vulnerability number as a transmission risk multiple value.

As an alternative embodiment, the running risk data includes a self-safety evaluation value and an environmental interference value; the pairing analysis unit 203 is specifically configured to collect a time period from a start time of each piece of preferred equipment to a current time, mark the time period as an analysis time period, and obtain self-security evaluation values of each piece of preferred equipment in the analysis time period; dividing the analysis duration into n sub-time periods, wherein n is a natural number greater than zero, acquiring the environmental interference value of each preferred device in each sub-time period, and calculating according to the environmental interference value to obtain an average external interference value; and calculating to obtain cloud storage fit evaluation values of each preferred device according to the self-safety evaluation value and the average external interference value.

As an alternative embodiment, the access data includes the number of accesses and the access duration; and, the manner in which the encryption supervisory unit 206 is configured to generate the feedback signal according to the access data is specifically:

the encryption supervisory unit 206 is configured to obtain a maximum value and a minimum value of the access duration, and mark a difference value between the maximum value and the minimum value of the access duration as a tamper risk value; acquiring interval duration between two connected access times in the supervision duration, marking the interval duration corresponding to the interval duration smaller than a preset interval duration threshold as a first mark, and acquiring the total number of the first marks as a dense value; marking the interval time length corresponding to the interval time length being greater than or equal to a preset interval time length threshold as a second mark, and obtaining the total number mark of the second mark as a dispersion value; marking the ratio of the dense value to the scattered value as a frequent ratio; and if the ratio between the tampering risk value and the preset tampering risk value threshold is greater than or equal to one, and the ratio between the frequent ratio and the preset frequent ratio threshold is greater than or equal to one, generating a feedback signal.

As shown in fig. 3, an embodiment of the present invention discloses an electronic device comprising a memory 301 storing executable program code and a processor 302 coupled to the memory 301; the processor 302 calls executable program codes stored in the memory 301, and executes the internet big data information security encryption method described in the above embodiments.

As shown in fig. 4, the embodiment of the invention discloses an internet big data information security encryption system which is used for carrying out storage analysis and control on information, thereby guaranteeing the security of information storage and improving the supervision effect of information storage. The internet big data information security encryption system comprises a server 400 and the internet big data information security encryption device 200 which are in communication connection, wherein the internet big data information security encryption device 200 comprises a preferred analysis unit 201, a network analysis unit 202, a pairing analysis unit 203, an integration analysis unit 204, a management display unit 205, an encryption supervision unit 206 and a security management unit 207;

the server 400 is configured to generate a pipe transporting instruction, and send the pipe transporting instruction to the preferential analysis unit 201;

a preferential analysis unit 201, configured to collect location data of a plurality of cloud storage devices when receiving a management instruction generated by the server 400; performing preferential security analysis on the plurality of cloud storage devices according to the position data to determine a plurality of preferred devices from the plurality of cloud storage devices, and sending corresponding signals to the network analysis unit 202 and the pairing analysis unit 203;

the network analysis unit 202 is configured to collect storage network data of each preferred device when receiving the corresponding signal, perform node supervision evaluation analysis on the storage network data, obtain node risk score values of each preferred device, and send the node risk score values to the integration analysis unit 204;

The pairing analysis unit 203 is configured to collect operation risk data of each preferred device when receiving the corresponding signal, calculate and obtain a cloud storage matching evaluation value of the preferred device according to the operation risk data, and send the cloud storage matching evaluation value to the integration analysis unit 204;

an integration analysis unit 204, configured to, when receiving the node risk score value and the Yun Chu matching score value of each preferred device, calculate, according to the node risk score value and the Yun Chu matching score value of each preferred device, a stored security score value of each preferred device; the preferred equipment with the largest stored security score value is marked as a security storage device, and meanwhile, a node corresponding to the node risk score value of the security storage device is marked as a storage node; and, transmitting numbers corresponding to the secure storage device and the storage node to the management display unit 205 and the encryption supervisory unit 206;

the management display unit 205 is configured to immediately display numbers corresponding to the secure storage device and the storage node after receiving the numbers corresponding to the secure storage device and the storage node, and perform secure storage and encryption on information to be stored according to the numbers corresponding to the secure storage device and the storage node;

The encryption supervision unit 206 is configured to, after receiving numbers corresponding to the secure storage device and the storage node, and after the management display unit 205 performs information storage encryption, mark a duration of a specified period after the information encryption as a supervision duration, and collect access data of the secure storage device within the supervision duration; and generating a feedback signal according to the access data and transmitting the feedback signal to the security management unit 207;

the security management unit 207 is configured to immediately execute, after receiving the feedback signal, an early warning supervision operation corresponding to the feedback signal, so as to improve a supervision level of the secure storage device, so as to improve a supervision strength and information security after information encryption.

The embodiment of the invention also discloses a computer readable storage medium storing a computer program, wherein the computer program causes a computer to execute the internet big data information security encryption method described in the above embodiments.

The foregoing embodiments are provided for the purpose of exemplary reproduction and deduction of the technical solution of the present invention, and are used for fully describing the technical solution, the purpose and the effects of the present invention, and are used for enabling the public to understand the disclosure of the present invention more thoroughly and comprehensively, and are not used for limiting the protection scope of the present invention.

The above examples are also not an exhaustive list based on the invention, and there may be a number of other embodiments not listed. Any substitutions and modifications made without departing from the spirit of the invention are within the scope of the invention.

Claims

1. The internet big data information security encryption method is characterized by comprising the following steps:

2. The internet big data information security encryption method according to claim 1, wherein selecting a plurality of preferred devices from a plurality of cloud storage devices according to the location data comprises:

3. The internet big data information security encryption method according to claim 1, wherein the storage network data includes a data transmission bandwidth, a data transmission connection value, and a data transmission risk value; collecting storage network data of each preferred device, and performing node supervision evaluation analysis on the storage network data to obtain node risk scoring values of each preferred device, wherein the node risk scoring values comprise:

4. The method for securely encrypting internet big data information according to claim 3, wherein the step of obtaining the data transmission bandwidth of each sub-node in each sub-time node in the time threshold and calculating the transmission risk multiple value comprises the steps of:

5. The internet big data information security encryption method according to any one of claims 1 to 4, wherein the running risk data includes a self security evaluation value and an environmental interference value; collecting operation risk data of each preferred device, and calculating to obtain a cloud storage fit evaluation value of the preferred device according to the operation risk data, wherein the cloud storage fit evaluation value comprises the following steps:

6. The internet big data information security encryption method according to any one of claims 1 to 4, wherein the access data includes the number of accesses and the access duration; and generating a feedback signal from the access data, comprising:

7. The internet big data information security encryption method according to claim 6, wherein the method further comprises:

8. An electronic device comprising a memory storing executable program code and a processor coupled to the memory; the processor invokes the executable program code stored in the memory for performing the internet big data information security encryption method of any one of claims 1 to 7.

9. The internet big data information safety encryption device is characterized by comprising:

10. The internet big data information security encryption system is characterized by comprising a server and the internet big data information security encryption device according to claim 9, wherein the server is in communication connection with the internet big data information security encryption device.