CN117521120B - File encryption method, device, equipment and storage medium - Google Patents
File encryption method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117521120B CN117521120B CN202410025619.1A CN202410025619A CN117521120B CN 117521120 B CN117521120 B CN 117521120B CN 202410025619 A CN202410025619 A CN 202410025619A CN 117521120 B CN117521120 B CN 117521120B
- Authority
- CN
- China
- Prior art keywords
- file
- target
- encryption
- integrity
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000005192 partition Methods 0.000 claims abstract description 123
- 239000013598 vector Substances 0.000 claims abstract description 118
- 238000004458 analytical method Methods 0.000 claims abstract description 92
- 239000012634 fragment Substances 0.000 claims abstract description 40
- 238000012545 processing Methods 0.000 claims abstract description 29
- 238000013507 mapping Methods 0.000 claims abstract description 25
- 238000000605 extraction Methods 0.000 claims abstract description 22
- 230000010354 integration Effects 0.000 claims abstract description 14
- 239000010410 layer Substances 0.000 claims description 69
- 230000004927 fusion Effects 0.000 claims description 21
- 230000015654 memory Effects 0.000 claims description 19
- 238000004364 calculation method Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 11
- 239000002356 single layer Substances 0.000 claims description 10
- 230000002068 genetic effect Effects 0.000 claims description 8
- 238000013433 optimization analysis Methods 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 5
- 230000006403 short-term memory Effects 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 230000007787 long-term memory Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 6
- 238000005457 optimization Methods 0.000 description 5
- 230000001010 compromised effect Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000002131 composite material Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to the field of file encryption, and discloses a file encryption method, device, equipment and storage medium, which are used for realizing comprehensive file encryption and safety protection and improving confidentiality and integrity of a file. The method comprises the following steps: carrying out file encryption processing through a file armor system to obtain a file encryption state identification of each target sensitive file; generating a file partition storage network and calculating encrypted fragment data; verifying the file integrity to obtain a file integrity index set, and analyzing the file security to obtain the file security index set; performing feature extraction and feature integration to obtain a target integrity feature vector, and performing index clustering and feature mapping to obtain a target safety feature vector; performing system stability analysis through a system stability analysis model to obtain a system stability analysis result; and generating an encryption strategy of the target file and performing secondary encryption and access right control.
Description
Technical Field
The present invention relates to the field of file encryption, and in particular, to a method, apparatus, device, and storage medium for encrypting a file.
Background
In the digital age today, information security has become one of the focus of business and personal attention. As data storage and transmission increases, the security of files becomes particularly important. Traditional file encryption methods face the threat of increasingly complex network attacks and data leakage, and therefore more advanced and comprehensive file encryption solutions are needed.
With the rapid development of technologies such as cloud computing, big data, internet of things and the like, users need to share sensitive data between different platforms and devices, and meanwhile, the integrity, confidentiality and usability of the data are ensured. The traditional file encryption method only focuses on confidentiality of data, but ignores security and integrity of files in the storage and transmission processes, so that adaptability of file encryption is reduced.
Disclosure of Invention
The invention provides a file encryption method, a device, equipment and a storage medium, which are used for realizing comprehensive file encryption and security protection and improving confidentiality and integrity of a file.
The first aspect of the present invention provides a file encryption method, including: respectively carrying out file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in a file armour system to obtain a file encryption state identification of each target sensitive file; generating a file partition storage network of each target sensitive file according to the file encryption state identification, and calculating encryption fragment data of each target sensitive file according to the file partition storage network; carrying out file integrity verification on the encrypted fragment data of each target sensitive file to obtain a file integrity index set, and carrying out file security analysis on the file partition storage network and the encrypted fragment data to obtain a file security index set; performing feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, performing index clustering and feature mapping on the file safety index set to obtain a target safety feature sequence, and constructing a target safety feature vector corresponding to the target safety feature sequence; inputting the target integrity feature vector and the target safety feature vector into a preset system stability analysis model to perform system stability analysis, so as to obtain a system stability analysis result; and generating a target file encryption strategy of the file armored system according to the system stability analysis result, and performing secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
With reference to the first aspect, in a first implementation manner of the first aspect of the present invention, the performing, by using a multi-layer encryption algorithm in a file armored system, file encryption processing on a plurality of target sensitive files to obtain a file encryption status identifier of each target sensitive file includes: acquiring a multi-layer encryption algorithm in a file armor system, wherein the multi-layer encryption algorithm comprises a first-layer symmetric encryption algorithm and a second-layer asymmetric encryption algorithm; respectively carrying out file segmentation on a plurality of target sensitive files to obtain a plurality of sub-sensitive files of each target sensitive file; respectively carrying out encryption operation on the plurality of sub-sensitive files through the first-layer symmetric encryption algorithm to obtain a first encryption state identification of each sub-sensitive file; respectively carrying out encryption operation on the plurality of sub-sensitive files through the second-layer asymmetric encryption algorithm to obtain a second encryption state identification of each sub-sensitive file; and performing identification splicing and classified storage on the first encryption state identification and the second encryption state identification of each sub-sensitive file to obtain the file encryption state identification of each target sensitive file.
With reference to the first aspect, in a second implementation manner of the first aspect of the present invention, the generating a file partition storage network of each target sensitive file according to the file encryption status identifier, and calculating encrypted fragment data of each target sensitive file according to the file partition storage network includes: generating encryption level information of each target sensitive file according to the file encryption state identification, and creating an initial partition storage network according to the encryption level information; performing storage network clustering calculation on the initial partition storage network to obtain a storage network clustering result, and calculating the importance of each storage partition in the initial partition storage network according to the storage network clustering result; carrying out network weighting processing on the initial partition storage network according to the storage network clustering result and the importance of each storage partition through a preset graph theory algorithm to obtain a weighted partition storage network; performing storage encryption relation calculation on a plurality of storage partitions in the weighted partition storage network to obtain storage encryption relations of the plurality of storage partitions; according to the storage encryption relation, optimizing the network storage relation of a plurality of storage partitions in the initial partition storage network to obtain a file partition storage network; and according to the file partition storage network, respectively carrying out storage partition allocation on each target sensitive file, and calculating the encrypted fragment data of each target sensitive file.
With reference to the first aspect, in a third implementation manner of the first aspect of the present invention, performing file integrity verification on encrypted segment data of each target sensitive file to obtain a file integrity index set, and performing file security analysis on the file partition storage network and the encrypted segment data to obtain a file security index set, where the method includes: the method comprises the steps of extracting integrity information of encrypted fragment data of each target sensitive file through a preset hash function to obtain first file integrity information of each target sensitive file, and performing information space mapping on the first file integrity information to obtain a first integrity information space; acquiring second file integrity information of each target sensitive file through the file armor system, and performing information space mapping on the second file integrity information to obtain a second integrity information space; carrying out file integrity index calculation on the first integrity information space and the second integrity information space to obtain a file integrity index set; extracting file security record data from the file partition storage network and the encrypted fragment data to obtain file security record data; and calculating the file security index of the file security record data to obtain a file security index set.
With reference to the first aspect, in a fourth implementation manner of the first aspect of the present invention, the performing feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, performing index clustering and feature mapping on the file security index set to obtain a target security feature sequence, and constructing a target security feature vector corresponding to the target security feature sequence, including: extracting and integrating the characteristics of the file integrity index set to obtain a target integrity characteristic sequence, and inquiring a first weight data set from the file armor system according to the file integrity index set; calculating a weighted value of the target integrity feature sequence according to the first weight data set to obtain a weighted integrity feature sequence, and carrying out vector coding on the weighted integrity feature sequence to obtain a corresponding target integrity feature vector; index clustering and feature mapping are carried out on file security index sets of the plurality of target sensitive files to obtain target security feature sequences, and a second weight data set is inquired from the file armor system according to the file security index sets; and calculating a weighted value of the target security feature sequence according to the second weight data set to obtain a weighted security feature sequence, and carrying out vector coding on the weighted security feature sequence to obtain a corresponding target security feature vector.
With reference to the first aspect, in a fifth implementation manner of the first aspect of the present invention, inputting the target integrity feature vector and the target security feature vector into a preset system stability analysis model to perform system stability analysis, to obtain a system stability analysis result, where the system stability analysis result includes: vector fusion is carried out on the target integrity feature vector and the target safety feature vector to obtain a target fusion feature vector; inputting the target fusion feature vector into a preset system stability analysis model, wherein the system stability analysis model comprises: an encoder and decoder, the encoder comprising: the decoder comprises a three-layer convolution network and a single-layer long and short-term memory network, wherein the decoder comprises a three-layer deconvolution network and a full-connection layer; performing convolution feature extraction on the target fusion feature vector through a three-layer convolution network in the encoder to obtain a high-dimensional convolution feature vector, and performing feature association processing on the high-dimensional convolution feature vector through a single-layer long-short-time memory network in the encoder to obtain a target feature association vector; performing deconvolution operation on the target feature correlation vector through a three-layer deconvolution network in the decoder to obtain a target deconvolution feature vector, and performing system stability prediction on the target deconvolution feature vector through a full connection layer in the decoder to obtain system stability prediction data; and generating a system stability analysis result corresponding to the file armor system according to the system stability prediction data.
With reference to the first aspect, in a sixth implementation manner of the first aspect of the present invention, the generating, according to the system stability analysis result, a target file encryption policy of the file armored system, and performing secondary encryption and access rights control on the plurality of target sensitive files according to the target file encryption policy, includes: initializing a file encryption strategy group of the file armor system according to the system stability analysis result through a preset genetic algorithm to generate an initial file encryption strategy group, wherein the initial file encryption strategy group comprises a plurality of first file encryption strategies; respectively calculating first fitness data of each first file encryption strategy, and carrying out strategy group division on the plurality of first file encryption strategies according to the first fitness data to obtain a plurality of target file encryption strategy groups; generating a plurality of second file encryption policies according to the target file encryption policy groups, and respectively calculating second fitness data of each second file encryption policy; performing policy optimization analysis on the plurality of second file encryption policies according to the second fitness data to obtain a target file encryption policy of the file armor system; and carrying out secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
A second aspect of the present invention provides a file encrypting apparatus, comprising: the encryption module is used for respectively carrying out file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in the file armored system to obtain file encryption state identifiers of each target sensitive file; the partition module is used for generating a file partition storage network of each target sensitive file according to the file encryption state identification and calculating encryption fragment data of each target sensitive file according to the file partition storage network; the processing module is used for carrying out file integrity verification on the encrypted fragment data of each target sensitive file to obtain a file integrity index set, and carrying out file security analysis on the file partition storage network and the encrypted fragment data to obtain a file security index set; the construction module is used for carrying out feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, carrying out index clustering and feature mapping on the file safety index set to obtain a target safety feature sequence, and constructing a target safety feature vector corresponding to the target safety feature sequence; the analysis module is used for inputting the target integrity feature vector and the target safety feature vector into a preset system stability analysis model to perform system stability analysis, so as to obtain a system stability analysis result; and the generating module is used for generating a target file encryption strategy of the file armor system according to the system stability analysis result, and carrying out secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
A third aspect of the present invention provides a file encrypting apparatus comprising: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the file encrypting apparatus to perform the file encrypting method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the above-described file encryption method.
According to the technical scheme provided by the invention, file encryption processing is carried out through a file armor system, so that file encryption state identification of each target sensitive file is obtained; generating a file partition storage network and calculating encrypted fragment data; verifying the file integrity to obtain a file integrity index set, and analyzing the file security to obtain the file security index set; performing feature extraction and feature integration to obtain a target integrity feature vector, and performing index clustering and feature mapping to obtain a target safety feature vector; performing system stability analysis through a system stability analysis model to obtain a system stability analysis result; the invention uses multi-layer encryption algorithm, including symmetric encryption and asymmetric encryption, to improve the security of the file. This combination can take full advantage of the efficiency of symmetric encryption and the key security of asymmetric encryption. Through the file partition storage network, files are stored in different positions in a scattered mode, and safety of the files is improved. Such a network design may reduce the risk of an overall system, even if a portion of the data is compromised, not revealing all of the information. And (3) carrying out file integrity verification on the encrypted fragment data, and ensuring that the file is not tampered or damaged in the transmission or storage process. This provides a guarantee for the integrity of the file. The file security analysis includes not only encryption itself, but also aspects such as storage and access control. Through comprehensive analysis of the safety index set, the safety state of the file can be more comprehensively known, so that corresponding protection measures are adopted. The file security is combined with the system stability, so that the overall condition of the system can be monitored in real time. The system stability analysis result can be used for adjusting a file encryption strategy to ensure that a response can be timely made when the system changes. The file encryption strategy generated according to the system stability analysis result is self-adaptive and can be dynamically adjusted according to the actual condition of the system. This helps to increase the flexibility of the system and to address various security threats. The genetic algorithm is used for optimizing the file encryption strategy, so that a scheme which is more suitable for the stability of the system can be found. The automatic optimization can improve the efficiency and performance of the file encryption strategy, thereby realizing comprehensive file encryption and security protection and improving the confidentiality and integrity of the file.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a file encryption method according to an embodiment of the present invention;
FIG. 2 is a flow chart of generating a file partition storage network in accordance with an embodiment of the present invention;
FIG. 3 is a flow chart of file integrity verification and file security analysis in accordance with an embodiment of the present invention;
FIG. 4 is a flow chart of feature extraction and feature integration in an embodiment of the invention;
FIG. 5 is a schematic diagram of an embodiment of a file encryption apparatus according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an embodiment of a file encryption apparatus according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a file encryption method, a device, equipment and a storage medium, which are used for realizing comprehensive file encryption and safety protection and improving confidentiality and integrity of a file. The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, the following describes a specific flow of an embodiment of the present invention, referring to fig. 1, and one embodiment of a file encryption method in an embodiment of the present invention includes:
s101, respectively carrying out file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in a file armour system to obtain a file encryption state identification of each target sensitive file;
it is to be understood that the execution body of the present invention may be a file encryption device, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example.
Specifically, the server obtains multiple layers of encryption algorithms in the file armor system, including a first layer of symmetric encryption algorithm and a second layer of asymmetric encryption algorithm. The combination of these two layers of encryption algorithms provides a high degree of security. And respectively carrying out file segmentation on the plurality of target sensitive files, and dividing each target sensitive file into a plurality of sub-sensitive files. This process may be partitioned by different methods, such as by file size, content, or other criteria. The server encrypts the sub-sensitive files using a first layer symmetric encryption algorithm. Symmetric encryption algorithms use the same key to encrypt and decrypt data, and thus it is necessary to ensure the security of the key. Each sub-sensitive file will obtain a first encryption status identification. The server encrypts the sub-sensitive files using a second layer asymmetric encryption algorithm. The asymmetric encryption algorithm uses a pair of keys, one for encryption and the other for decryption. In general, the asymmetric encryption algorithm herein is used to enhance the security of data. Each sub-sensitive file will obtain a second encryption status identification. And the server performs identification splicing and classified storage on the first encryption state identification and the second encryption state identification of each sub-sensitive file. This may be accomplished by embedding identification information in the metadata of the file or creating an index. This will constitute a file encryption status identification for each target sensitive file. For example, assume that there is one object-sensitive file containing confidential documents and photographs. The server uses a file splitting algorithm to split the file into two sub-sensitive files, one containing the document and the other containing the photograph. The server encrypts the two sub-sensitive files separately using a first layer symmetric encryption algorithm, such as AES (advanced encryption standard), using the same key. This generates a first encryption status identification for each sub-sensitive file. The server encrypts the two sub-sensitive files separately using a second layer asymmetric encryption algorithm, such as RSA (asymmetric encryption algorithm), each using a different key pair. This generates a second encryption status identification for each sub-sensitive file. The server stores the first encryption status identification and the second encryption status identification of each sub-sensitive file together with metadata of the file to form a file encryption status identification of the target file. This ensures the security and integrity of the file.
S102, generating a file partition storage network of each target sensitive file according to the file encryption state identification, and calculating encryption fragment data of each target sensitive file according to the file partition storage network;
specifically, the server generates encryption level information of each target sensitive file according to the file encryption state identification, and creates an initial partition storage network according to the encryption level information. This step helps determine the storage structure and hierarchy of the file. And carrying out storage network clustering calculation on the initial partition storage network. The goal is to organize the relevant memory partitions together to form a more ordered memory structure. This will produce a storage network clustering result and calculate the importance of each storage partition. And carrying out network weighting processing on the initial partition storage network according to the storage network clustering result and the importance of each storage partition by a preset graph theory algorithm so as to generate a weighted partition storage network. This process helps determine the relationships and weights between memory partitions. And performing storage encryption relation calculation on a plurality of storage partitions in the weighted partition storage network. This step involves determining which storage partitions need to be associated with each other to enable secure storage of the file. And according to the storage encryption relation, optimizing the network storage relation of a plurality of storage partitions in the initial partition storage network. This will create a more efficient and secure file partition storage network to ensure file security and accessibility. And according to the file partition storage network, respectively carrying out storage partition allocation on each target sensitive file, and calculating the encrypted fragment data of each target sensitive file. This step will ensure that the various parts of the file are distributed in the storage network according to encryption policies to improve the security and usability of the file. For example, assume that there are multiple object-sensitive files, including financial statements and customer data. And generating encryption level information for each target sensitive file according to the file encryption state identification, and creating an initial partition storage network. And performing storage network clustering calculation, combining the storage partitions related to the financial statement together, and combining the storage partitions related to the client data together. This generates a storage network clustering result while calculating the importance of each storage partition. Network weighting is performed using graph theory algorithms to ensure proper relationships between the financial statements and the memory partitions of the customer data. This creates a weighted partition storage network. And determining which storage partitions need to be encrypted according to the storage encryption relationship. The financial statement storage partition and the customer data storage partition will have different encryption policies. And respectively distributing the financial statement and the client data to respective storage partitions according to the file partition storage network, and calculating the encrypted fragment data of each target sensitive file. This ensures the security and integrity of these files and allows legitimate users to access different parts of the files as needed.
S103, carrying out file integrity verification on the encrypted fragment data of each target sensitive file to obtain a file integrity index set, and carrying out file security analysis on the file partition storage network and the encrypted fragment data to obtain the file security index set;
it should be noted that, the server uses a preset hash function to extract the integrity information of the encrypted fragment data of each target sensitive file. The hash function will generate a unique digest that reflects the contents of the file. This will result in first file integrity information for each target sensitive file. The first file integrity information is information space mapped to create a first integrity information space. This helps to better understand and compare the integrity of the files. And simultaneously, acquiring second file integrity information of each target sensitive file from the file armor system, and performing information space mapping on the second file integrity information to obtain a second integrity information space. And calculating file integrity indexes of the first integrity information space and the second integrity information space. This process involves comparing the differences between the two information spaces to determine the integrity status of the file. This will generate a set of file integrity indicators. And meanwhile, extracting file security record data from the file partition storage network and the encrypted fragment data. This includes collecting information about the storage network and the encrypted pieces for subsequent security analysis. And calculating file security indexes of the file security record data. This step includes analyzing the structure of the storage network and the distribution of the encrypted pieces to evaluate the security of the file. This will generate a set of file security indicators. For example, the integrity information extraction is performed on the encrypted fragment data of each file using a hash function. For financial statements, the first file integrity information generated is a unique hash value. At the same time, second file integrity information is obtained from the file armor system, which may be metadata of the file, including information such as creation date, file size, and access rights. This information will be mapped into the second integrity information space. A file integrity indicator is calculated by comparing the first and second integrity information spaces. If the difference between the two information spaces is small, the integrity of the file can be confirmed. At the same time, file security record data is extracted from the storage network, including the relationship of the storage partitions and the location of the encrypted segments. This helps to assess the security of the document. And carrying out security index calculation on the file security record data to determine the security state of the file. If the storage network is structurally sound and the encrypted segments are properly distributed, the file will be considered secure.
S104, carrying out feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, carrying out index clustering and feature mapping on the file safety index set to obtain a target safety feature sequence, and constructing a target safety feature vector corresponding to the target safety feature sequence;
specifically, feature extraction and feature integration are performed on the file integrity index set. This step helps to determine the integrity characteristics of the file, including common characteristics of the integrity indicators of different files. This will generate a target integrity signature sequence. At the same time, a first set of weight data is queried from the file armor system, which data is used to calculate the weight value of the target integrity feature sequence. The weight data may be predefined for measuring the relative importance of the file integrity features. And calculating the weighted value of the target integrity feature sequence according to the first weighted data set. This will generate a weighted sequence of integrity features, with each feature being assigned a respective weight. The weighted integrity feature sequences are vector coded to generate corresponding target integrity feature vectors. This vector contains the file's integrity features, the value of which depends on the combination of the weight value and the feature value. And simultaneously, carrying out index clustering and feature mapping on file security index sets of a plurality of target sensitive files. This helps group the security indicators of the files and determine the relationship between them. This will generate a target security feature sequence. A second set of weight data is queried from the file armor system, the data being used to calculate weight values for the target security feature sequence. The weight data is used to quantify the relative importance of the security features of the file. And calculating the weighted value of the target security feature sequence according to the second weighted data set. This will generate a weighted security feature sequence in which each feature is affected by a respective weight. The weighted security feature sequences are vector coded to generate corresponding target security feature vectors. This vector contains the security features of the document, the value of which depends on the combination of the weight value and the feature value. For example, feature extraction is performed on a file integrity index set, including characteristics such as hash values, time stamps, file sizes, and the like of the file. This will generate a target integrity signature sequence reflecting the integrity characteristics of the file. At the same time, a first set of weight data is queried from the file armor system, including weight information regarding different integrity characteristics. These weights are used to calculate the weighted value of the target integrity feature sequence. And calculating the weighted value of the target integrity feature sequence, and combining the weighted values of different integrity features with the feature values. This will generate a weighted sequence of integrity features, each of which is subject to adjustment by a respective weight. And simultaneously, index clustering and feature mapping are carried out on the file security index set. This helps to classify and organize security indicators of different files, generating a target security feature sequence. A second set of weight data is queried from the file armor system, the data including weight information for different security features. These weights are used to calculate the weighted value of the target security feature sequence. And calculating the weighted value of the target security feature sequence, and combining the weighted values of different security features with the feature values. This will generate a weighted security feature sequence in which each feature is subject to adjustment by a respective weight.
S105, inputting the target integrity feature vector and the target safety feature vector into a preset system stability analysis model to perform system stability analysis, and obtaining a system stability analysis result;
specifically, vector fusion is performed, and the target integrity feature vector and the target security feature vector are combined into a target fusion feature vector. This helps to integrate the integrity and security information of the file. And inputting the target fusion feature vector into a preset system stability analysis model. This model typically includes encoder and decoder sections for processing the input data and generating system stability analysis results. In the encoder section, a three-layer convolutional network and a single layer long short-term memory network (LSTM) are typically included. The convolution network is used for convolution feature extraction and converts the target fusion feature vector into a high-dimensional convolution feature vector. The single-layer LSTM network is used for feature association processing to capture timing relationships between features. In the decoder section, three layers of deconvolution networks and full connection layers are typically included. The deconvolution network is used for deconvolution operation to restore the target feature correlation vector to a target deconvolution feature vector. The full connection layer is used for predicting system stability, and generating system stability prediction data according to the target deconvolution feature vector. And generating a system stability analysis result corresponding to the file armor system according to the system stability prediction data. This result can be used to evaluate the stability of the file armor system, ensuring that the integrity and security of the file is not compromised. For example, the target fusion feature vector is input into a system stability analysis model that includes an encoder and decoder portion. The encoder uses a convolutional network to extract features such as file integrity and security features. Single layer LSTM is used to capture the relationship between features. In the decoder part, the deconvolution network is used to restore the features and the fully connected layer is used for system stability prediction. This prediction will reflect the stability of the file armor system. And generating a system stability analysis result corresponding to the file armor system according to the system stability prediction data. For example, if the system stability analysis results indicate that the system is in an unstable state, a system administrator may take steps to ensure the security and integrity of the file, such as backing up the file or enforcing access control.
S106, generating a target file encryption strategy of the file armor system according to the system stability analysis result, and performing secondary encryption and access right control on a plurality of target sensitive files according to the target file encryption strategy.
Specifically, a preset genetic algorithm is used for initializing a file encryption strategy group of the file armor system according to the analysis result of the system stability. This will generate an initial population of file encryption policies including a plurality of first file encryption policies. These policies include different encryption algorithms, key lengths, and access rights rules. First fitness data of each first file encryption policy is calculated separately. This step is used to evaluate the performance of each policy in the current system state. The first fitness data may include indicators of file encryption speed, resource utilization, encryption strength, and the like. And carrying out strategy group division on the plurality of first file encryption strategies according to the first fitness data to obtain a plurality of target file encryption strategy groups. These populations represent strategies for different performance levels. For example, some policies are faster but less secure, while others are slower but more secure. Generating a plurality of second file encryption policies according to the plurality of target file encryption policy groups. The second file encryption policy is a policy that is improved and optimized based on the first file encryption policy to improve security and performance of the file. Meanwhile, second fitness data of each second file encryption policy are calculated respectively. This step is used to evaluate the performance of the second file encryption policy, including the improved encryption speed, resource utilization, and encryption strength. And carrying out strategy optimization analysis on the plurality of second file encryption strategies according to the second fitness data so as to determine which strategy performs best under the current system state. This will result in the target file encryption policy for the file armored system. And carrying out secondary encryption and access right control on a plurality of target sensitive files according to the target file encryption strategy. This applies the selected optimal policy to the actual file and limits access and operation of the file according to policy rules.
In the embodiment of the invention, the multi-layer encryption algorithm is used, including symmetric encryption and asymmetric encryption, so that the security of the file is improved. This combination can take full advantage of the efficiency of symmetric encryption and the key security of asymmetric encryption. Through the file partition storage network, files are stored in different positions in a scattered mode, and safety of the files is improved. Such a network design may reduce the risk of an overall system, even if a portion of the data is compromised, not revealing all of the information. And (3) carrying out file integrity verification on the encrypted fragment data, and ensuring that the file is not tampered or damaged in the transmission or storage process. This provides a guarantee for the integrity of the file. The file security analysis includes not only encryption itself, but also aspects such as storage and access control. Through comprehensive analysis of the safety index set, the safety state of the file can be more comprehensively known, so that corresponding protection measures are adopted. The file security is combined with the system stability, so that the overall condition of the system can be monitored in real time. The system stability analysis result can be used for adjusting a file encryption strategy to ensure that a response can be timely made when the system changes. The file encryption strategy generated according to the system stability analysis result is self-adaptive and can be dynamically adjusted according to the actual condition of the system. This helps to increase the flexibility of the system and to address various security threats. The genetic algorithm is used for optimizing the file encryption strategy, so that a scheme which is more suitable for the stability of the system can be found. The automatic optimization can improve the efficiency and performance of the file encryption strategy, thereby realizing comprehensive file encryption and security protection and improving the confidentiality and integrity of the file.
In a specific embodiment, the process of executing step S101 may specifically include the following steps:
(1) Acquiring a multi-layer encryption algorithm in a file armor system, wherein the multi-layer encryption algorithm comprises a first-layer symmetric encryption algorithm and a second-layer asymmetric encryption algorithm;
(2) Respectively carrying out file segmentation on a plurality of target sensitive files to obtain a plurality of sub-sensitive files of each target sensitive file;
(3) Respectively carrying out encryption operation on a plurality of sub-sensitive files through a first-layer symmetric encryption algorithm to obtain a first encryption state identification of each sub-sensitive file;
(4) Respectively carrying out encryption operation on the plurality of sub-sensitive files through a second-layer asymmetric encryption algorithm to obtain a second encryption state identification of each sub-sensitive file;
(5) And performing identification splicing and classified storage on the first encryption state identification and the second encryption state identification of each sub-sensitive file to obtain the file encryption state identification of each target sensitive file.
Specifically, a multi-layer encryption algorithm in a file armor system is obtained, wherein the multi-layer encryption algorithm comprises a first-layer symmetric encryption algorithm and a second-layer asymmetric encryption algorithm. Both algorithms will be used to encrypt the object-sensitive file. And carrying out file segmentation operation on a plurality of target sensitive files, and segmenting each target sensitive file into a plurality of sub-sensitive files. This step helps manage large files and allows for independent encryption processing for each portion. And respectively carrying out encryption operation on the plurality of sub-sensitive files through a first-layer symmetric encryption algorithm. The symmetrical encryption algorithm of the layer uses the same secret key to encrypt and decrypt, so that the speed is high, and the method is suitable for encrypting a large number of files. And respectively carrying out encryption operation on the plurality of sub-sensitive files through a second-layer asymmetric encryption algorithm. Unlike symmetric encryption algorithms, asymmetric encryption algorithms use a pair of keys (public and private), one for encryption and the other for decryption. This provides a higher security suitable for protecting important documents. And performing identification splicing and classified storage on the first encryption state identification and the second encryption state identification of each sub-sensitive file. The two encrypted states of information are combined together and stored in a classified manner according to the source or use of the file for subsequent access and management.
In a specific embodiment, as shown in fig. 2, the process of executing step S102 may specifically include the following steps:
s201, generating encryption level information of each target sensitive file according to the file encryption state identification, and creating an initial partition storage network according to the encryption level information;
s202, performing storage network clustering calculation on an initial partition storage network to obtain a storage network clustering result, and calculating the importance of each storage partition in the initial partition storage network according to the storage network clustering result;
s203, carrying out network weighting processing on the initial partition storage network according to the storage network clustering result and the importance of each storage partition by a preset graph theory algorithm to obtain a weighted partition storage network;
s204, performing storage encryption relation calculation on a plurality of storage partitions in the weighted partition storage network to obtain storage encryption relations of the plurality of storage partitions;
s205, optimizing network storage relations of a plurality of storage partitions in the initial partition storage network according to the storage encryption relations to obtain a file partition storage network;
s206, according to the file partition storage network, respectively carrying out storage partition allocation on each target sensitive file, and calculating the encrypted fragment data of each target sensitive file.
Specifically, encryption level information of each target sensitive file is generated according to the file encryption state identification. This information represents a different encryption hierarchy for each file, typically including multiple levels of encryption, for improving the security of the file. An initial partitioned storage network is created based on the encryption hierarchy information. This network can be viewed as a virtual storage architecture for organizing the storage and access of files. Storage network clustering computations are performed on the initial partitioned storage network to determine associations between storage partitions. This may be accomplished by analyzing the access pattern and storage requirements of the file. And calculating the importance of each storage partition in the storage network of the initial partition according to the storage network clustering result. This helps determine which storage partitions are better suited to store important files or files with higher encryption levels. And carrying out network weighting processing on the initial partitioned storage network by using a preset graph theory algorithm. Each storage partition is assigned a weight to optimize the storage network according to its importance and relevance. And performing storage encryption relation calculation on a plurality of storage partitions in the weighted partition storage network. This step determines which memory partitions can access each other and how to maintain consistency of the encryption hierarchy. And optimizing the network storage relationship of a plurality of storage partitions in the initial partition storage network according to the storage encryption relationship. This helps ensure that the storage and access of files meets security and performance requirements. And according to the file partition storage network, carrying out storage partition allocation on each target sensitive file, and calculating the encrypted fragment data of each target sensitive file. This ensures that files are stored and accessed in a secure manner while providing flexibility and performance optimization.
In a specific embodiment, as shown in fig. 3, the process of executing step S103 may specifically include the following steps:
s301, extracting integrity information of encrypted fragment data of each target sensitive file through a preset hash function to obtain first file integrity information of each target sensitive file, and performing information space mapping on the first file integrity information to obtain a first integrity information space;
s302, acquiring second file integrity information of each target sensitive file through a file armor system, and performing information space mapping on the second file integrity information to obtain a second integrity information space;
s303, calculating file integrity indexes of the first integrity information space and the second integrity information space to obtain a file integrity index set;
s304, extracting file security record data from the file partition storage network and the encrypted fragment data to obtain file security record data;
s305, calculating file security indexes of the file security record data to obtain a file security index set.
Specifically, the integrity information extraction is carried out on the encrypted fragment data of each target sensitive file through a preset hash function. The hash function will calculate a hash value of the fragment data for verifying whether the file was tampered with during transmission or storage. First file integrity information is obtained for each target sensitive file, which is calculated by a hash function. This information represents the original integrity status of the file. Second file integrity information for each target sensitive file is obtained by a file armor system, which is obtained by a file system or other method. This information represents the backup or storage status of the file. And performing information space mapping on the first file integrity information and the second file integrity information. This step helps to visualize the integrity information and place it into the information space for comparison and analysis. And calculating file integrity indexes of the first integrity information space and the second integrity information space. This includes comparing similarities between the two information spaces and determining whether the file has been potentially tampered with or damaged. And extracting file security record data from the file partition storage network and the encrypted fragment data. This includes checking access history, rights and encryption information of the file to see the security status of the file. And calculating file security indexes of the file security record data. This includes evaluating whether access history and rights settings of the file meet security criteria and determining the overall security of the file.
In a specific embodiment, as shown in fig. 4, the process of executing step S104 may specifically include the following steps:
s401, carrying out feature extraction and feature integration on a file integrity index set to obtain a target integrity feature sequence, and inquiring a first weight data set from a file armor system according to the file integrity index set;
s402, calculating a weighted value of the target integrity feature sequence according to the first weight data set to obtain a weighted integrity feature sequence, and carrying out vector coding on the weighted integrity feature sequence to obtain a corresponding target integrity feature vector;
s403, index clustering and feature mapping are carried out on file security index sets of a plurality of target sensitive files to obtain a target security feature sequence, and a second weight data set is inquired from a file armor system according to the file security index sets;
s404, calculating a weighted value of the target security feature sequence according to the second weight data set to obtain a weighted security feature sequence, and performing vector coding on the weighted security feature sequence to obtain a corresponding target security feature vector.
Specifically, feature extraction and feature integration are performed on the file integrity index set. This may include extracting key features from the file integrity indicators and integrating them into one sequence of integrity features. And querying a first weight data set from the file armor system according to the file integrity index set. These weight data are typically used to determine the relative importance of the different features. And calculating the weighted value of the target integrity feature sequence according to the first weighted data set. This may be done by multiplying the weights of the features by the corresponding feature values to obtain a weighted integrity feature sequence. The weighted integrity feature sequences are vector coded to obtain corresponding target integrity feature vectors. This may be accomplished by combining the feature sequences into one vector representation for further analysis and processing. And performing index clustering and feature mapping on file security index sets of the plurality of target sensitive files. This involves grouping the file security indicators and mapping them into a higher level sequence of features. And querying a second weight data set from the file armor system according to the file security index set. These weight data are used to determine the relative importance of the different security features. And calculating the weighted value of the target security feature sequence according to the second weighted data set. This may be done by multiplying the weights of the security features by the corresponding feature values to obtain a weighted security feature sequence. And vector encoding the weighted security feature sequence to obtain a corresponding target security feature vector. This may aid in further analysis and building of security models.
In a specific embodiment, the process of executing step S105 may specifically include the following steps:
(1) Vector fusion is carried out on the target integrity feature vector and the target safety feature vector to obtain a target fusion feature vector;
(2) Inputting the target fusion feature vector into a preset system stability analysis model, wherein the system stability analysis model comprises: an encoder and a decoder, the encoder comprising: the decoder comprises a three-layer deconvolution network and a single-layer long-short-term memory network, and the decoder comprises a three-layer deconvolution network and a full-connection layer;
(3) Performing convolution feature extraction on the target fusion feature vector through a three-layer convolution network in the encoder to obtain a high-dimensional convolution feature vector, and performing feature association processing on the high-dimensional convolution feature vector through a single-layer long-short-time memory network in the encoder to obtain a target feature association vector;
(4) Performing deconvolution operation on the target feature associated vector through a three-layer deconvolution network in the decoder to obtain a target deconvolution feature vector, and performing system stability prediction on the target deconvolution feature vector through a full connection layer in the decoder to obtain system stability prediction data;
(5) And generating a system stability analysis result corresponding to the file armor system according to the system stability prediction data.
Specifically, the target integrity feature vector and the target security feature vector are subjected to vector fusion to obtain a target fusion feature vector. This may be accomplished by concatenating or weighting the two feature vectors, etc., to produce a composite feature vector. For example, the file modification history and access rights record are fused into a target fusion feature vector. And inputting the target fusion feature vector into a preset system stability analysis model. This system stability analysis model typically includes an encoder and decoder for processing and analyzing the feature vectors. The encoder section includes a three-layer convolutional network for convolutional feature extraction. The convolution operation helps identify patterns and structures in the features. A single layer long and short term memory network (LSTM) is used to perform feature correlation processing on the high-dimensional convolution feature vectors. LSTM may capture sequence relationships and context information between features to better understand the relevance between features. The decoder section includes a three-layer deconvolution network for deconvolution of the target feature correlation vector. This helps to recover lower dimensional information from the high dimensional features and preserve useful structure. The full connection layer is used for predicting the system stability of the target deconvolution feature vector. And obtaining system stability prediction data through a system stability analysis model. These data reflect the stability and feasibility of the file armor system, as well as the risk factors. And generating a system stability analysis result of the file armor system according to the system stability prediction data. These results may include suggested improvements, risk assessment, or other decision support information to help improve the performance and security of the file armor system.
In a specific embodiment, the process of executing step S106 may specifically include the following steps:
(1) Initializing a file encryption strategy group of a file armor system according to a system stability analysis result by a preset genetic algorithm to generate an initial file encryption strategy group, wherein the initial file encryption strategy group comprises a plurality of first file encryption strategies;
(2) Respectively calculating first fitness data of each first file encryption strategy, and carrying out strategy group division on a plurality of first file encryption strategies according to the first fitness data to obtain a plurality of target file encryption strategy groups;
(3) Generating a plurality of second file encryption policies according to the plurality of target file encryption policy groups, and respectively calculating second fitness data of each second file encryption policy;
(4) Performing policy optimization analysis on a plurality of second file encryption policies according to the second fitness data to obtain a target file encryption policy of the file armor system;
(5) And carrying out secondary encryption and access right control on a plurality of target sensitive files according to the target file encryption strategy.
Specifically, a preset genetic algorithm is used, and a file encryption strategy group is initialized according to a system stability analysis result. This community includes a plurality of first file encryption policies. Each policy may include different parameters and settings for encrypting and protecting the target file. First fitness data is calculated for each first file encryption policy. The fitness function may evaluate the fitness of each policy according to a plurality of factors such as system stability analysis results, file security indicators, performance requirements, and the like. The specific design of the fitness function depends on the requirements and goals of the system. And dividing the plurality of first file encryption policies into different target file encryption policy groups according to the first fitness data. This partitioning may be based on a range of fitness values, e.g., classifying policies into high, medium, low fitness levels. For each target file encryption policy group, a plurality of second file encryption policies are generated. These policies may be variations of the first file encryption policy for subsequent comparison and optimization. Second fitness data is calculated for each second file encryption policy. These data may take into account factors that are different from the first fitness data or may be further improved upon. And carrying out strategy optimization analysis according to the second fitness data. This may involve selecting the strategy with the best fitness or using methods such as evolutionary algorithms to further refine the strategy. And determining a target file encryption strategy of the file armor system through strategy optimization analysis. This strategy will be the best strategy taking into account the system stability, security and performance requirements in combination. The target file encryption policy is applied to a plurality of target sensitive files. This includes secondary encryption, access rights control, and other security measures to ensure the security of the file.
Having described the file encryption method in the embodiment of the present invention, the file encryption apparatus in the embodiment of the present invention is described below, referring to fig. 5, an embodiment of the file encryption apparatus in the embodiment of the present invention includes:
the encryption module 501 is configured to perform file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in the file armored system, so as to obtain a file encryption status identifier of each target sensitive file;
the partition module 502 is configured to generate a file partition storage network of each target sensitive file according to the file encryption status identifier, and calculate encrypted fragment data of each target sensitive file according to the file partition storage network;
the processing module 503 is configured to perform file integrity verification on encrypted segment data of each target sensitive file to obtain a file integrity index set, and perform file security analysis on the file partition storage network and the encrypted segment data to obtain a file security index set;
the construction module 504 is configured to perform feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, construct a target integrity feature vector corresponding to the target integrity feature sequence, perform index clustering and feature mapping on the file security index set to obtain a target security feature sequence, and construct a target security feature vector corresponding to the target security feature sequence;
The analysis module 505 is configured to input the target integrity feature vector and the target security feature vector into a preset system stability analysis model to perform system stability analysis, so as to obtain a system stability analysis result;
and the generating module 506 is configured to generate a target file encryption policy of the file armored system according to the system stability analysis result, and perform secondary encryption and access permission control on the multiple target sensitive files according to the target file encryption policy.
Through the cooperation of the components, the security of the file is improved by using a multi-layer encryption algorithm comprising symmetric encryption and asymmetric encryption. This combination can take full advantage of the efficiency of symmetric encryption and the key security of asymmetric encryption. Through the file partition storage network, files are stored in different positions in a scattered mode, and safety of the files is improved. Such a network design may reduce the risk of an overall system, even if a portion of the data is compromised, not revealing all of the information. And (3) carrying out file integrity verification on the encrypted fragment data, and ensuring that the file is not tampered or damaged in the transmission or storage process. This provides a guarantee for the integrity of the file. The file security analysis includes not only encryption itself, but also aspects such as storage and access control. Through comprehensive analysis of the safety index set, the safety state of the file can be more comprehensively known, so that corresponding protection measures are adopted. The file security is combined with the system stability, so that the overall condition of the system can be monitored in real time. The system stability analysis result can be used for adjusting a file encryption strategy to ensure that a response can be timely made when the system changes. The file encryption strategy generated according to the system stability analysis result is self-adaptive and can be dynamically adjusted according to the actual condition of the system. This helps to increase the flexibility of the system and to address various security threats. The genetic algorithm is used for optimizing the file encryption strategy, so that a scheme which is more suitable for the stability of the system can be found. The automatic optimization can improve the efficiency and performance of the file encryption strategy, thereby realizing comprehensive file encryption and security protection and improving the confidentiality and integrity of the file.
The file encrypting apparatus in the embodiment of the present invention is described in detail above in fig. 5 from the point of view of the modularized functional entity, and the file encrypting device in the embodiment of the present invention is described in detail below from the point of view of hardware processing.
Fig. 6 is a schematic diagram of a file encryption apparatus according to an embodiment of the present invention, where the file encryption apparatus 600 may have a relatively large difference due to different configurations or performances, and may include one or more processors (central processing units, CPU) 610 (e.g., one or more processors) and a memory 620, and one or more storage media 630 (e.g., one or more mass storage devices) storing application programs 633 or data 632. Wherein the memory 620 and the storage medium 630 may be transitory or persistent storage. The program stored in the storage medium 630 may include one or more modules (not shown), each of which may include a series of instruction operations in the file encrypting apparatus 600. Still further, the processor 610 may be configured to communicate with the storage medium 630 and execute a series of instruction operations in the storage medium 630 on the file encrypting apparatus 600.
The file encryption device 600 may also include one or more power supplies 640, one or more wired or wireless network interfaces 650, one or more input/output interfaces 660, and/or one or more operating systems 631, such as Windows Server, mac OS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the file encryption device structure shown in fig. 6 is not limiting of the file encryption device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The present invention also provides a file encrypting apparatus, including a memory and a processor, in which computer readable instructions are stored which, when executed by the processor, cause the processor to execute the steps of the file encrypting method in the above embodiments.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, or may be a volatile computer readable storage medium, having stored therein instructions that, when executed on a computer, cause the computer to perform the steps of the file encryption method.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A file encryption method, characterized in that the file encryption method comprises:
respectively carrying out file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in a file armour system to obtain a file encryption state identification of each target sensitive file;
generating a file partition storage network of each target sensitive file according to the file encryption state identification, and calculating encryption fragment data of each target sensitive file according to the file partition storage network;
carrying out file integrity verification on the encrypted fragment data of each target sensitive file to obtain a file integrity index set, and carrying out file security analysis on the file partition storage network and the encrypted fragment data to obtain a file security index set;
Performing feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, performing index clustering and feature mapping on the file safety index set to obtain a target safety feature sequence, and constructing a target safety feature vector corresponding to the target safety feature sequence;
inputting the target integrity feature vector and the target safety feature vector into a preset system stability analysis model to perform system stability analysis, so as to obtain a system stability analysis result;
and generating a target file encryption strategy of the file armored system according to the system stability analysis result, and performing secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
2. The method for encrypting files according to claim 1, wherein the step of performing file encryption processing on the plurality of target sensitive files by using a multi-layer encryption algorithm in the file armored system to obtain a file encryption status identifier of each target sensitive file includes:
Acquiring a multi-layer encryption algorithm in a file armor system, wherein the multi-layer encryption algorithm comprises a first-layer symmetric encryption algorithm and a second-layer asymmetric encryption algorithm;
respectively carrying out file segmentation on a plurality of target sensitive files to obtain a plurality of sub-sensitive files of each target sensitive file;
respectively carrying out encryption operation on the plurality of sub-sensitive files through the first-layer symmetric encryption algorithm to obtain a first encryption state identification of each sub-sensitive file;
respectively carrying out encryption operation on the plurality of sub-sensitive files through the second-layer asymmetric encryption algorithm to obtain a second encryption state identification of each sub-sensitive file;
and performing identification splicing and classified storage on the first encryption state identification and the second encryption state identification of each sub-sensitive file to obtain the file encryption state identification of each target sensitive file.
3. The file encryption method according to claim 1, wherein the generating a file partition storage network of each target sensitive file according to the file encryption status identification, and calculating encrypted piece data of each target sensitive file according to the file partition storage network, comprises:
generating encryption level information of each target sensitive file according to the file encryption state identification, and creating an initial partition storage network according to the encryption level information;
Performing storage network clustering calculation on the initial partition storage network to obtain a storage network clustering result, and calculating the importance of each storage partition in the initial partition storage network according to the storage network clustering result;
carrying out network weighting processing on the initial partition storage network according to the storage network clustering result and the importance of each storage partition through a preset graph theory algorithm to obtain a weighted partition storage network;
performing storage encryption relation calculation on a plurality of storage partitions in the weighted partition storage network to obtain storage encryption relations of the plurality of storage partitions;
according to the storage encryption relation, optimizing the network storage relation of a plurality of storage partitions in the initial partition storage network to obtain a file partition storage network;
and according to the file partition storage network, respectively carrying out storage partition allocation on each target sensitive file, and calculating the encrypted fragment data of each target sensitive file.
4. The method for encrypting a file according to claim 1, wherein said verifying the integrity of the encrypted segment data of each target sensitive file to obtain a file integrity index set, and performing a file security analysis on the file partition storage network and the encrypted segment data to obtain a file security index set, comprises:
The method comprises the steps of extracting integrity information of encrypted fragment data of each target sensitive file through a preset hash function to obtain first file integrity information of each target sensitive file, and performing information space mapping on the first file integrity information to obtain a first integrity information space;
acquiring second file integrity information of each target sensitive file through the file armor system, and performing information space mapping on the second file integrity information to obtain a second integrity information space;
carrying out file integrity index calculation on the first integrity information space and the second integrity information space to obtain a file integrity index set;
extracting file security record data from the file partition storage network and the encrypted fragment data to obtain file security record data;
and calculating the file security index of the file security record data to obtain a file security index set.
5. The method of encrypting a file according to claim 1, wherein the performing feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, performing index clustering and feature mapping on the file security index set to obtain a target security feature sequence, and constructing a target security feature vector corresponding to the target security feature sequence includes:
Extracting and integrating the characteristics of the file integrity index set to obtain a target integrity characteristic sequence, and inquiring a first weight data set from the file armor system according to the file integrity index set;
calculating a weighted value of the target integrity feature sequence according to the first weight data set to obtain a weighted integrity feature sequence, and carrying out vector coding on the weighted integrity feature sequence to obtain a corresponding target integrity feature vector;
index clustering and feature mapping are carried out on file security index sets of the plurality of target sensitive files to obtain target security feature sequences, and a second weight data set is inquired from the file armor system according to the file security index sets;
and calculating a weighted value of the target security feature sequence according to the second weight data set to obtain a weighted security feature sequence, and carrying out vector coding on the weighted security feature sequence to obtain a corresponding target security feature vector.
6. The method for encrypting a file according to claim 1, wherein inputting the target integrity feature vector and the target security feature vector into a preset system stability analysis model for system stability analysis, to obtain a system stability analysis result, comprises:
Vector fusion is carried out on the target integrity feature vector and the target safety feature vector to obtain a target fusion feature vector;
inputting the target fusion feature vector into a preset system stability analysis model, wherein the system stability analysis model comprises: an encoder and decoder, the encoder comprising: the decoder comprises a three-layer convolution network and a single-layer long and short-term memory network, wherein the decoder comprises a three-layer deconvolution network and a full-connection layer;
performing convolution feature extraction on the target fusion feature vector through a three-layer convolution network in the encoder to obtain a high-dimensional convolution feature vector, and performing feature association processing on the high-dimensional convolution feature vector through a single-layer long-short-time memory network in the encoder to obtain a target feature association vector;
performing deconvolution operation on the target feature correlation vector through a three-layer deconvolution network in the decoder to obtain a target deconvolution feature vector, and performing system stability prediction on the target deconvolution feature vector through a full connection layer in the decoder to obtain system stability prediction data;
and generating a system stability analysis result corresponding to the file armor system according to the system stability prediction data.
7. The method for encrypting files according to claim 1, wherein generating a target file encryption policy of the file armored system according to the system stability analysis result, and performing secondary encryption and access permission control on the plurality of target sensitive files according to the target file encryption policy, comprises:
initializing a file encryption strategy group of the file armor system according to the system stability analysis result through a preset genetic algorithm to generate an initial file encryption strategy group, wherein the initial file encryption strategy group comprises a plurality of first file encryption strategies;
respectively calculating first fitness data of each first file encryption strategy, and carrying out strategy group division on the plurality of first file encryption strategies according to the first fitness data to obtain a plurality of target file encryption strategy groups;
generating a plurality of second file encryption policies according to the target file encryption policy groups, and respectively calculating second fitness data of each second file encryption policy;
performing policy optimization analysis on the plurality of second file encryption policies according to the second fitness data to obtain a target file encryption policy of the file armor system;
And carrying out secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
8. A file encryption apparatus, characterized in that the file encryption apparatus comprises:
the encryption module is used for respectively carrying out file encryption processing on a plurality of target sensitive files through a multi-layer encryption algorithm in the file armored system to obtain file encryption state identifiers of each target sensitive file;
the partition module is used for generating a file partition storage network of each target sensitive file according to the file encryption state identification and calculating encryption fragment data of each target sensitive file according to the file partition storage network;
the processing module is used for carrying out file integrity verification on the encrypted fragment data of each target sensitive file to obtain a file integrity index set, and carrying out file security analysis on the file partition storage network and the encrypted fragment data to obtain a file security index set;
the construction module is used for carrying out feature extraction and feature integration on the file integrity index set to obtain a target integrity feature sequence, constructing a target integrity feature vector corresponding to the target integrity feature sequence, carrying out index clustering and feature mapping on the file safety index set to obtain a target safety feature sequence, and constructing a target safety feature vector corresponding to the target safety feature sequence;
The analysis module is used for inputting the target integrity feature vector and the target safety feature vector into a preset system stability analysis model to perform system stability analysis, so as to obtain a system stability analysis result;
and the generating module is used for generating a target file encryption strategy of the file armor system according to the system stability analysis result, and carrying out secondary encryption and access right control on the plurality of target sensitive files according to the target file encryption strategy.
9. A file encryption apparatus, characterized in that the file encryption apparatus comprises: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invoking the instructions in the memory to cause the file encryption device to perform the file encryption method of any one of claims 1-7.
10. A computer readable storage medium having instructions stored thereon, which when executed by a processor, implement the file encryption method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410025619.1A CN117521120B (en) | 2024-01-08 | 2024-01-08 | File encryption method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410025619.1A CN117521120B (en) | 2024-01-08 | 2024-01-08 | File encryption method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117521120A CN117521120A (en) | 2024-02-06 |
| CN117521120B true CN117521120B (en) | 2024-04-09 |
Family
ID=89749885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410025619.1A Active CN117521120B (en) | 2024-01-08 | 2024-01-08 | File encryption method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117521120B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021248666A1 (en) * | 2020-06-08 | 2021-12-16 | 西安电子科技大学 | Automatic software segmentation method and system, and storage medium, computer device and terminal |
| CN117155678A (en) * | 2023-09-12 | 2023-12-01 | 辽宁科技大学 | Computer network engineering safety control system |
| CN117272390A (en) * | 2023-11-17 | 2023-12-22 | 海之景科技集团有限公司 | Information security data processing method, device, equipment and storage medium |
-
2024
- 2024-01-08 CN CN202410025619.1A patent/CN117521120B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021248666A1 (en) * | 2020-06-08 | 2021-12-16 | 西安电子科技大学 | Automatic software segmentation method and system, and storage medium, computer device and terminal |
| CN117155678A (en) * | 2023-09-12 | 2023-12-01 | 辽宁科技大学 | Computer network engineering safety control system |
| CN117272390A (en) * | 2023-11-17 | 2023-12-22 | 海之景科技集团有限公司 | Information security data processing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117521120A (en) | 2024-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hudic et al. | Data confidentiality using fragmentation in cloud computing | |
| Dev et al. | An approach to protect the privacy of cloud data from data mining based attacks | |
| Praveena et al. | A machine learning application for reducing the security risks in hybrid cloud networks | |
| Chandra et al. | Big data security: survey on frameworks and algorithms | |
| CN104657665A (en) | File processing method | |
| Jayapandian | Cloud Dynamic Scheduling for Multimedia Data Encryption Using Tabu Search Algorithm | |
| JP2023551124A (en) | self-audit blockchain | |
| CN112765670B (en) | User information service privacy protection method and system based on identification replacement | |
| Kaci et al. | Toward a big data approach for indexing encrypted data in cloud computing | |
| Akbar et al. | Enhanced authentication for de-duplication of big data on cloud storage system using machine learning approach | |
| Whitworth et al. | Security problems and challenges in a machine learning-based hybrid big data processing network systems | |
| Jeong et al. | An efficient management scheme of blockchain-based cloud user information using probabilistic weighting | |
| CN117521120B (en) | File encryption method, device, equipment and storage medium | |
| Rajkumar et al. | Fuzzy-Dedup: A secure deduplication model using cosine based Fuzzy interference system in cloud application | |
| Andavan et al. | Cloud computing based deduplication using high-performance grade byte check and fuzzy search technique | |
| Saxena et al. | Collaborative approach for data integrity verification in cloud computing | |
| Sri et al. | A Framework for Uncertain Cloud Data Security and Recovery Based on Hybrid Multi-User Medical Decision Learning Patterns | |
| CN111475690B (en) | Character string matching method and device, data detection method and server | |
| Moreaux et al. | Blockchain assisted near-duplicated content detection | |
| EP4133683A1 (en) | Systems and methods for adaptive recursive descent data redundancy | |
| Du et al. | Secure and verifiable keyword search in multiple clouds | |
| US10917413B2 (en) | Neural mesh protection system for data transmission | |
| Bowers et al. | Detecting suspicious file migration or replication in the cloud | |
| Swami et al. | A new secure data retrieval system based on ECDH and hierarchical clustering with Pearson correlation | |
| Moradi et al. | Enhancing security on social networks with IoT-based blockchain hierarchical structures with Markov chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |