[go: up one dir, main page]

CN118200022B - Data encryption method and system based on malicious attacks on big data networks - Google Patents

Data encryption method and system based on malicious attacks on big data networks Download PDF

Info

Publication number
CN118200022B
CN118200022B CN202410449558.1A CN202410449558A CN118200022B CN 118200022 B CN118200022 B CN 118200022B CN 202410449558 A CN202410449558 A CN 202410449558A CN 118200022 B CN118200022 B CN 118200022B
Authority
CN
China
Prior art keywords
data
data set
attack
network
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410449558.1A
Other languages
Chinese (zh)
Other versions
CN118200022A (en
Inventor
李美芹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Songyang Yunchuang Technology Co ltd
Original Assignee
Guangzhou Songyang Yunchuang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Songyang Yunchuang Technology Co ltd filed Critical Guangzhou Songyang Yunchuang Technology Co ltd
Priority to CN202410449558.1A priority Critical patent/CN118200022B/en
Publication of CN118200022A publication Critical patent/CN118200022A/en
Application granted granted Critical
Publication of CN118200022B publication Critical patent/CN118200022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention relates to the technical field of network security, and discloses a data encryption method based on malicious attack of a big data network, which comprises the following steps: the method comprises the steps of collecting corresponding access data sets in real time through a network connection big data platform, and transmitting the model data sets to an attack detection unit; the attack detection unit carries out numbering processing on characteristic parameters in the data set to be detected to obtain a corresponding screening data set, the data encryption unit calculates to obtain a corresponding sequence data set according to the screening data set and the reference data set, the sequence data set is transmitted to the vulnerability detection unit through a network, and the encrypted data set is collected through a network connection platform database. The data encryption method for the malicious attack of the big data network has the technical effects of real-time protection, accurate detection, data encryption enhancement, vulnerability detection and repair, intellectualization and automation and the like, and provides more comprehensive and efficient safety guarantee for a big data platform.

Description

Data encryption method and system based on malicious attack of big data network
Technical Field
The invention relates to the technical field of network security, in particular to a data encryption method and system based on malicious attack of a big data network.
Background
With the continuous development of the internet, big data technology is also widely used. However, there is a concomitant increase in the threat of network malicious attacks. Big data network malicious attacks refer to the act of destroying, stealing, or tampering a computer system, network, or data using big data techniques and means. The attack means have the characteristics of high concealment, wide attack range, serious attack effect and the like, and bring great threat to network security. Malicious attacks typically employ highly covert means of attack, such as encrypted communications, anonymous agents, etc., making it difficult for the attack to be detected and tracked. Big data network malicious attacks aim at any equipment and system connected to the Internet, including computers, mobile phones, routers and the like, so that serious consequences such as data loss, system breakdown, service interruption and the like are caused, and huge losses are brought to users and enterprises. The big data network malicious attack types include data disclosure, denial of service attacks, distributed denial of service attacks, malware, and social engineering attacks. The data leakage attack mode is to obtain user information, such as personal identity information, financial information and the like, through a hacker intrusion system or by utilizing a social engineering means. Denial of service attacks are typically performed by utilizing a vulnerability of a system or occupying a large amount of bandwidth to send a large number of requests to a target server, so that the target server cannot normally provide services. Distributed denial of service attacks use botnets to control multiple computers to send a large number of requests to a target server at the same time, making their system crashes unable to provide services normally. The malicious software attack mode destroys the computer system to steal the user information, and common malicious software comprises viruses, trojans, worms and the like. An attacker obtains sensitive information of a user by utilizing a humanized vulnerability. Common social engineering attacks include phishing mail, impersonation websites, etc. Big data network malicious attacks are a serious network security threat, and various measures need to be taken to prevent and cope with the attack. Only if security awareness and technical precaution are enhanced, network security and personal privacy can be effectively protected.
At present, the traditional data encryption system based on the malicious attack of the big data network generally adopts symmetric encryption, asymmetric encryption, hash algorithm and the like to protect the privacy and the safety of data, but in the actual use process, the performance efficiency of the traditional data encryption system often cannot meet the encryption requirements of high-speed and large-capacity data, and when the traditional data encryption system is subjected to the malicious attack of a novel complex network, the intrusion detection false alarm rate is high, the adaptability is poor, the detection rate is low, the risks of data loss and data leakage cannot be effectively prevented, and the defending capability of the traditional data encryption system on the novel complex network attack is limited.
Disclosure of Invention
Aiming at the defects, the embodiment of the invention discloses a data encryption method based on big data network malicious attack, which solves the problems that the traditional data encryption system based on big data network malicious attack has high false alarm rate, poor adaptability and low detection rate, and cannot encrypt large-capacity data at high speed and has weak defenses
The first aspect of the embodiment of the invention discloses a data encryption method based on malicious attack of a big data network, which comprises the following steps:
The method comprises the steps of acquiring corresponding access data sets in real time through a network connection big data platform, and transmitting the access data sets to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
Acquiring a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
The attack detection unit numbers the characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmits the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index;
the data encryption unit calculates a corresponding sequence data set according to the screening data set and the reference data set, transmits the sequence data set to the vulnerability detection unit through a network, and collects an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set;
And calculating according to the sequence data set and the reference data set to obtain a corresponding vulnerability index, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
In an optional implementation manner, in a first aspect of the embodiment of the present invention, the attack detection unit numbers the feature parameters in the to-be-detected data set to obtain a corresponding screening data set, where the method includes:
Carrying out numbering treatment on the characteristic parameters in the access data set to obtain an access numbering set, wherein the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence; the characteristic parameters in the model dataset are numbered to obtain a model numbering set, and the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence;
extracting attack characteristic parameters associated with network attack in the access number set, wherein the characteristic parameters comprise access frequency, traffic pattern, source IP address and attack time point;
extracting the acquired attack characteristic parameters through a convolutional neural network to obtain corresponding high-order characteristic parameters;
Carrying out data matching on the attack characteristic parameters and the higher-order characteristic parameters and data in the model number set according to an anomaly detection algorithm to calculate detection matching results of all data points in the access data set and known attack modes, wherein the detection matching results are similarity data or anomaly degree data, and the anomaly detection algorithm carries out matching calculation by adopting a Euclidean distance formula or a Gaussian mixture model or an anomaly estimation formula;
if the detection matching result sets a requirement, marking the corresponding data point as abnormal, and adding the data point marked as abnormal into the screening data group.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the anomaly estimation formula is:
wherein f (x) is the size of a probability value of abnormality occurring in the data point x, and r is a first estimation parameter; k is a second estimated parameter, and x is an attack characteristic parameter corresponding to the data point.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, before the matching the attack feature parameter and the higher-order feature parameter with the data in the model dataset according to the anomaly detection algorithm, the method includes:
the attack characteristic parameters, the higher-order characteristic parameters and the data in the model data set are subjected to data screening through a characteristic selection algorithm so as to select the characteristic parameters required by the number of the data set to be detected; the characteristic selection algorithm is a mutual information algorithm or a card checking algorithm;
The attack feature parameters and partial features of the higher-order feature parameters are combined by feature combination engineering pairs to generate a combination feature parameter or a polynomial feature parameter.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the reference dataset includes a reference deformation model CK bx, a reference vulnerability dataset CK bx, and a reference vulnerability index CK Ldzs, and the data encryption unit calculates a corresponding sequence dataset according to the screening dataset and the reference dataset, including:
The set of screening data Sxsj and the set of reference data are calculated to the set of sequence data Xlsj according to a sequence calculation formula:
Wherein Xlsj denotes the sequence data set, The method comprises the steps of representing a deformation sequence split according to access data variables in a screening data set, wherein CK bx represents a deformation algorithm corresponding to single or multiple data in a reference deformation model according to the access data set; x n is the corresponding data point parameter.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, calculating a corresponding encrypted data set according to the encrypted data set and the reference data set includes:
Performing privacy class determination on each piece of data to be encrypted in the encrypted data set according to a set privacy class list to acquire encryption level information corresponding to the data to be encrypted;
acquiring an encryption function corresponding to the encryption level information according to the encryption level information;
Encrypting the data to be encrypted in the corresponding encrypted data set according to the encryption function, recording the encryption parameter and the intermediate result of each step in the encryption process, and generating a corresponding unlocking key based on the encryption parameter and the intermediate result; the unlocking key corresponds to the encrypted data;
and combining the encrypted results of various types of private data to form an encrypted data set, wherein the encrypted data set comprises a plurality of encrypted data blocks and corresponding unlocking keys.
In a first aspect of the embodiment of the present invention, the calculating a corresponding vulnerability index according to the sequence data set and the reference data set, and comparing the vulnerability index with the reference vulnerability index in the reference data set includes:
Calculating the sequence data set and the reference data set to obtain vulnerability indexes corresponding to all time points;
If the vulnerability index is smaller than the reference vulnerability index, determining that the corresponding data is safety data, and generating a safety transmission signal;
If the vulnerability index is not smaller than the reference vulnerability index, determining the corresponding data as abnormal data, generating a vulnerability repair signal, and transmitting the corresponding abnormal data to the recognition model unit through network transmission so as to perform optimization training on the recognition model unit.
The second aspect of the embodiment of the invention discloses a data encryption system based on malicious attack of a big data network, which comprises the following components:
and the acquisition module is used for: for real-time acquisition of corresponding access data sets via a network-connected big data platform, and transmitting the access data set to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
The acquisition module is used for: the method comprises the steps of obtaining a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
numbering processing module: the attack detection unit is used for numbering characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmitting the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index;
The calculation module: the data encryption unit is used for obtaining a corresponding sequence data set through calculation according to the screening data set and the reference data set, transmitting the sequence data set to the vulnerability detection unit through a network, and collecting an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set;
index comparison module: and the system is used for calculating and obtaining a corresponding vulnerability index according to the sequence data set and the reference data set, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
A third aspect of an embodiment of the present invention discloses an electronic device, including: a memory storing executable program code; a processor coupled to the memory; the processor invokes the executable program code stored in the memory to execute the data encryption method based on the malicious attack of the big data network disclosed in the first aspect of the embodiment of the invention.
A fourth aspect of the embodiment of the present invention discloses a computer-readable storage medium storing a computer program, where the computer program causes a computer to execute the data encryption method based on the malicious attack of the big data network disclosed in the first aspect of the embodiment of the present invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
The data encryption method for the malicious attack of the big data network has the technical effects of real-time protection, accurate detection, data encryption enhancement, vulnerability detection and repair, intellectualization and automation and the like, and provides more comprehensive and efficient safety guarantee for a big data platform.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow diagram of a data encryption method based on a malicious attack of a big data network according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a process for screening dataset determinations in accordance with an embodiment of the present invention;
Fig. 3 is a schematic structural diagram of a data encryption system based on malicious attack of a big data network according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present invention are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order. The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
At present, the traditional data encryption system based on the malicious attack of the big data network generally adopts symmetric encryption, asymmetric encryption, hash algorithm and the like to protect the privacy and the safety of data, but in the actual use process, the performance efficiency of the traditional data encryption system often cannot meet the encryption requirements of high-speed and large-capacity data, and when the traditional data encryption system is subjected to the malicious attack of a novel complex network, the intrusion detection false alarm rate is high, the adaptability is poor, the detection rate is low, the risks of data loss and data leakage cannot be effectively prevented, and the defending capability of the traditional data encryption system on the novel complex network attack is limited. Based on the above, the embodiment of the invention discloses a data encryption method, a system, electronic equipment and a storage medium based on malicious attack of a big data network, which have the technical effects of real-time protection, accurate detection, data encryption enhancement, vulnerability detection and repair, intellectualization and automation and the like, and provide more comprehensive and efficient security guarantee for a big data platform.
Example 1
Referring to fig. 1, fig. 1 is a flow chart of a data encryption method based on a malicious attack of a large data network according to an embodiment of the present invention. The execution main body of the method described in the embodiment of the invention is an execution main body composed of software or/and hardware, and the execution main body can receive related information in a wired or/and wireless mode and can send a certain instruction. Of course, it may also have certain processing and storage functions. The execution body may control a plurality of devices, such as a remote physical server or cloud server and related software, or may be a local host or server and related software that performs related operations on a device that is located somewhere, etc. In some scenarios, multiple storage devices may also be controlled, which may be located in the same location or in different locations than the devices. As shown in fig. 1, the data encryption method based on the big data network malicious attack comprises the following steps:
S101: the method comprises the steps of acquiring corresponding access data sets in real time through a network connection big data platform, and transmitting the access data sets to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
S102: acquiring a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
S103: the attack detection unit numbers the characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmits the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index;
S104: the data encryption unit calculates a corresponding sequence data set according to the screening data set and the reference data set, transmits the sequence data set to the vulnerability detection unit through a network, and collects an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set;
S105: and calculating according to the sequence data set and the reference data set to obtain a corresponding vulnerability index, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
According to the invention, the access data unit and the recognition model unit are arranged through the data monitoring module, the to-be-detected data set is collected, the attack detection unit numbers the to-be-detected data set according to the characteristics of the to-be-detected data set, and the to-be-detected data set Sxsj is generated by screening, the primary screening is carried out in the known malicious attack recognition model, the data encryption module calculates the sequence data set Xlsj through the editing arrangement unit, the novel complex malicious attack access data is processed in a normalization manner, the secondary splitting editing arrangement judgment is more accurate, the malicious attack data intrusion data encryption module with hidden waistcoat or variable disorder is avoided, and the accurate detection efficiency is high for judging malicious attacks.
According to the invention, a data encryption module is used for setting a multi-stage encryption unit to collect an encryption data set, then an encryption data set Jmsj is calculated, different types of key confidential and personal privacy data in an encryption system database are calculated, and corresponding to the calculated different types of privacy data unlocking keys, a vulnerability detection unit is set for calculating a vulnerability index Ldzs, a data transmission module is used for generating a signal according to the vulnerability index Ldzs and a reference vulnerability index CK Ldzs, a security check unit is connected with a central processing unit for transmitting the encryption data set Jmsj according to a security transmission signal, the security check unit repairs a firewall according to a vulnerability repair signal and transmits a sequence data set Xlsj to an identification model unit through a network, and the vulnerability repair is matched with an autonomous learning training system identification model, so that the security and system defensibility of key data are effectively ensured, and the high-speed encryption large-capacity data defensibility is strong.
The access data parameter in the embodiment of the invention can be an IP address: for identifying the location and network identity of the visitor. Access time: record when the visitor attempts to access the system. Access pages or resources: indicating the specific content that the visitor is attempting to access. Request type (GET, POST, etc.): indicating the manner in which the access request was made. Responding to the status code: such as 200,404,500, etc., represent the state of the server's response to the request. User Agent (User-Agent): providing information about the visitor's browser or client.
Identifying model parameters includes known attack patterns: features extracted from past attack cases, such as specific request formats, attack payloads, etc. Abnormal behavior patterns: modes of operation that are significantly inconsistent with normal user behavior, such as frequent login attempts, large requests for the same resource, etc. Flow characteristics: statistical characteristics of network traffic, such as packet size distribution, traffic.
To construct the data set under test, the system may combine the above parameters and may prepare the data set through some preprocessing steps (e.g., data cleaning, normalization, feature extraction, etc.). This data set is then input to an attack detection unit for further analysis and identification. In addition, depending on the actual network environment and security requirements, more parameters may be introduced to enhance the detection capabilities of the data set. For example, joining user behavior analysis, session duration, click stream data, etc. may be considered to improve the detection accuracy of malicious attacks.
More preferably, fig. 2 is a schematic flow chart of determining a screening data set according to an embodiment of the present invention, as shown in fig. 2, the attack detection unit numbers feature parameters in the to-be-detected data set to obtain a corresponding screening data set, including:
S1031: carrying out numbering treatment on the characteristic parameters in the access data set to obtain an access numbering set, wherein the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence; the characteristic parameters in the model dataset are numbered to obtain a model numbering set, and the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence;
S1032: extracting attack characteristic parameters associated with network attack in the access number set, wherein the characteristic parameters comprise access frequency, traffic pattern, source IP address and attack time point;
s1033: extracting the acquired attack characteristic parameters through a convolutional neural network to obtain corresponding high-order characteristic parameters;
S1034: carrying out data matching on the attack characteristic parameters and the higher-order characteristic parameters and data in the model number set according to an anomaly detection algorithm to calculate detection matching results of all data points in the access data set and known attack modes, wherein the detection matching results are similarity data or anomaly degree data, and the anomaly detection algorithm carries out matching calculation by adopting a Euclidean distance formula or a Gaussian mixture model or an anomaly estimation formula;
s1035: if the detection matching result sets a requirement, marking the corresponding data point as abnormal, and adding the data point marked as abnormal into the screening data group.
According to the scheme, the characteristic parameters in the access data set and the model data set are numbered, so that the data can be managed in a more standardized and systematic mode, and the data processing efficiency and accuracy are improved. This numbering process facilitates subsequent feature extraction and matching computations.
By extracting attack characteristic parameters associated with the network attack, such as access frequency, traffic pattern, source IP address, attack time point and the like, potential malicious attack behaviors can be more accurately identified. These feature parameters are of great significance in distinguishing normal access from malicious attacks.
The convolutional neural network is utilized to carry out high-order feature extraction on the attack feature parameters, so that more complex and deep attack modes can be captured. This higher order feature parameter extraction helps to improve the accuracy and sensitivity of attack detection.
And matching and calculating the attack characteristic parameters and the high-order characteristic parameters with data in the model number set through an anomaly detection algorithm, so that abnormal data points can be found in time and marked as anomalies. This data matching and anomaly detection mechanism helps to quickly identify and locate malicious attack.
The whole process of screening the data set is realized through an automatic and intelligent algorithm, so that the need of manual intervention is reduced, and the processing speed and accuracy of the system are improved. Meanwhile, by setting the requirement of detecting the matching result, the data set related to the malicious attack can be screened out more accurately, and powerful support is provided for subsequent data encryption and vulnerability detection.
More preferably, the anomaly estimation formula is:
wherein f (x) is the size of a probability value of abnormality occurring in the data point x, and r is a first estimation parameter; k is a second estimated parameter, and x is an attack characteristic parameter corresponding to the data point.
In the field of network security, the anomaly estimation formula is used for modeling the duration time, inter-arrival time or attack intensity of certain network attack modes; however, the first estimated parameter r and the second estimated parameter k in the above scheme are not fixed, and r and k may vary according to characteristics of the attack and statistical properties of the data for a specific network attack mode. For example, if the attack traffic exhibits a significant heavy tail distribution, i.e., a large portion of attack traffic is concentrated in a short period of time and a small portion of attack traffic is long in duration, the r parameter in the anomaly estimation formula may be less than 1, indicating such heavy tail characteristics.
In order to obtain the values for the corresponding parameters r and k, data related to a particular network attack pattern needs to be collected, which may include duration of attack, inter-arrival time or attack strength, etc. The specific values of parameters r and k are then estimated by maximum likelihood estimation or other optimization algorithms, which can be done by comparing the fit distribution to a histogram of the actual data or using other statistical tests (e.g., kolmogorov-Smirnov test) in order to verify the accuracy of the model after the fit is complete.
More preferably, before the matching of the attack characteristic parameter and the higher-order characteristic parameter with the data in the model dataset according to the anomaly detection algorithm, the method further includes:
the attack characteristic parameters, the higher-order characteristic parameters and the data in the model data set are subjected to data screening through a characteristic selection algorithm so as to select the characteristic parameters required by the number of the data set to be detected; the characteristic selection algorithm is a mutual information algorithm or a card checking algorithm;
The attack feature parameters and partial features of the higher-order feature parameters are combined by feature combination engineering pairs to generate a combination feature parameter or a polynomial feature parameter.
According to the scheme, the data is screened through the feature selection algorithm, so that the number of feature parameters involved in data matching can be remarkably reduced. This means that the system only needs to pay attention to those features that are highly relevant to malicious attacks when performing anomaly detection, thereby improving detection efficiency. Meanwhile, a feature selection algorithm (such as a mutual information algorithm or a card inspection algorithm) can automatically find out the features most relevant to the attack behaviors based on a statistical or machine learning method, so that the detection process is more intelligent and automatic.
The feature combination engineering generates new combined feature parameters or polynomial feature parameters by combining attack feature parameters and high-order feature parameters. The combination can capture information which is not reflected in the original characteristics, and further improves the performance of the detection model. The combined characteristic parameters may be more representative of the nature of the malicious attack, thereby improving the accuracy of the detection.
More preferably, the reference dataset includes a reference deformation model CK bx, a reference vulnerability dataset CK bx, and a reference vulnerability index CK Ldzs, and the data encryption unit calculates a corresponding sequence dataset according to the screening dataset and the reference dataset, including:
The set of screening data Sxsj and the set of reference data are calculated to the set of sequence data Xlsj according to a sequence calculation formula:
Wherein Xlsj denotes the sequence data set, The method comprises the steps of representing a deformation sequence split according to access data variables in a screening data set, wherein CK bx represents a deformation algorithm corresponding to single or multiple data in a reference deformation model according to the access data set; x n is the corresponding data point parameter.
Sxsj in the above formula can be viewed as a preliminary filtered set of network data flows or events that may contain potential offensiveness or normal behavior. In the context of network attack detection Sxsj may represent a series of network requests, packets, or other data related to network activity.
Xlsj in the formula can then be understood as a further analyzed and processed data sequence that may reveal abnormal behavior or attack patterns in the network. In network attack detection Xlsj might represent a set of data points that are identified as potential attacks.
CK bx represents a reference deformation model, which can be analogically modeled as attack patterns or behavioral characteristics known in the art of network security. In network attack detection, this deformation model may correspond to known attack signatures, behavior patterns, or characteristics of abnormal traffic.
In cyber attack detection, this process may involve statistical analysis of the data, pattern matching, time series analysis, etc., to identify abnormal activities that do not match the normal behavior pattern, which may be potential cyber attacks.
More preferably, the calculating according to the encrypted data set and the reference data set to obtain the corresponding encrypted data set includes:
Performing privacy class determination on each piece of data to be encrypted in the encrypted data set according to a set privacy class list to acquire encryption level information corresponding to the data to be encrypted;
acquiring an encryption function corresponding to the encryption level information according to the encryption level information;
Encrypting the data to be encrypted in the corresponding encrypted data set according to the encryption function, recording the encryption parameter and the intermediate result of each step in the encryption process, and generating a corresponding unlocking key based on the encryption parameter and the intermediate result; the unlocking key corresponds to the encrypted data;
and combining the encrypted results of various types of private data to form an encrypted data set, wherein the encrypted data set comprises a plurality of encrypted data blocks and corresponding unlocking keys.
The multi-stage encryption unit collects encrypted data sets through a network connection database, numbers the encrypted data sets, the numbers of the encrypted data sets are JM 1、JM2、JM3、...JMn, the numbers correspond to key confidential and personal privacy data of different types in the system database, and the multi-stage encryption unit calculates an encrypted data set Jmsj according to the encrypted data sets and the reference data sets and transmits the encrypted data set to the data transmission module through the network.
Specifically, in implementation, the encryption formula is specifically as follows:
Wherein Jmsj denotes the encrypted data set, Representing that the multi-level encryption is carried out according to the class a to class b privacy data in the encryption data set, and the class a to class b privacy data unlocking key is correspondingly calculated,Representing that the c-class to d-class private data in the encrypted data set is subjected to multi-stage encryption, and correspondingly calculating the c-class to d-class private data unlocking key, And carrying out multi-stage encryption according to the e-class to f-class privacy data in the encryption data set, and correspondingly calculating an e-class to f-class privacy data unlocking key.
And selecting a corresponding encryption function according to the encryption level information, so that the adaptivity of encryption processing is realized. The data of different levels adopts encryption algorithms with different intensities, so that the security of the data is ensured, and unnecessary waste of calculation resources is avoided. In the encryption process, the encryption parameters and intermediate results of each step are recorded, and a corresponding unlocking key is generated. The transparent encryption process is favorable for subsequent data recovery and verification, and the traceability and reliability of encryption are improved. The unlocking key corresponds to the encrypted data, so that when the data need to be accessed, the data can be conveniently decrypted through the unlocking key. The key management mode simplifies the data access flow and improves the user experience. And the encrypted results of various privacy data are combined to form an encrypted data group, so that the unified management and storage of the data are facilitated. Meanwhile, a plurality of encrypted data blocks in the encrypted data group are associated with the corresponding unlocking keys, so that the integrity and consistency of the data are ensured.
More preferably, the calculating according to the sequence data set and the reference data set to obtain the corresponding vulnerability index, comparing the vulnerability index with the reference vulnerability index in the reference data set includes:
Calculating the sequence data set and the reference data set to obtain vulnerability indexes corresponding to all time points;
If the vulnerability index is smaller than the reference vulnerability index, determining that the corresponding data is safety data, and generating a safety transmission signal;
If the vulnerability index is not smaller than the reference vulnerability index, determining the corresponding data as abnormal data, generating a vulnerability repair signal, and transmitting the corresponding abnormal data to the recognition model unit through network transmission so as to perform optimization training on the recognition model unit.
The vulnerability detection unit calculates a vulnerability index Ldzs according to the sequence data set Xlsj and the reference data set, and transmits the vulnerability index Ldzs to the data transmission module through a network, and the data encryption module is connected with the data transmission module through the network, and the calculation formula is as follows:
Wherein Ldzs denotes a vulnerability index, xlsj denotes a deformed sequence of access data variable split in a sequence data set, The vulnerability index obtained by calculating the access data deformation sequence and the reference vulnerability data set is represented, and the firewall vulnerability of the system is digitally evaluated according to the vulnerability index Ldzs, so that subsequent vulnerability repair and safe operation are facilitated, and the safety and system defensive performance of key data are effectively ensured;
The data transmission module comprises a bug repairing unit and a security checking unit, wherein the bug repairing unit generates signals according to a bug index Ldzs by comparing a reference data set, when the bug index Ldzs is smaller than a reference bug index CK Ldzs, the data in the access data set is judged to be security data, a security transmission signal is generated, when the bug index Ldzs is larger than or equal to the reference bug index CK Ldzs, the data in the access data set is judged to be abnormal data, the bug repairing signal is generated and is transmitted to the security checking unit through a network, the security checking unit is connected with a central processing unit according to the security transmission signal to transmit an encryption data set Jmsj, the security checking unit repairs a firewall according to the bug repairing signal and transmits a sequence data set Xlsj to the recognition model unit through the network, and the security checking unit is used for independently learning and training a system recognition model, so that the protection data defensive power is stronger.
The technical effects corresponding to the scheme are mainly realized in the following aspects:
First, real-time protection capability: by collecting the access data set of the network user accessing the big data platform in real time, the potential malicious attack can be detected and identified in real time. This real-time nature helps to quickly respond and reduces the loss that may be incurred by a malicious attack.
Second, accurate detection capability: the model dataset and the access dataset are utilized to construct a dataset to be detected, and the data set related to the malicious attack can be accurately screened and identified through the numbering process of the characteristic parameters. This approach helps to improve the accuracy and efficiency of the detection.
Third, data encryption enhancement: the data encryption unit constructs a sequence data group through the reference data set and performs encryption processing, so that the safety of data is greatly enhanced, and the risk of data leakage or malicious utilization is reduced.
Fourth, vulnerability detection and repair: by comparing the vulnerability index with the reference vulnerability index, the security vulnerabilities existing in the system can be found in time. Once the detected vulnerability index exceeds the preset threshold, the system generates a repair signal to trigger the security check unit to perform security detection, so that timely discovery and repair of the vulnerability are realized, and the security of the system is improved.
Fifth, intelligentization and automation: the whole encryption and detection process realizes automation and intellectualization through network connection and database interaction, reduces the need of manual intervention, and improves the response speed and the processing efficiency of the system.
In summary, the data encryption method based on the big data network malicious attack has the technical effects of real-time protection, accurate detection, data encryption enhancement, vulnerability detection and repair, intellectualization and automation and the like, and provides more comprehensive and efficient security guarantee for a big data platform.
Example two
Referring to fig. 3, fig. 3 is a schematic structural diagram of a data encryption system based on a malicious attack of a large data network according to an embodiment of the present invention. As shown in fig. 3, the data encryption system based on big data network malicious attack may include:
acquisition module 21: for real-time acquisition of corresponding access data sets via a network-connected big data platform, and transmitting the access data set to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
Acquisition module 22: the method comprises the steps of obtaining a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
the numbering process module 23: the attack detection unit is used for numbering characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmitting the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index;
Calculation module 24: the data encryption unit is used for obtaining a corresponding sequence data set through calculation according to the screening data set and the reference data set, transmitting the sequence data set to the vulnerability detection unit through a network, and collecting an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set;
Index comparison module 25: and the system is used for calculating and obtaining a corresponding vulnerability index according to the sequence data set and the reference data set, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
The technical effects corresponding to the scheme are mainly realized in the following aspects:
First, real-time protection capability: by collecting the access data set of the network user accessing the big data platform in real time, the potential malicious attack can be detected and identified in real time. This real-time nature helps to quickly respond and reduces the loss that may be incurred by a malicious attack.
Second, accurate detection capability: the model dataset and the access dataset are utilized to construct a dataset to be detected, and the data set related to the malicious attack can be accurately screened and identified through the numbering process of the characteristic parameters. This approach helps to improve the accuracy and efficiency of the detection.
Third, data encryption enhancement: the data encryption unit constructs a sequence data group through the reference data set and performs encryption processing, so that the safety of data is greatly enhanced, and the risk of data leakage or malicious utilization is reduced.
Fourth, vulnerability detection and repair: by comparing the vulnerability index with the reference vulnerability index, the security vulnerabilities existing in the system can be found in time. Once the detected vulnerability index exceeds the preset threshold, the system generates a repair signal to trigger the security check unit to perform security detection, so that timely discovery and repair of the vulnerability are realized, and the security of the system is improved.
Fifth, intelligentization and automation: the whole encryption and detection process realizes automation and intellectualization through network connection and database interaction, reduces the need of manual intervention, and improves the response speed and the processing efficiency of the system.
In summary, the data encryption method based on the big data network malicious attack has the technical effects of real-time protection, accurate detection, data encryption enhancement, vulnerability detection and repair, intellectualization and automation and the like, and provides more comprehensive and efficient security guarantee for a big data platform.
Example III
Referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the invention. The electronic device may be a computer, a server, or the like, and of course, may also be an intelligent device such as a mobile phone, a tablet computer, a monitor terminal, or the like, and an image acquisition device having a processing function. As shown in fig. 4, the electronic device may include:
A memory 510 storing executable program code;
A processor 520 coupled to the memory 510;
Wherein the processor 520 invokes the executable program code stored in the memory 510 to perform some or all of the steps in the data encryption method based on a big data network malicious attack in embodiment one.
The embodiment of the invention discloses a computer readable storage medium storing a computer program, wherein the computer program causes a computer to execute part or all of the steps in a data encryption method based on big data network malicious attack in the first embodiment.
The embodiment of the invention also discloses a computer program product, wherein when the computer program product runs on a computer, the computer is caused to execute part or all of the steps in the data encryption method based on the big data network malicious attack in the first embodiment.
The embodiment of the invention also discloses an application release platform, wherein the application release platform is used for releasing the computer program product, and when the computer program product runs on a computer, the computer is caused to execute part or all of the steps in the data encryption method based on the malicious attack of the big data network in the first embodiment.
In various embodiments of the present invention, it should be understood that the size of the sequence numbers of the processes does not mean that the execution sequence of the processes is necessarily sequential, and the execution sequence of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer-accessible memory. Based on this understanding, the technical solution of the present invention, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a memory, comprising several requests for a computer device (which may be a personal computer, a server or a network device, etc., in particular may be a processor in a computer device) to execute some or all of the steps of the method according to the embodiments of the present invention.
In the embodiments provided herein, it should be understood that "B corresponding to a" means that B is associated with a, from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may also determine B from a and/or other information.
Those of ordinary skill in the art will appreciate that some or all of the steps of the various methods of the described embodiments may be implemented by hardware associated with a program that may be stored in a computer-readable storage medium, including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM), one-time programmable Read-Only Memory (One-time Programmable Read-Only Memory, OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM), or other optical disk Memory, magnetic disk Memory, tape Memory, or any other medium capable of being used to carry or store data.
The data encryption method, system, electronic equipment and storage medium based on malicious attack of big data network disclosed in the embodiments of the present invention are described in detail, and specific examples are applied to illustrate the principles and embodiments of the present invention, and the description of the above embodiments is only used to help understand the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (7)

1. A data encryption method based on big data network malicious attack is characterized by comprising the following steps:
The method comprises the steps of acquiring corresponding access data sets in real time through a network connection big data platform, and transmitting the access data sets to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
Acquiring a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
The attack detection unit numbers the characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmits the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index; the attack detection unit numbers the characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and the attack detection unit comprises:
Carrying out numbering treatment on the characteristic parameters in the access data set to obtain an access numbering set, wherein the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence; numbering the characteristic parameters in the model data set to obtain a model number set;
extracting attack characteristic parameters associated with network attack in the access number set, wherein the characteristic parameters comprise access frequency, traffic pattern, source IP address and attack time point;
extracting the acquired attack characteristic parameters through a convolutional neural network to obtain corresponding high-order characteristic parameters;
Carrying out data matching on the attack characteristic parameters and the higher-order characteristic parameters and data in the model number set according to an anomaly detection algorithm to calculate detection matching results of all data points in the access data set and known attack modes, wherein the detection matching results are similarity data or anomaly degree data, and the anomaly detection algorithm carries out matching calculation by adopting a Euclidean distance formula or a Gaussian mixture model or an anomaly estimation formula;
If the detection matching result sets a requirement, marking the corresponding data point as abnormal, and adding the data point marked as abnormal into a screening data set;
The data encryption unit calculates a corresponding sequence data set according to the screening data set and the reference data set, transmits the sequence data set to the vulnerability detection unit through a network, and collects an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set; the reference data set includes a reference deformation model CK bx, a reference vulnerability data set CK k and a reference vulnerability index CK Ldzs, and the data encryption unit calculates a corresponding sequence data set according to the screening data set and the reference data set, including:
the screening data set Sxsj and the reference data set are calculated according to a sequence calculation formula to obtain a sequence data set Xlsj, wherein the sequence calculation formula is as follows:
Wherein Xlsj denotes the sequence data set, The method comprises the steps of representing a deformation sequence split according to access data variables in a screening data set, wherein CK bx represents a deformation algorithm corresponding to single or multiple data in a reference deformation model according to the access data set; x n is the corresponding data point parameter;
calculating to obtain a corresponding encrypted data group according to the encrypted data set, wherein the method comprises the following steps:
Performing privacy class determination on each piece of data to be encrypted in the encrypted data set according to a set privacy class list to acquire encryption level information corresponding to the data to be encrypted;
acquiring an encryption function corresponding to the encryption level information according to the encryption level information;
Encrypting the data to be encrypted in the corresponding encrypted data set according to the encryption function, recording the encryption parameter and the intermediate result of each step in the encryption process, and generating a corresponding unlocking key based on the encryption parameter and the intermediate result; the unlocking key corresponds to the encrypted data;
Combining the encrypted results of various types of private data to form an encrypted data set, wherein the encrypted data set comprises a plurality of encrypted data blocks and corresponding unlocking keys;
And calculating according to the sequence data set and the reference data set to obtain a corresponding vulnerability index, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
2. The data encryption method based on big data network malicious attack of claim 1, wherein the anomaly estimation formula is:
wherein f (x) is the size of a probability value of abnormality occurring in the data point x, and r is a first estimation parameter; k is a second estimated parameter, and x is an attack characteristic parameter corresponding to the data point.
3. The data encryption method based on big data network malicious attack according to claim 1, comprising, before said matching the attack characteristic parameters and higher order characteristic parameters with data in a model dataset according to an anomaly detection algorithm:
the attack characteristic parameters, the higher-order characteristic parameters and the data in the model data set are subjected to data screening through a characteristic selection algorithm so as to select the characteristic parameters required by the number of the data set to be detected; the characteristic selection algorithm is a mutual information algorithm or a card checking algorithm;
The attack feature parameters and partial features of the higher-order feature parameters are combined by feature combination engineering pairs to generate a combination feature parameter or a polynomial feature parameter.
4. The data encryption method based on malicious attack of big data network according to claim 1, wherein the calculating according to the sequence data set and the reference data set to obtain the corresponding vulnerability index, comparing it with the reference vulnerability index in the reference data set comprises:
Calculating the sequence data set and the reference data set to obtain vulnerability indexes corresponding to all time points;
If the vulnerability index is smaller than the reference vulnerability index, determining that the corresponding data is safety data, and generating a safety transmission signal;
If the vulnerability index is not smaller than the reference vulnerability index, determining the corresponding data as abnormal data, generating a vulnerability repair signal, and transmitting the corresponding abnormal data to the recognition model unit through network transmission so as to perform optimization training on the recognition model unit.
5. A data encryption system based on a malicious attack on a large data network, comprising:
and the acquisition module is used for: for real-time acquisition of corresponding access data sets via a network-connected big data platform, and transmitting the access data set to an attack detection unit; wherein the access data set is a data set of a network user accessing a corresponding network site;
The acquisition module is used for: the method comprises the steps of obtaining a model data set in a platform database through network connection, transmitting the model data set to an attack detection unit, and constructing a data set to be detected according to the model data set and an access data set;
Numbering processing module: the attack detection unit is used for numbering characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and transmitting the screening data set to the data encryption unit; the data encryption unit is connected with a platform database through a network to construct a reference data set; the reference data set comprises a reference deformation model, a reference vulnerability data set and a reference vulnerability index; the attack detection unit numbers the characteristic parameters in the data set to be detected to obtain a corresponding screening data set, and the attack detection unit comprises:
Carrying out numbering treatment on the characteristic parameters in the access data set to obtain an access numbering set, wherein the numbers of the access numbering set are FW 1、FW2、FW3、...FWn in sequence; numbering the characteristic parameters in the model data set to obtain a model number set;
extracting attack characteristic parameters associated with network attack in the access number set, wherein the characteristic parameters comprise access frequency, traffic pattern, source IP address and attack time point;
extracting the acquired attack characteristic parameters through a convolutional neural network to obtain corresponding high-order characteristic parameters;
Carrying out data matching on the attack characteristic parameters and the higher-order characteristic parameters and data in the model number set according to an anomaly detection algorithm to calculate detection matching results of all data points in the access data set and known attack modes, wherein the detection matching results are similarity data or anomaly degree data, and the anomaly detection algorithm carries out matching calculation by adopting a Euclidean distance formula or a Gaussian mixture model or an anomaly estimation formula;
If the detection matching result sets a requirement, marking the corresponding data point as abnormal, and adding the data point marked as abnormal into a screening data set;
The calculation module: the data encryption unit is used for obtaining a corresponding sequence data set through calculation according to the screening data set and the reference data set, transmitting the sequence data set to the vulnerability detection unit through a network, and collecting an encrypted data set through a network connection platform database; calculating to obtain a corresponding encrypted data group according to the encrypted data set and the reference data set; the reference data set includes a reference deformation model CK bx, a reference vulnerability data set CK k and a reference vulnerability index CK Ldzs, and the data encryption unit calculates a corresponding sequence data set according to the screening data set and the reference data set, including:
The set of screening data Sxsj and the set of reference data are calculated to the set of sequence data Xlsj according to a sequence calculation formula:
Wherein Xlsj denotes the sequence data set, The method comprises the steps of representing a deformation sequence split according to access data variables in a screening data set, wherein CK bx represents a deformation algorithm corresponding to single or multiple data in a reference deformation model according to the access data set; x n is the corresponding data point parameter;
calculating to obtain a corresponding encrypted data group according to the encrypted data set, wherein the method comprises the following steps:
Performing privacy class determination on each piece of data to be encrypted in the encrypted data set according to a set privacy class list to acquire encryption level information corresponding to the data to be encrypted;
acquiring an encryption function corresponding to the encryption level information according to the encryption level information;
Encrypting the data to be encrypted in the corresponding encrypted data set according to the encryption function, recording the encryption parameter and the intermediate result of each step in the encryption process, and generating a corresponding unlocking key based on the encryption parameter and the intermediate result; the unlocking key corresponds to the encrypted data;
Combining the encrypted results of various types of private data to form an encrypted data set, wherein the encrypted data set comprises a plurality of encrypted data blocks and corresponding unlocking keys;
index comparison module: and the system is used for calculating and obtaining a corresponding vulnerability index according to the sequence data set and the reference data set, comparing the vulnerability index with the reference vulnerability index in the reference data set, generating a repair signal if the vulnerability index is detected to exceed a preset threshold value, and transmitting the repair signal to a security check unit for security detection.
6. An electronic device, comprising: a memory storing executable program code; a processor coupled to the memory; the processor invokes the executable program code stored in the memory for performing the data encryption method based on big data network malicious attacks of any of claims 1 to 4.
7. A computer-readable storage medium storing a computer program, wherein the computer program causes a computer to execute the data encryption method based on a big data network malicious attack according to any of claims 1 to 4.
CN202410449558.1A 2024-04-15 2024-04-15 Data encryption method and system based on malicious attacks on big data networks Active CN118200022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410449558.1A CN118200022B (en) 2024-04-15 2024-04-15 Data encryption method and system based on malicious attacks on big data networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410449558.1A CN118200022B (en) 2024-04-15 2024-04-15 Data encryption method and system based on malicious attacks on big data networks

Publications (2)

Publication Number Publication Date
CN118200022A CN118200022A (en) 2024-06-14
CN118200022B true CN118200022B (en) 2024-11-22

Family

ID=91413754

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410449558.1A Active CN118200022B (en) 2024-04-15 2024-04-15 Data encryption method and system based on malicious attacks on big data networks

Country Status (1)

Country Link
CN (1) CN118200022B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996286A (en) * 2023-07-31 2023-11-03 南京信同诚信息技术有限公司 Network attack and security vulnerability management framework platform based on big data analysis

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017210005A1 (en) * 2016-05-31 2017-12-07 University Of South Florida Systems and methods for detecting attacks in big data systems
CN113726790B (en) * 2021-09-01 2023-06-16 中国移动通信集团广西有限公司 Network attack source identification and blocking method, system, device and medium
WO2024068238A1 (en) * 2022-09-28 2024-04-04 British Telecommunications Public Limited Company Malicious domain name detection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996286A (en) * 2023-07-31 2023-11-03 南京信同诚信息技术有限公司 Network attack and security vulnerability management framework platform based on big data analysis

Also Published As

Publication number Publication date
CN118200022A (en) 2024-06-14

Similar Documents

Publication Publication Date Title
CN111245793A (en) Method and device for analyzing abnormity of network data
CN111490970A (en) Tracing analysis method for network attack
Rizvi et al. Application of artificial intelligence to network forensics: Survey, challenges and future directions
Wang et al. MAAC: Novel alert correlation method to detect multi-step attack
CN117478433A (en) Network and information security dynamic early warning system
CN108259498A (en) A kind of intrusion detection method and its system of the BP algorithm based on artificial bee colony optimization
CN110868403B (en) Method and equipment for identifying advanced persistent Attack (APT)
CN116418587B (en) Data cross-domain switching behavior audit trail method and data cross-domain switching system
CN118972127A (en) A real-time analysis and monitoring method for network security information data
CN117527412A (en) Data security monitoring method and device
CN115694928A (en) Cloud honeypot of whole-ship computing environment, attack event perception and behavior analysis method
CN117375997A (en) Malicious traffic attack security knowledge plane construction method based on honey points
Bortolameotti et al. Headprint: detecting anomalous communications through header-based application fingerprinting
CN118138361A (en) Security policy making method and system based on autonomously evolutionary agent
CN113411297A (en) Situation awareness defense method and system based on attribute access control
CN119047836A (en) Asset risk assessment method and device for power monitoring system, terminal equipment and storage medium
CN118890211A (en) APT attack behavior detection method, system and readable storage medium
CN113660222A (en) Situation awareness defense method and system based on mandatory access control
CN118157922A (en) Host security depth defense method and device
Wang et al. Network security situation evaluation based on modified DS evidence theory
CN118200022B (en) Data encryption method and system based on malicious attacks on big data networks
Prabu et al. An automated intrusion detection and prevention model for enhanced network security and threat assessment
Azeroual et al. A framework for implementing an ml or dl model to improve intrusion detection systems (ids) in the ntma context, with an example on the dataset (cse-cic-ids2018)
CN119363485B (en) Attack data multi-dimensional analysis method, device, equipment and storage medium
CN112637217B (en) Active defense method and device of cloud computing system based on bait generation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant