CN113312333A

CN113312333A - Security service updating method based on block chain and cloud computing center

Info

Publication number: CN113312333A
Application number: CN202110414965.5A
Authority: CN
Inventors: 曹青青
Original assignee: Individual
Current assignee: Individual
Priority date: 2020-10-24
Filing date: 2020-10-24
Publication date: 2021-08-27
Also published as: CN113312332A; CN112286906B; CN112286906A

Abstract

The embodiment of the application provides a safety service updating method based on a block chain and cloud computing and a cloud computing center, wherein target protection record information is divided into a series of clustering protection record information in advance, and then virtual machine access action analysis is carried out on each clustering protection record information through a target safety protection cloud computing model so as to identify the virtual machine access action to which the target safety protection record information belongs, and therefore the accuracy of monitoring the virtual machine access action is improved. In addition, when the clustering protection record information meeting the monitoring condition of the access action of the virtual machine exists, the clustering protection record information is detected, the target safety protection object possibly carrying the excessive protection deviation can be quickly determined, and the reliability of the subsequent safety protection process can be ensured after the targeted updating is carried out.

Description

Security service updating method based on block chain and cloud computing center

The application is a divisional application of Chinese application with the name of 'block chain and cloud computing based information security processing method and cloud computing center' and is invented and created by application number 202011150650.6 and application date of 24.10.10.2020.

Technical Field

The application relates to the technical field of block chain financial business, in particular to a safety service updating method based on a block chain and cloud computing and a cloud computing center.

Background

The traditional handwriting batch record is suitable for almost all environments and depends on manual record, however, the authenticity of the data is not examined and is easy to be counterfeited; data cannot be recorded in time, and post writing is easily caused; the data is stored after being recorded by paper, and is easy to lose or damage and cannot be recovered; the writer has different writing, which is easy to cause confusion of recognition; too much data is inconvenient to retrieve after the data is stored for a long time.

In the related technology, the electronic batch records read production data in real time by using configuration and are stored in the database to form the electronic batch records, although the timeliness of the records is improved, the data is automatically read at fixed intervals by a system, the data can be artificially and deliberately modified, and the reliability needs to be enhanced.

Based on this, in the research process, the inventor arranges the generated block data packets according to the preset rule, so that the confidence coefficient of the artificial deliberate modification can be reduced, and the block data packets are further stored in the block chain, and whether the data is falsified or not can be conveniently judged at the first time in the following by using the characteristics of the blocks, so that the reliability enhancement is performed by using the characteristics of the block chain. However, for the electronic batch record security service for performing security protection, how to improve the security protection effect of the electronic batch record security service for the target record financial transaction after updating every time and reduce manual participation as much as possible is a technical problem to be solved in the art.

Disclosure of Invention

In order to overcome at least the above-mentioned deficiencies in the prior art, the present application aims to provide a security service updating method and a cloud computing center based on a block chain and cloud computing, wherein a security test target with a difference in evaluation attribute in a security test result is determined by comparing the evaluation attribute of a security event of a set security protection item with a security event database corresponding to the set security protection item, and then according to the security test target with the difference in evaluation attribute, a security parameter corresponding to the set security protection item in an electronic batch record security service of a target record financial transaction is automatically updated, and an access request parameter of the target record financial transaction accessed through the block chain is subjected to security protection processing based on the updated security parameter, thereby improving the security protection effect of the electronic batch record security service of the target record financial transaction, the manual participation is reduced, and the manual resources are saved. In addition, the safety protection parameters are only updated in the whole process, and the prior updating effect of the electronic batch record safety service is not influenced.

In a first aspect, the present application provides an information security processing method based on a block chain and cloud computing, which is applied to a cloud computing center, where the cloud computing center is in communication connection with a plurality of electronic batch recording terminals, and the method includes:

the method comprises the steps that safety protection testing is carried out on target record financial services under each information safety testing interface by calling electronic batch record safety services of the target record financial services subjected to electronic batch record safety service updating in advance to obtain safety protection testing results;

comparing the safety event evaluation attribute of the set safety protection item in the safety protection test result with the safety event comparison attribute in the safety event database corresponding to the set safety protection item;

according to the comparison result, determining safety protection test targets with different evaluation attributes in the safety protection test result, and acquiring test table item operation parameters of the safety protection test targets with different evaluation attributes in each safety protection test link;

and updating the safety protection parameters corresponding to the set safety protection items in the electronic batch record safety service of the target record financial business according to the test table item operation parameters of the safety protection test targets with different evaluation attributes in each safety protection test link, and performing safety protection processing on the access request parameters of the target record financial business accessed through the block chain based on the updated safety protection parameters.

In a possible implementation manner of the first aspect, the determining, according to the comparison result, a safety protection test target with a difference in evaluation attribute in the safety protection test result includes at least one of the following items or any combination thereof:

determining a newly added safety protection test target in the safety protection test result according to the comparison result of the safety event evaluation attribute of the set safety protection item and the safety event database, wherein the newly added safety protection test target comprises: the number of evaluation attribute elements which do not appear in the security event database but appear in the security event evaluation attributes matches the number of first set evaluation attribute elements, and the attribute influence degree at each occurrence in the security event evaluation attributes reaches a security protection test target of a proportion matching set proportion of first preset influence degree;

determining a failure safety protection test target in the set safety protection project according to the comparison result of the safety event evaluation attribute of the set safety protection project and the safety event database; the fail safe protection test target includes: the number of continuous evaluation attribute elements which appear in the security event database but do not appear in the security event evaluation attribute matches the security protection test target of the second set evaluation attribute element number;

or, according to the comparison result of the safety event evaluation attribute of the set safety protection project and the safety event database, determining a differentiated safety protection test target with abnormal differentiation in the set safety protection project; the differentiation safety protection test targets include: and according to the security event database, determining that the event trigger node information is inconsistent with the event trigger node information in the security event evaluation attribute.

In a possible implementation manner of the first aspect, determining, according to a comparison result between the security event evaluation attribute of the set security protection item and the security event database, a differentiated security protection test target in which abnormal differentiation occurs in the set security protection item includes:

determining a first global safety protection test target list of candidate safety protection test targets through a safety event database for the candidate safety protection test targets with the attribute influence degree matched with a first preset influence degree in the safety event evaluation attributes; the first global safety protection test target list comprises at least one first global safety protection test target, wherein the first global safety protection test target is a safety protection test target which is commonly present in the same safety event comparison attribute with the candidate safety protection test target and the attribute influence degree in the safety event comparison attribute reaches a first preset influence degree;

determining a second global security protection test target list of the candidate security protection test targets according to the security event evaluation attribute; the second global security protection test target list comprises at least one second global security protection test target, and the second global security protection test target is a security protection test target which is commonly present in the same security event evaluation attribute with the candidate security protection test target and has an attribute influence degree reaching a first preset influence degree in the security event evaluation attribute;

if the correlation parameter of the first global safety protection test target list and the second global safety protection test target list is lower than the set correlation parameter, taking the candidate safety protection test target as a safety protection test target to be confirmed;

selecting a safety event evaluation attribute as a reference safety event evaluation attribute, wherein the attribute influence degree of the safety protection test target to be confirmed reaches a second preset influence degree;

or selecting a preset number of safety event evaluation attributes from the safety event evaluation attributes of which the attribute influence degree of the safety protection test target to be confirmed reaches a second preset influence degree to serve as reference safety event evaluation attributes;

if the proportion of inconsistency between the first event trigger node information of the safety protection test target to be confirmed determined according to the safety event database and the second event trigger node information indicated by the reference safety event evaluation attribute reaches a set proportion, determining the safety protection test target to be confirmed as a differentiated safety protection test target; wherein, the inconsistency between the first event trigger node information and the second event trigger node information comprises: the first event trigger node information is different from the trigger node indicated by the second event trigger node information, or the difference between the trigger nodes indicated by the first event trigger node information and the second event trigger node information exceeds the set difference.

In a possible implementation manner of the first aspect, the first event trigger node information of the to-be-confirmed safety protection test target includes a trigger node where the to-be-confirmed safety protection test target is located and a trigger segment where the to-be-confirmed safety protection test target is located;

the process for determining the node information triggered by the first event of the safety protection test target to be confirmed comprises the following steps:

determining a trigger node where the safety protection test target to be confirmed is located according to the test table item operation parameters of the safety protection test target to be confirmed in the safety event comparison attributes contained in the safety event database;

taking a trigger segment of a safety protection test link in which the test table item operation parameters of the safety protection test target to be confirmed in the determined trigger node are matched with the set test table item operation parameters as a trigger segment in which the safety protection test target to be confirmed is located;

the determining the trigger node where the safety protection test target to be confirmed is located according to the test table entry operating parameter of the safety protection test target to be confirmed in the safety event comparison attribute contained in the safety event database includes:

taking the trigger nodes meeting the following conditions as candidate trigger nodes:

the security event comparison attribute indicated triggering node with the maximum test table item operation parameter of the security protection test target to be confirmed in the security event database;

the triggering node with the largest occurrence frequency in the security event comparison attributes of the security protection test target to be confirmed is contained in the security event database;

the triggering node with the maximum attribute influence average value of the safety protection test target to be confirmed in the safety event database;

the trigger node with the maximum median of the attribute influence degrees of the safety protection test target to be confirmed in the safety event database;

and in the candidate trigger nodes, if the occurrence frequency of the same trigger node is matched with the set frequency, taking the same trigger node as the trigger node where the safety protection test target to be confirmed is located.

In a possible implementation manner of the first aspect, the obtaining test table entry operating parameters of safety protection test targets with different evaluation attributes in each safety protection test link includes:

performing information matching on the evaluation attribute tracing information corresponding to each safety event evaluation attribute and the tracing object of the safety protection test target;

adding evaluation attribute tracing information with the matching degree reaching the set matching degree to a target reference test library;

for each safety protection testing link, determining each evaluation attribute traceability information in a triggering subsection interval of the safety protection testing link in the target reference testing library;

and determining the test table entry operating parameters of the safety protection test target in the safety protection test link according to the attribute influence degree of the safety protection test target on each determined evaluation attribute tracing information and the difference between each piece of evaluation attribute tracing information and the safety protection test link.

In a possible implementation manner of the first aspect, the performing information matching on the evaluation attribute tracing information corresponding to each security event evaluation attribute with the tracing object in the set security protection item includes:

for each continuous evaluation attribute tracing information, determining a tracing object safety template corresponding to the evaluation attribute tracing information in a tracing object;

determining the matching degree of the evaluation attribute tracing information according to the difference between the evaluation attribute tracing information and the corresponding tracing object security template; or

Forming an evaluation attribute tracing unit sequence by the continuous evaluation attribute tracing information, determining a plurality of reference tracing partitions according to initial evaluation attribute tracing information in the evaluation attribute tracing information and tracing parameters in the safety event evaluation attribute, and forming a reference tracing partition set;

and determining the matching degree of each piece of evaluation attribute tracing information in the evaluation attribute tracing unit sequence according to the difference between the evaluation attribute tracing unit sequence and the reference tracing partition set.

In a possible implementation manner of the first aspect, updating a security protection parameter corresponding to a set security protection item in an electronic batch record security service of the target record financial service according to a test table entry operating parameter of a security protection test target in each security protection test link, where the evaluation attribute of the security protection test target is different, and performing security protection processing on an access request parameter of the target record financial service accessed via a block chain based on the updated security protection parameter includes:

determining compatibility evaluation indexes of the safety protection test targets according to test table item operation parameters of the safety protection test targets with different evaluation attributes in each safety protection test link;

if the compatibility evaluation index of the safety protection test target with the evaluation attribute difference meets a preset condition, updating the test table item operation parameters of the safety protection test target with the evaluation attribute difference in each safety protection test link to the safety protection parameters corresponding to the set safety protection item in the electronic batch record safety service of the target record financial service, and performing safety protection processing on the access request parameters of the target record financial service accessed via the block chain based on the updated safety protection parameters, wherein the preset condition comprises one or any combination of the following conditions:

the intensity of the tracing test distribution of the safety protection test target is matched with the set intensity;

the source tracing test of the safety protection test target is distributed at the adjacent trigger nodes;

the coverage range of the signal of the safety protection test target is within a set range interval;

and the key test table item operation parameters of the safety protection test target are matched with the preset test table item operation parameters.

In a possible implementation manner of the first aspect, the electronic batch record security service of the target record financial transaction after the electronic batch record security service is updated in advance is obtained by:

acquiring target protection record information containing a target safety protection object in electric power batch record safety big data of financial services to be updated, which provide cloud computing services for the plurality of electronic batch record terminals, and clustering the target protection record information to obtain clustered protection record information corresponding to the target protection record information;

acquiring a target safety protection cloud computing model corresponding to the target protection record information, extracting a first protection behavior characteristic and a second protection behavior characteristic from the clustered protection record information through the target safety protection cloud computing model, and splicing the first protection behavior characteristic and the second protection behavior characteristic to obtain a protection behavior splicing characteristic associated with the target protection record information;

according to the protection behavior splicing characteristics and the target safety protection cloud computing model, performing virtual machine access action analysis on the clustering protection record information to obtain a virtual machine access action analysis result corresponding to the clustering protection record information;

if the virtual machine access action analysis result indicates that clustered protection record information meeting the virtual machine access action monitoring condition exists in the target protection record information, determining the target security protection object as a target action object, and updating the electronic batch recording security service of the cloud computing center based on the target action object and the clustered protection record information meeting the virtual machine access action monitoring condition corresponding to the target action object.

In a possible implementation manner of the first aspect, the updating, based on the target action object and the cluster protection record information corresponding to the target action object and satisfying the monitoring condition of the virtual machine access action, the electronic batch record security service of the cloud computing center includes:

extracting an interception environment component corresponding to each target dynamic protection interface in clustering protection record information which corresponds to the target action object and meets the monitoring condition of the access action of the virtual machine, and extracting interception penetration injection codes of the interception environment components in parallel while acquiring an original application program layer list associated with the interception environment components in interception operation from an environment component enabling file of the interception environment components;

determining interception rule distribution information for performing simulation analysis on the original application program layer list based on the extracted interception penetration injection codes, extracting interception rule dependent factor parameters of a plurality of interception rule dependent factor nodes to be used and dependent factor combination information among different interception rule dependent factor nodes from the interception rule distribution information, and performing source tracing test processing on the plurality of interception rule dependent factor nodes to be used according to the interception rule dependent factor parameters and the dependent factor combination information to obtain at least two target interception rule dependent operation objects; the operating environment interval of the interception rule dependent factor parameter of the target interception rule dependent on the operation object is positioned in the set interval, and different target interception rules depend on the dependent factor between the operation objects, and the difference degree of the information is smaller than the set value;

performing simulation analysis on the original application program layer list through the target interception rule dependent operation object to obtain a candidate safety protection item list;

determining rule base updating distribution of the candidate safety protection item list according to a target interception penetration injection code determined from a preset interception environment operation record of the trusted test platform, and determining rule base expansion distribution of the candidate safety protection item list according to a service label in the determined candidate safety protection item list;

performing trusted dynamic protection interface extraction on the candidate safety protection item list based on the rule base updating distribution and the rule base expansion distribution to obtain a trusted dynamic protection interface set;

and updating the electronic batch record security service of the cloud computing center based on the trusted dynamic protection interface set.

In a second aspect, an embodiment of the present application further provides an information security processing apparatus based on a block chain and cloud computing, which is applied to a cloud computing center, where the cloud computing center is in communication connection with a plurality of electronic batch recording terminals, and the apparatus includes:

the protection testing module is used for carrying out safety protection testing on the target record financial business under each information safety testing interface by calling the electronic batch record safety service of the target record financial business subjected to electronic batch record safety service updating in advance to obtain a safety protection testing result;

the comparison module is used for comparing the safety event evaluation attribute of the set safety protection item in the safety protection test result with the safety event comparison attribute in the safety event database corresponding to the set safety protection item;

the determining module is used for determining safety protection test targets with different evaluation attributes in the safety protection test results according to the comparison results, and acquiring test table item operating parameters of the safety protection test targets with different evaluation attributes in each safety protection test link;

and the updating module is used for updating the safety protection parameters corresponding to the set safety protection items in the electronic batch record safety service of the target record financial business according to the test table item operation parameters of the safety protection test targets with different evaluation attributes in each safety protection test link, and performing safety protection processing on the access request parameters of the target record financial business accessed through the block chain based on the updated safety protection parameters.

In a third aspect, an embodiment of the present application further provides an information security processing system based on a block chain and cloud computing, where the information security processing system based on the block chain and cloud computing includes a cloud computing center and a plurality of electronic batch recording terminals communicatively connected to the cloud computing center;

the cloud computing center is used for:

In a fourth aspect, an embodiment of the present application further provides a cloud computing center, where the cloud computing center includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being communicatively connected to at least one electronic batch recording terminal, the machine-readable storage medium is used for storing a program, an instruction, or a code, and the processor is used for executing the program, the instruction, or the code in the machine-readable storage medium to execute the method for processing information security based on a blockchain and cloud computing in the first aspect or any one of possible implementation manners in the first aspect.

In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed, the computer executes the method for processing information security based on blockchain and cloud computing in the first aspect or any one of the possible implementations of the first aspect.

Based on any one of the aspects, the safety event evaluation attribute of the set safety protection item is compared with the safety event database corresponding to the set safety protection item, the safety protection test target with the evaluation attribute difference in the safety protection test result is determined, then the safety protection parameter corresponding to the set safety protection item in the electronic batch record safety service of the target record financial business is automatically updated according to the safety protection test target with the evaluation attribute difference, and the access request parameter of the target record financial business accessed through the block chain is subjected to safety protection processing based on the updated safety protection parameter, so that the safety protection effect of the electronic batch record safety service of the target record financial business is improved, manual participation is reduced, and manual resources are saved. In addition, the safety protection parameters are only updated in the whole process, and the prior updating effect of the electronic batch record safety service is not influenced.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that need to be called in the embodiments are briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.

Fig. 1 is a schematic view of an application scenario of an information security processing system based on a block chain and cloud computing according to an embodiment of the present application;

fig. 2 is a schematic flowchart of an information security processing method based on a blockchain and cloud computing according to an embodiment of the present disclosure;

fig. 3 is a functional module schematic diagram of an information security processing apparatus based on a blockchain and cloud computing according to an embodiment of the present application;

fig. 4 is a schematic block diagram of structural components of a cloud computing center for implementing the above information security processing method based on a blockchain and cloud computing according to an embodiment of the present application.

Detailed Description

The present application will now be described in detail with reference to the drawings, and the specific operations in the method embodiments may also be applied to the apparatus embodiments or the system embodiments.

Fig. 1 is an interaction diagram of an information security processing system 10 based on a blockchain and cloud computing according to an embodiment of the present application. The information security processing system 10 based on the blockchain and the cloud computing may include a cloud computing center 100 and an electronic batch recording terminal 200 communicatively connected to the cloud computing center 100. The information security processing system 10 based on blockchain and cloud computing shown in fig. 1 is only one possible example, and in other possible embodiments, the information security processing system 10 based on blockchain and cloud computing may also include only one of the components shown in fig. 1 or may also include other components.

In this embodiment, the electronic batch recording terminal 200 may comprise a mobile device, a tablet computer, a laptop computer, etc., or any combination thereof. In some embodiments, the mobile device may include an internet of things device, a wearable device, a smart mobile device, a virtual reality device, an augmented reality device, or the like, or any combination thereof. In some embodiments, the internet of things device may include a control device of a smart appliance device, a smart monitoring device, a smart television, a smart camera, and the like, or any combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart lace, smart glass, a smart helmet, a smart watch, a smart garment, a smart backpack, a smart accessory, or the like, or any combination thereof. In some embodiments, the smart mobile device may include a smartphone, a personal digital assistant, a gaming device, and the like, or any combination thereof. In some embodiments, the virtual reality device and the augmented reality device may include a virtual reality helmet, virtual reality glass, a virtual reality patch, an augmented reality helmet, augmented reality glass, an augmented reality patch, or the like, or any combination thereof. For example, virtual reality devices and augmented reality devices may include various virtual reality products and the like.

In this embodiment, the cloud computing center 100 and the electronic batch recording terminal 200 in the information security processing system 10 based on the block chain and the cloud computing may execute the information security processing method based on the block chain and the cloud computing described in the following method embodiment in a matching manner, and the detailed description of the method embodiment below may be referred to for the specific execution steps of the cloud computing center 100 and the electronic batch recording terminal 200.

In order to solve the technical problem in the foregoing background art, fig. 2 is a schematic flowchart of an information security processing method based on a block chain and cloud computing according to an embodiment of the present application, where the information security processing method based on a block chain and cloud computing according to the present embodiment may be executed by the cloud computing center 100 shown in fig. 1, and the information security processing method based on a block chain and cloud computing is described in detail below.

Step S110, the electronic batch record security service of the target record financial service after the electronic batch record security service is updated in advance is called, and the target record financial service is subjected to security protection test under each information security test interface to obtain a security protection test result.

Step S120, comparing the security event evaluation attribute of the set security protection item in the security protection test result with the security event comparison attribute in the security event database corresponding to the set security protection item.

Step S130, according to the comparison result, determining the safety protection test targets with different evaluation attributes in the safety protection test result, and obtaining the test table entry operating parameters of the safety protection test targets with different evaluation attributes in each safety protection test link.

Step S140, according to the test table entry operating parameters of the safety protection test targets with different evaluation attributes in each safety protection test link, updating the safety protection parameters corresponding to the set safety protection items in the electronic batch record safety service of the target record financial service, and performing safety protection processing on the access request parameters of the target record financial service accessed through the block chain based on the updated safety protection parameters.

In this embodiment, in step S110, in the process of calling the electronic batch record security service of the target record financial service after the electronic batch record security service is updated in advance, performing the security protection test on the target record financial service under each information security test interface to obtain the security protection test result, for example, the process of the security protection test may be to perform the targeted security protection test on each security protection test item under each information security test interface through the electronic batch record security service, so as to obtain the security event evaluation attribute of each set security protection item in the security protection test result. Each safety protection test item corresponds to a safety event evaluation attribute, the safety protection test items can refer to test items under different safety simulation environments, the corresponding safety event evaluation attributes can refer to simulation index parameters generated under the test items, and in addition, setting the safety protection items can refer to completing an application program layer in an updating process.

In this embodiment, in step S120, in the process of comparing the security event evaluation attribute of the security protection item set in the security protection test result with the security event comparison attribute in the security event database corresponding to the set security protection item, specifically, a parameter change or a parameter difference existing in the security event evaluation attribute and the security event comparison attribute may be compared, so that a security protection test target with a difference in the evaluation attribute in the subsequent security protection test result may be determined.

In this embodiment, the test table entry operation parameter may refer to a configuration parameter used for controlling the whole safety protection process in the safety protection test process, and the configuration parameter is generally related to a safety protection test item. Therefore, according to the test table item operating parameters of the safety protection test target with different evaluation attributes in each safety protection test link, the safety protection parameters corresponding to the set safety protection items in the electronic batch record safety service of the target record financial business are updated, and performing security protection processing on an access request parameter of the target record financial service accessed through the blockchain based on the updated security protection parameter, the specific updating process may be a process of performing item configuration on the running parameters of the test table entry in each safety protection test item, and the specific item configuration process may be performed according to a scheme in the prior art, for example, for a data download item, the project configuration may be performed by a download configuration category corresponding to the data download project, may be performed manually by a developer, or may be performed automatically by a preset automation script.

Based on the design, in the embodiment, the safety event evaluation attribute of the set safety protection item is compared with the safety event database corresponding to the set safety protection item, the safety protection test target with the evaluation attribute difference in the safety protection test result is determined, then the safety protection parameter corresponding to the set safety protection item in the electronic batch record safety service of the target record financial business is automatically updated according to the safety protection test target with the evaluation attribute difference, and the access request parameter of the target record financial business accessed through the block chain is subjected to safety protection processing based on the updated safety protection parameter, so that the safety protection effect of the electronic batch record safety service of the target record financial business is improved, the manual participation is reduced, and the manual resources are saved. In addition, the safety protection parameters are only updated in the whole process, and the prior updating effect of the electronic batch record safety service is not influenced.

In a possible implementation manner, for step S130, in the process of determining, according to the comparison result, a safety protection test target with a difference in evaluation attribute in the safety protection test result, multiple implementation rules may be selected to determine, for example, at least one or any combination of the following may be included:

the first embodiment: determining a newly added safety protection test target in the safety protection test result according to the comparison result of the safety event evaluation attribute of the set safety protection project and the safety event database, wherein the newly added safety protection test target comprises: the number of evaluation attribute elements that do not appear in the security event database but appear in the security event evaluation attributes matches the first set number of evaluation attribute elements, and the degree of attribute influence at each occurrence in the security event evaluation attributes reaches a security protection test target with a first preset degree of influence proportional to the set proportion.

The second embodiment: and determining a failure safety protection test target in the set safety protection project according to the comparison result of the safety event evaluation attribute of the set safety protection project and the safety event database. Fail safe test objectives include: the number of consecutive evaluation attribute elements that appear in the security event database but not in the security event evaluation attribute matches the security protection test target for the second set number of evaluation attribute elements.

Third embodiment: and determining a differentiated safety protection test target with abnormal differentiation in the set safety protection project according to the comparison result of the safety event evaluation attribute of the set safety protection project and the safety event database. Differentiated safety protection test objectives include: and according to the security event database, determining that the event trigger node information is inconsistent with the event trigger node information in the security event evaluation attribute.

In a possible implementation manner, for the third implementation manner, for a candidate security protection test target whose attribute influence degree matches the first preset influence degree in the security event evaluation attribute, a first global security protection test target list of the candidate security protection test target may be determined by the security event database.

The first global security protection test target list comprises at least one first global security protection test target, and the first global security protection test target is a security protection test target which is commonly present in the same security event comparison attribute with the candidate security protection test target and has an attribute influence degree reaching a first preset influence degree in the security event comparison attribute.

Then, a second global security protection test target list of the candidate security protection test targets is determined through the security event evaluation attributes.

The second global security protection test target list comprises at least one second global security protection test target, and the second global security protection test target is a security protection test target which is commonly present in the same security event evaluation attribute with the candidate security protection test target and has an attribute influence degree reaching a first preset influence degree in the security event evaluation attribute.

In this way, if the correlation parameter between the first global security protection test target list and the second global security protection test target list is lower than the set correlation parameter, the candidate security protection test target is used as the security protection test target to be confirmed, and for the security protection test target to be confirmed, the security event evaluation attribute with the attribute influence degree reaching the second preset influence degree is selected as the reference security event evaluation attribute.

Or, in another possible implementation manner, a predetermined number of security event evaluation attributes may be selected from the security event evaluation attributes for which the attribute influence degree of the security protection test target to be confirmed reaches the second preset influence degree, and the selected security event evaluation attributes serve as the reference security event evaluation attributes.

In this way, if the proportion of inconsistency between the first event trigger node information of the safety protection test target to be confirmed determined according to the safety event database and the second event trigger node information indicated by the reference safety event evaluation attribute reaches the set proportion, the safety protection test target to be confirmed is determined as a differentiated safety protection test target.

The first event trigger node information is inconsistent with the second event trigger node information, and the method specifically includes: the first event trigger node information is different from the trigger node indicated by the second event trigger node information, or the difference between the trigger nodes indicated by the first event trigger node information and the second event trigger node information exceeds the set difference.

In a possible implementation manner, the information of the first event trigger node of the security protection test target to be confirmed includes a trigger node where the security protection test target to be confirmed is located and a trigger segment where the security protection test target to be confirmed is located.

Therefore, the process of determining the first event trigger node information of the safety protection test target to be confirmed can be that the trigger node where the safety protection test target to be confirmed is located is determined according to the test table entry operating parameters of the safety protection test target to be confirmed in the safety event comparison attributes contained in the safety event database, and then the trigger segment of the safety protection test link where the test table entry operating parameters of the safety protection test target to be confirmed in the determined trigger node are matched with the set test table entry operating parameters is used as the trigger segment where the safety protection test target to be confirmed is located.

Therefore, the trigger node where the safety protection test target to be confirmed is located is determined according to the test table entry operating parameters of the safety protection test target to be confirmed in the safety event comparison attributes contained in the safety event database, and the trigger node meeting the following conditions can be used as a candidate trigger node:

firstly, a triggering node indicated by a security event comparison attribute with the maximum test table item operation parameter of a security protection test target to be confirmed in a security event database.

And secondly, the triggering node with the largest occurrence frequency in the security event comparison attributes of the security protection test target to be confirmed is contained in the security event database.

And the triggering node with the maximum attribute influence average value of the safety protection test target to be confirmed in the third safety event database.

And fourthly, triggering the node with the maximum attribute influence median of the safety protection test target to be confirmed in the safety event database.

And fifthly, in the candidate trigger nodes, if the occurrence frequency of the same trigger node is matched with the set frequency, the same trigger node is used as the trigger node where the safety protection test target to be confirmed is located.

Further, in a possible implementation manner, for step S130, in the process of obtaining the test table entry operation parameters of the safety protection test targets in each safety protection test link, where the evaluation attributes of the safety protection test targets have differences, the following exemplary sub-steps may be implemented.

And a substep S131, performing information matching on the evaluation attribute tracing information corresponding to each safety event evaluation attribute and the tracing object of the safety protection test target.

And a substep S132 of adding the evaluation attribute tracing information with the matching degree reaching the set matching degree to the target reference test library.

And a substep S133 of determining each evaluation attribute traceability information in the triggering subsection interval of the safety protection testing link in the target reference testing library for each safety protection testing link.

And a substep S134 of determining test table entry operating parameters of the safety protection test target in the safety protection test link according to the attribute influence degree of the safety protection test target on each piece of evaluation attribute tracing information and the difference between each piece of evaluation attribute tracing information and the safety protection test link.

Exemplarily, in the sub-step S131, for each successive piece of the evaluative attribute tracing information, a tracing object security template corresponding to the evaluative attribute tracing information in the tracing object is determined, and then a matching degree of the evaluative attribute tracing information is determined according to a difference between the evaluative attribute tracing information and the corresponding tracing object security template.

For another example, in the sub-step S131, a plurality of continuous evaluation attribute tracing information may be formed into an evaluation attribute tracing unit sequence, a plurality of reference tracing partitions are determined according to the initial evaluation attribute tracing information in the plurality of evaluation attribute tracing information and the tracing parameter in the security event evaluation attribute, a reference tracing partition set is formed, and then the matching degree of each evaluation attribute tracing information in the evaluation attribute tracing unit sequence is determined according to the difference between the evaluation attribute tracing unit sequence and the reference tracing partition set.

Further, in a possible implementation manner, for step S140, in a process of performing, according to a test table entry operating parameter of a security protection test target with a difference in evaluation attribute in each security protection test link, updating a security protection parameter corresponding to a set security protection item in an electronic batch record security service of a target record financial service, and performing, based on the updated security protection parameter, security protection processing on an access request parameter of the target record financial service accessed via a block chain, the following exemplary sub-steps may be implemented.

And a substep S141, determining the compatibility evaluation index of the safety protection test target according to the test table item operating parameters of the safety protection test target with different evaluation attributes in each safety protection test link.

And a substep S142, if the compatibility evaluation index of the safety protection test targets with different evaluation attributes meets the preset condition, updating the test table item operation parameters of the safety protection test targets with different evaluation attributes in each safety protection test link to the safety protection parameters corresponding to the set safety protection items in the electronic batch record safety service of the target record financial service, and performing safety protection processing on the access request parameters of the target record financial service accessed via the block chain based on the updated safety protection parameters.

The specific updating process is illustrated in the foregoing description, and is not described herein again.

Further, in some possible examples, the preset condition may include one or any combination of the following:

1) the concentration degree of the source tracing test distribution of the safety protection test target is matched with the set concentration degree.

2) The source tracing test of the safety protection test target is distributed at the adjacent trigger nodes.

3) The coverage range of the signal of the safety protection test target is within the set range interval.

4) The key test table entry operation parameters of the safety protection test target are matched with the preset test table entry operation parameters.

It is understood that, in the actual implementation process, any combination of the above preset conditions can be used for implementation, and the implementation is not limited specifically.

Further, regarding the aforementioned step S110, the electronic batch record security service of the target record financial transaction after the electronic batch record security service is updated in advance can be obtained through the following exemplary sub-steps, which are described in detail as follows.

And a substep S111, obtaining target protection record information including a target safety protection object in the power batch record safety big data of the financial service to be updated, which provides the cloud computing service for the plurality of electronic batch record terminals 200, and performing clustering processing on the target protection record information to obtain clustered protection record information corresponding to the target protection record information.

And a substep S112, obtaining a target safety protection cloud computing model corresponding to the target protection record information, extracting a first protection behavior characteristic and a second protection behavior characteristic from the clustered protection record information through the target safety protection cloud computing model, and splicing the first protection behavior characteristic and the second protection behavior characteristic to obtain a protection behavior splicing characteristic associated with the target protection record information.

And a substep S113, performing virtual machine access action analysis on the clustering protection record information according to the protection behavior splicing characteristics and the target safety protection cloud computing model to obtain a virtual machine access action analysis result corresponding to the clustering protection record information.

And a substep S114, if the virtual machine access action analysis result indicates that clustered protection record information meeting the virtual machine access action monitoring condition exists in the target protection record information, determining the target security protection object as a target action object, and updating the electronic batch recording security service of the cloud computing center based on the target action object and the clustered protection record information meeting the virtual machine access action monitoring condition corresponding to the target action object.

In this embodiment, when the target protection record information including the target security protection object is acquired, clustering may be performed on the target protection record information to divide the target protection record information into one or more clusters, where the number of the divided clusters is not limited. It should be understood that the protection recording information corresponding to each cluster may be collectively referred to as cluster protection recording information in the embodiments of the present application. In addition, it can be understood that the target security protection object herein may be a protection object of a certain security protection node in a security protection simulation scene, and optionally, the target security protection object herein may also be identification information for identifying a certain scene object in a recognition scene, where a specific type of the target security protection object will not be limited herein.

Further, the target protection record information can be sent to a trained target safety protection cloud computing model, so that the first protection behavior feature and the second protection behavior feature are extracted from the divided cluster protection record information through the target safety protection cloud computing model, and then the extracted first protection behavior feature and the extracted second protection behavior feature can be spliced to obtain protection behavior splicing features associated with the target protection record information.

It can be understood that, in the embodiment of the present application, after the first protection behavior feature and the second protection behavior feature extracted from each piece of cluster protection record information are subjected to the splicing processing, the accuracy of subsequently classifying the access action of the virtual machine to which each piece of cluster protection record information belongs can be improved. Further, virtual machine access action analysis can be performed on the clustering protection record information according to the protection action splicing characteristics and the target security protection cloud computing model, so that a virtual machine access action analysis result corresponding to the target protection record information is obtained.

It can be understood that, in the embodiment of the present application, the virtual machine access action analysis result may include a virtual machine access action analysis result corresponding to each piece of clustered protection recording information, so that when it is detected that a virtual machine access action analysis result corresponding to clustered protection recording information that satisfies a virtual machine access action monitoring condition exists in the virtual machine access action analysis results, it may be determined that clustered protection recording information that satisfies the virtual machine access action monitoring condition exists in target protection recording information, and thus, it may be indirectly determined that the target security protection object is the target action object.

Therefore, before the tracing test virtual machine access action monitoring is carried out, the target protection record information can be divided into a series of clustering protection record information in advance, and then virtual machine access action analysis can be carried out on each clustering protection record information through the target safety protection cloud computing model, so that the virtual machine access action to which each clustering protection record information belongs can be identified, and the accuracy of virtual machine access action monitoring can be improved. In addition, after the virtual machine access action to which each piece of clustered protection recording information belongs is identified through the target security protection cloud computing model, the virtual machine access action to which each piece of clustered protection recording information belongs can be collectively referred to as a virtual machine access action analysis result corresponding to the target protection recording information, so that when the clustered protection recording information is detected to have the clustered protection recording information meeting the monitoring condition of the virtual machine access action, a target security protection object can be quickly determined to be a target action object carrying excessive protection deviation, and the reliability of a subsequent security protection process can be ensured after targeted updating is performed.

For example, in one possible implementation, for step S113, the target security protection cloud computing model may include: and a prediction unit. For example, the prediction unit has a function of performing prediction classification on the access action of the virtual machine to which the clustered protection record information in the target protection record information belongs. Therefore, in a possible implementation manner, in the process of analyzing the access action of the virtual machine on the clustering protection record information according to the protection behavior splicing characteristics and the target security protection cloud computing model to obtain the analysis result of the access action of the virtual machine corresponding to the clustering protection record information, the following exemplary substeps can be used for implementation.

And in the substep S1131, the protection behavior splicing characteristics are input into a prediction unit in the target security protection cloud computing model, and the correlation degree between the protection behavior splicing characteristics and a plurality of sample protection behavior splicing characteristics in the prediction unit is determined by the prediction unit.

The association degree can be used for representing the confidence degree that the protection behavior splicing characteristics and each sample protection behavior splicing characteristic belong to the same virtual machine access action respectively.

And a substep S1132, based on the association degree, obtaining the sample protection behavior splicing characteristic with the maximum association degree with the protection behavior splicing characteristic from the plurality of sample protection behavior splicing characteristics, and taking the sample protection behavior splicing characteristic with the maximum association degree as the target sample protection behavior splicing characteristic.

And in the substep S1133, the sample label information corresponding to the target sample protection behavior splicing characteristic is used as the target virtual machine access action corresponding to the protection behavior splicing characteristic, and the virtual machine access action analysis result after classification of the clustered protection record information in the target protection record information is determined based on the target virtual machine access action and the maximum correlation degree associated with the target virtual machine access action.

Based on this, for example, for step S114, one piece of clustered protection record information corresponds to one virtual machine access action analysis result, and the sample label information corresponding to the splicing features of the multiple sample protection behaviors includes the update-class label information. Thus, in a possible implementation manner, in the process of determining the target security protection object as the target action object if the virtual machine access action analysis result indicates that clustered protection record information meeting the virtual machine access action monitoring condition exists in the target protection record information, the following exemplary sub-steps may be implemented.

And a substep S1141 of obtaining a virtual machine access action monitoring condition corresponding to the target security protection cloud computing model.

In the substep S1142, if there is a virtual machine access action analysis result in the virtual machine access action analysis result that the target virtual machine access action belongs to the update-class tag information, determining the clustering protection record information corresponding to the target virtual machine access action in the clustering protection record information as the clustering protection record information meeting the virtual machine access action monitoring condition.

In the substep S1143, the target security protection object included in the target protection record information is determined as the target action object.

Further, in a possible implementation manner, still referring to step S1141, in the process of updating the electronic batch record security service of the cloud computing center based on the target action object and the cluster protection record information corresponding to the target action object and satisfying the virtual machine access action monitoring condition, the following exemplary sub-steps may be implemented.

And a substep S1144 of extracting an interception environment component corresponding to each target dynamic protection interface in the clustering protection recording information which is corresponding to the target action object and meets the monitoring condition of the virtual machine access action, and extracting an interception penetration injection code of the interception environment component in parallel while acquiring an original application program layer list associated with the interception operation of the interception environment component from an environment component starting file of the interception environment component.

And a substep S1145 of determining interception rule distribution information for performing simulation analysis on the original application program layer list based on the extracted interception penetration injection code, extracting interception rule dependent factor parameters of a plurality of interception rule dependent factor nodes to be used and dependent factor combination information among different interception rule dependent factor nodes from the interception rule distribution information, and performing source tracing test processing on the plurality of interception rule dependent factor nodes to be used according to the interception rule dependent factor parameters and the dependent factor combination information to obtain at least two target interception rule dependent operation objects.

The operating environment interval of the interception rule dependent factor parameter of the target interception rule dependent on the operation object is positioned in the set interval, and the difference degree of the different target interception rules dependent on the dependent factor and the use information between the operation objects is smaller than the set value.

And a substep S1146 of simulating and analyzing the original application program layer list by depending on the operation object through the target interception rule to obtain a candidate safety protection item list.

And a substep S1147 of determining rule base update distribution of the candidate safety protection item list according to the target interception penetration injection code determined from the preset interception environment operation record of the trusted test platform, and determining rule base expansion distribution of the candidate safety protection item list according to the service tag in the determined candidate safety protection item list.

And a substep S1148 of performing trusted dynamic protection interface extraction on the candidate safety protection item list based on rule base updating distribution and rule base expansion distribution to obtain a trusted dynamic protection interface set.

And a substep S1144 of updating the electronic batch record security service of the cloud computing center based on the trusted dynamic protection interface set.

Illustratively, for example, in one possible implementation, the target security protection cloud computing model provided in this embodiment is obtained by training in the following manner:

(1) training sample information associated with the sample object and sample label information of the training sample information are obtained.

For example, the training sample information includes first sample information and second sample information used for training the initial security protection cloud computing model. The sample label information of the training sample information includes: the non-update label information corresponding to the first sample information and the update label information corresponding to the second sample information.

(2) And clustering the training sample information to obtain clustering performance sample data corresponding to the training sample information.

(3) Extracting a first sample characteristic and a second sample characteristic from clustering performance sample data through an initial safety protection cloud computing model, and performing characteristic splicing processing on the first sample characteristic and the second sample characteristic to obtain a sample splicing processing characteristic associated with training sample information.

(4) Training an initial security protection cloud computing model based on the sample splicing processing characteristics, the non-updating type label information and the updating type label information, and determining the trained initial security protection cloud computing model as a target security protection cloud computing model for predicting a target object in a target image.

Illustratively, for example, in (1), in the process of obtaining training sample information associated with a sample object and sample label information of the training sample information, first initial test protection record information containing the sample object may be obtained, the initial test protection record information is used as first sample information for training an initial security protection cloud computing model, and label information of the first sample information is determined as non-update class label information.

And then, acquiring an object identification model having an incidence relation with the initial security protection cloud computing model, and determining updated test protection record information associated with the initial test protection record information through the object identification model. And then, based on the updated test protection record information and the initial test protection record information, generating superposition test protection record information containing the updated test protection record information, taking the superposition test protection record information as second sample information for training the initial safety protection cloud computing model, and determining label information of the second sample information as update-type label information.

Thus, the first sample information and the second sample information can be determined as training sample information, and the non-update-class label information and the update-class label information can be used as sample label information of the trained sample information.

Fig. 3 is a schematic diagram of functional modules of an information security processing apparatus 300 based on a block chain and cloud computing according to an embodiment of the present disclosure, and this embodiment may divide the functional modules of the information security processing apparatus 300 based on the block chain and cloud computing according to a method embodiment executed by the cloud computing center 100, that is, the following functional modules corresponding to the information security processing apparatus 300 based on the block chain and cloud computing may be used to execute each method embodiment executed by the cloud computing center 100. The information security processing apparatus 300 based on blockchain and cloud computing may include a protection testing module 310, a comparing module 320, a determining module 330, and an updating module 340, where functions of the functional modules of the information security processing apparatus 300 based on blockchain and cloud computing are described in detail below.

The protection testing module 310 is configured to perform a safety protection test on the target record financial service under each information safety testing interface by calling an electronic batch record safety service of the target record financial service, which is updated in advance by the electronic batch record safety service, so as to obtain a safety protection test result. The protection testing module 310 may be configured to perform the step S110, and the detailed implementation manner of the protection testing module 310 may refer to the detailed description of the step S110.

The comparison module 320 is configured to compare the security event evaluation attribute of the set security protection item in the security protection test result with the security event comparison attribute in the security event database corresponding to the set security protection item. The comparing module 320 may be configured to perform the step S120, and the detailed implementation manner of the comparing module 320 may refer to the detailed description of the step S120.

The determining module 330 is configured to determine, according to the comparison result, a safety protection test target with a difference in evaluation attribute in the safety protection test result, and obtain test table entry operating parameters of the safety protection test target with the difference in evaluation attribute in each safety protection test link. The determining module 330 may be configured to perform the step S130, and the detailed implementation of the determining module 330 may refer to the detailed description of the step S130.

The updating module 340 is configured to update a security protection parameter corresponding to the set security protection item in the electronic batch record security service of the target record financial service according to the test table entry operating parameter of the security protection test target in each security protection test link, where the evaluation attribute is different, and perform security protection processing on an access request parameter of the target record financial service accessed via the block chain based on the updated security protection parameter. The updating module 340 may be configured to perform the step S140, and the detailed implementation of the updating module 340 may refer to the detailed description of the step S140.

It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules may all be implemented in software invoked by a processing element. Or may be implemented entirely in hardware. And part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the protection test module 310 may be a separate processing element, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the protection test module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

Fig. 4 is a schematic diagram illustrating a hardware structure of a cloud computing center 100 for implementing the above information security processing method based on blockchain and cloud computing according to an embodiment of the present disclosure, and as shown in fig. 4, the cloud computing center 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the protection testing module 310, the comparison module 320, the determination module 330, and the update module 340 included in the information security processing apparatus 300 based on blockchain and cloud computing shown in fig. 3), so that the processor 110 may execute the information security processing method based on blockchain and cloud computing according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiver 140 to perform a transceiving action, so as to perform data transceiving with the electronic batch recording terminal 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the cloud computing center 100, and implementation principles and technical effects are similar, which are not described herein again.

In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The machine-readable storage medium 120 may comprise high-speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.

The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

In addition, an embodiment of the present application further provides a readable storage medium, where a computer executing instruction is stored in the readable storage medium, and when a processor executes the computer executing instruction, the information security processing method based on the blockchain and cloud computing is implemented as above.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.

Also, the description uses specific words to describe embodiments of the description. Reference to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.

Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.

The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.

Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).

Additionally, the order in which the elements and sequences are processed, the use of alphanumeric characters, or the use of other designations in this specification is not intended to limit the order of the processes and methods in this specification, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.

Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.

Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims

1. A safety service updating method based on a block chain and cloud computing is applied to a cloud computing center, wherein the cloud computing center is in communication connection with a plurality of electronic batch recording terminals, and the method comprises the following steps:

2. The blockchain and cloud computing based security service updating method according to claim 1, wherein the target security protection cloud computing model comprises: the prediction unit has the function of predicting and classifying the access action of the virtual machine to which the clustering protection record information belongs in the target protection record information;

the method comprises the following steps of performing virtual machine access action analysis on clustering protection record information according to protection behavior splicing characteristics and a target safety protection cloud computing model to obtain a virtual machine access action analysis result corresponding to the clustering protection record information, wherein the steps comprise:

inputting the protection behavior splicing characteristics into a prediction unit in a target security protection cloud computing model, and determining the association degree between the protection behavior splicing characteristics and a plurality of sample protection behavior splicing characteristics in the prediction unit by the prediction unit; the association degree is used for representing the confidence degree that the protection behavior splicing characteristics and the protection behavior splicing characteristics of each sample belong to the same virtual machine access action respectively;

based on the relevance, obtaining a sample protection behavior splicing feature with the maximum relevance with the protection behavior splicing feature from the multiple sample protection behavior splicing features, and taking the sample protection behavior splicing feature with the maximum relevance as a target sample protection behavior splicing feature;

and determining a virtual machine access action analysis result after classifying the clustered protection record information in the target protection record information based on the target virtual machine access action and the maximum association degree associated with the target virtual machine access action by taking the sample label information corresponding to the target sample protection action splicing characteristic as the target virtual machine access action corresponding to the protection action splicing characteristic.

3. The safety service updating method based on the block chain and the cloud computing according to claim 2, wherein one piece of clustered protection record information corresponds to one virtual machine access action analysis result, and sample tag information corresponding to a splicing characteristic of a plurality of sample protection behaviors comprises update class tag information;

if the virtual machine access action analysis result indicates that clustered protection record information meeting the virtual machine access action monitoring condition exists in the target protection record information, determining the target security protection object as the target action object, wherein the step comprises the following steps:

acquiring a virtual machine access action monitoring condition corresponding to a target security protection cloud computing model;

if the virtual machine access action analysis result that the target virtual machine access action belongs to the updated label information exists in the virtual machine access action analysis result, determining the clustering protection record information corresponding to the target virtual machine access action in the clustering protection record information as the clustering protection record information meeting the virtual machine access action monitoring condition;

and determining the target security protection object contained in the target protection record information as a target action object.

4. The method for updating security services based on blockchain and cloud computing according to claim 1, wherein the step of updating the electronic batch record security services of the cloud computing center based on the target action object and the cluster protection record information corresponding to the target action object and satisfying the monitoring condition of the virtual machine access action includes:

5. The blockchain and cloud computing based security service updating method according to any one of claims 1 to 4, wherein the method further comprises:

6. The information security processing system based on the block chain and the cloud computing is characterized by comprising a cloud computing center and a plurality of electronic batch recording terminals in communication connection with the cloud computing center;

the cloud computing center is used for:

7. A cloud computing center, characterized in that the cloud computing center comprises a processor, a machine-readable storage medium, and a network interface, the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being connected with at least one electronic batch recording terminal in a communication manner, the machine-readable storage medium is used for storing programs, instructions, or codes, and the processor is used for executing the programs, instructions, or codes in the machine-readable storage medium to execute the block chain and cloud computing-based security service updating method according to any one of claims 1 to 5.