CN115879104B - Data processing system for monitoring data security and electronic equipment - Google Patents

Data processing system for monitoring data security and electronic equipment Download PDF

Info

Publication number
CN115879104B
CN115879104B CN202310110857.8A CN202310110857A CN115879104B CN 115879104 B CN115879104 B CN 115879104B CN 202310110857 A CN202310110857 A CN 202310110857A CN 115879104 B CN115879104 B CN 115879104B
Authority
CN
China
Prior art keywords
data
monitored
elements
byte
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310110857.8A
Other languages
Chinese (zh)
Other versions
CN115879104A (en
Inventor
刘宏伟
吴雪
赫岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shengxinnuo Technology Co ltd
Original Assignee
Beijing Shengxinnuo Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shengxinnuo Technology Co ltd filed Critical Beijing Shengxinnuo Technology Co ltd
Priority to CN202310110857.8A priority Critical patent/CN115879104B/en
Publication of CN115879104A publication Critical patent/CN115879104A/en
Application granted granted Critical
Publication of CN115879104B publication Critical patent/CN115879104B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application provides a data processing system for monitoring data security and electronic equipment, wherein the system comprises: the data acquisition layer is used for acquiring data to be monitored, and the data to be monitored is in an N-by-N element array form; the data analysis layer is used for judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list or not, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule or not, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction; if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, the data to be monitored is blocked from flowing to the data application layer, the resource consumption is reduced, and the algorithm execution efficiency is improved.

Description

Data processing system for monitoring data security and electronic equipment
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a data processing system and an electronic device for monitoring data security.
Background
The information age has entered the data age, and the value of data is being further highlighted and mined. Meanwhile, data has become a core asset for enterprises.
However, monitoring data security is one of the important tasks that data represents value. Especially in the current open internet environment, data security threats such as resistant samples, data pollution and the like are faced. An attacker can cause data distortion by adding a malicious input sample formed by fine interference, so that serious potential safety hazards can be caused; even further, a certain proportion of malicious samples can be added into the normal sample data set for training through data pollution, so that the application errors of subsequent data are triggered, and great safety hazard is caused.
In the current data security monitoring, one of the solutions is to monitor based on a hash function mapping mode, however, in order to ensure the data security as much as possible, a hash function with higher complexity needs to be constructed, while when the data security is monitored based on the complex hash function, the resource consumption is increased, the algorithm execution efficiency is reduced, and the real-time monitoring cannot be ensured.
Disclosure of Invention
Based on the above problems, the embodiments of the present application provide a data processing system and an electronic device for monitoring data security.
The embodiment of the application discloses the following technical scheme:
a data processing system for monitoring data security, comprising:
the data acquisition layer is used for acquiring data to be monitored, the data to be monitored is in an N-by-N element array form, each element is one byte data of the data to be monitored, and N is a positive integer;
a data analysis layer, configured to determine whether each element in the n×n element array has matched byte data in a pre-constructed byte data list, and whether a logic sequence between adjacent elements in a row direction and a column direction in the n×n element array meets a pre-established element displacement rule, where the element displacement rule may cause the element to perform a transposition along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
Optionally, the data processing system further comprises:
the first data conversion layer is used for acquiring source data, converting the source data into an N-by-N element array form based on the pre-constructed byte data list, and converting each source byte in the source data into byte data in the byte data list;
and the second data conversion layer is used for carrying out displacement conversion on the elements in the N x N element array corresponding to the source data, which are converted by the first data conversion layer, according to the preset element displacement rule so as to obtain the data to be monitored under the non-abnormal condition.
Optionally, the second data conversion layer performs displacement conversion on the element in the n×n element array corresponding to the source data, which is converted by the first data conversion layer, according to the predetermined element displacement rule, including: determining (N) diagonal elements in the direction from the upper left corner to the lower right corner in the N-x N element array corresponding to the source data converted by the first data conversion layer, shifting the other (N-1) diagonal elements except the first row in the (N) diagonal elements to the head of the row according to the row direction, synchronously following the other (N-1) diagonal elements to the left and keeping the sequence behind with the elements which are respectively positioned in the same row and behind the other (N-1) diagonal elements, synchronously shifting the elements which are respectively positioned in the same row and in front of the other (N-1) diagonal elements out of the row and sequentially filling the positions of the following elements in the same row.
Optionally, when the data to be monitored is blocked from flowing to the data application layer, the abnormal attribute tag is transmitted to an intrusion blocking module which is configured in a calling mode, so that the intrusion blocking module is started to block the data to be monitored from flowing to the data application layer.
Optionally, a rule matching data structure is configured in the intrusion blocking module, an abnormal attribute tag flag bit is set in the rule matching data structure, the abnormal attribute tag flag bit has a set initial value, and the initial value is changed by transmitting the tag value of the abnormal attribute tag into the abnormal attribute tag flag bit, so that the intrusion blocking module is started to block the data to be monitored from flowing to a data application layer.
Optionally, the rule matching data structure is a PV data structure, an line flag bit is set in the PV data structure, and is used as the abnormal attribute tag flag bit, the initial value is 0, after the tag value of the abnormal attribute tag is transferred into the abnormal attribute tag flag bit, the value of the abnormal attribute tag flag bit is changed from 0 to 1, so that the intrusion blocking module is started to block the to-be-monitored data from flowing to the data application layer.
Optionally, a rule linked list is provided on the data analysis layer, and when the source data is converted into the data to be monitored under the non-abnormal condition based on the first data conversion layer and the second data conversion layer, logic of data conversion performed by the first data conversion layer and the second data conversion layer is recorded in the rule linked list.
Optionally, the data analysis layer invokes logic of data conversion recorded in the rule linked list to determine whether each element in the n×n element array corresponding to the data to be monitored has matched byte data in a pre-constructed byte data list, and whether a logic sequence between adjacent elements in a row direction and a column direction in the n×n element array corresponding to the data to be monitored meets a pre-formulated element displacement rule.
An electronic device comprising a processor, a memory, wherein: the memory has stored thereon computer executable instructions that are executed by the processor to perform the steps of:
acquiring data to be monitored, wherein the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, and N is a positive integer;
judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
A computer program product having computer-executable instructions stored thereon for executing the computer-executable instructions to perform the steps of:
acquiring data to be monitored, wherein the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, and N is a positive integer;
judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
According to the method and the device, when the obtained source data are preprocessed based on the first data conversion layer and the second data conversion layer, byte conversion logic and displacement conversion logic are added, conversion from the source data to be monitored is rapidly achieved, when the data analysis layer is used for analysis, whether the data to be monitored are provided with the byte conversion logic and the displacement conversion logic in conversion or not can be directly analyzed, and if the data to be monitored are not provided with the byte conversion logic and the displacement conversion logic, the data to be monitored can be directly judged to be abnormal, data circulation is blocked, and abnormal data circulation to be monitored is prevented from being transferred to the data application layer, so that potential safety hazards of the data are caused. In addition, because the data to be monitored is judged whether to be abnormal or not only based on the rule check realized by the byte conversion logic and the displacement conversion logic, a hash function with higher complexity is not required to be constructed, thereby reducing the resource consumption, improving the algorithm execution efficiency and ensuring the monitoring instantaneity.
Drawings
FIG. 1 is a schematic diagram of a data processing system for monitoring data security according to an embodiment of the present application.
Fig. 2 is a schematic diagram of a line direction shift conversion based on diagonal elements from the upper left corner to the lower right corner.
Detailed Description
It is not necessary for any of the embodiments of the present application to be practiced with all of the advantages described above.
In order to make the present invention better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The schemes of the following embodiments of the present application may be applied, but not limited to, document data, video data, picture data, audio data, and the like.
FIG. 1 is a schematic diagram of a data processing system for monitoring data security according to an embodiment of the present application. As shown in fig. 1, it includes:
the data acquisition layer is used for acquiring data to be monitored, the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, N is a positive integer, and the specific numerical value of N can be determined according to an application scene;
a data analysis layer, configured to determine whether each element in the n×n element array has matched byte data in a pre-constructed byte data list, and whether a logic sequence between adjacent elements in a row direction and a column direction in the n×n element array meets a pre-established element displacement rule, where the element displacement rule may cause the element to perform a transposition along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
In this embodiment, the data to be monitored may be collected from a server, where the server may be a single server or a cluster formed by multiple servers.
In this embodiment, the data acquisition layer and the data analysis layer may be disposed on an electronic device. The data acquisition layer can acquire according to a set timing training mechanism or acquire based on a set window function during acquisition.
In this embodiment, the collected data to be monitored may be cached in a pre-built cache queue, so that when the data analysis layer analyzes, the collected data to be monitored is obtained from the cache queue, thereby avoiding occurrence of paralysis caused by formation of data blocking in the data analysis layer, which results in exceeding of the capacity of the data analysis layer in terms of data amount processed by the data analysis layer, and further causes occurrence of abnormality in the operation of the data processing system.
Further, the data processing system further comprises:
the first data conversion layer is used for acquiring source data, converting the source data into an N-by-N element array form based on the pre-constructed byte data list, and converting each source byte in the source data into byte data in the byte data list;
and the second data conversion layer is used for carrying out displacement conversion on the elements in the N x N element array corresponding to the source data, which are converted by the first data conversion layer, according to the preset element displacement rule so as to obtain the data to be monitored under the non-abnormal condition.
The data to be monitored under the non-abnormal condition can be stored in the server, so that the data can be directly obtained from the server when the data is used.
Here, since the data to be monitored (or referred to as the source data to be monitored) under the non-abnormal situation is stored in the server, the data may be tampered to cause an abnormality, and therefore, before the data application layer is used, the data is collected from the server through the data collection layer, and then the analysis processing of the data analysis layer is performed, so as to determine whether the data to be monitored collected from the server is the data to be monitored under the non-abnormal situation.
Therefore, in this embodiment, when preprocessing is implemented on the obtained source data based on the first data conversion layer and the second data conversion layer, byte conversion logic and displacement conversion logic are added, so that conversion from the source data to be monitored is quickly implemented, and when the data analysis layer is analyzing, whether the data to be monitored has byte conversion logic and displacement conversion logic in conversion together can be directly analyzed, and if one of the data to be monitored is not provided, the occurrence of abnormality in the data to be monitored can be directly determined, and blocking of data flow is performed, so that abnormal data flow to be monitored is prevented from being transferred to the data application layer, and potential safety hazards of data are caused. In addition, because the data to be monitored is judged whether to be abnormal or not only based on the rule check realized by the byte conversion logic and the displacement conversion logic, a hash function with higher complexity is not required to be constructed, thereby reducing the resource consumption, improving the algorithm execution efficiency and ensuring the monitoring instantaneity.
Optionally, the second data conversion layer performs displacement conversion on the element in the n×n element array corresponding to the source data, which is converted by the first data conversion layer, according to the predetermined element displacement rule, including: determining (N) diagonal elements in the direction from the upper left corner to the lower right corner in the N-x N element array corresponding to the source data converted by the first data conversion layer, shifting the other (N-1) diagonal elements except the first row in the (N) diagonal elements to the head of the row according to the row direction, synchronously following the other (N-1) diagonal elements to the left and keeping the sequence behind with the elements which are respectively positioned in the same row and behind the other (N-1) diagonal elements, synchronously shifting the elements which are respectively positioned in the same row and in front of the other (N-1) diagonal elements out of the row and sequentially filling the positions of the following elements in the same row.
Here, it should be noted that, the conversion of the row direction displacement may be performed based on the diagonal element from the upper right corner to the lower left corner, and the detailed principle is similar to that of the above-described conversion of the row direction displacement based on the diagonal element from the upper left corner to the lower right corner, and will not be repeated here.
FIG. 2 shows a line direction shift conversion based on diagonal elements from the upper left corner to the lower right cornerIs a schematic diagram of (a). As shown in fig. 2, the elements in the n×n element array are numbered in the row-column direction, i.e., S 11 Elements representing the first row and first column, and so on, until S NN . For example, for the element of the second row, when performing displacement conversion, S will be 22 Displaced in the row direction to the head of the row S 12 After shifting out the second row, the last position of the second row is filled in sequentially, and the other rows are similar. S is the same as that of S 11 The element of the first row is not necessarily displaced, and therefore, it is only necessary to keep it unchanged.
Optionally, when the data to be monitored is blocked from flowing to the data application layer, the abnormal attribute tag is transmitted to an intrusion blocking module which is configured in a calling mode, so that the intrusion blocking module is started to block the data to be monitored from flowing to the data application layer.
Optionally, a rule matching data structure is configured in the intrusion blocking module, an abnormal attribute tag flag bit is set in the rule matching data structure, the abnormal attribute tag flag bit has a set initial value, and the initial value is changed by transmitting the tag value of the abnormal attribute tag into the abnormal attribute tag flag bit, so that the intrusion blocking module is started to block the data to be monitored from flowing to a data application layer.
Optionally, the rule matching data structure is a PV data structure, an line flag bit is set in the PV data structure, and is used as the abnormal attribute tag flag bit, the initial value is 0, after the tag value of the abnormal attribute tag is transferred into the abnormal attribute tag flag bit, the value of the abnormal attribute tag flag bit is changed from 0 to 1, so that the intrusion blocking module is started to block the to-be-monitored data from flowing to the data application layer.
For example, the intrusion blocking module may be in an intrusion detection mode or an intrusion prevention mode to receive the incoming of the tag value of the abnormal attribute tag, so as to implement the blocking in real time and prevent the abnormal data flow from going to the data application layer in time.
In this embodiment, when the blocking is implemented, the blocking may be implemented by blocking interception between the data analysis layer and the data application layer, for example, sending a blocking message to the data analysis layer, for example, sending a data reset message to the data analysis layer, or sending a data unreachable message to the data analysis layer, so that the blocking is implemented rapidly.
Optionally, a rule linked list is provided on the data analysis layer, and when the source data is converted into the data to be monitored under the non-abnormal condition based on the first data conversion layer and the second data conversion layer, logic of data conversion performed by the first data conversion layer and the second data conversion layer is recorded in the rule linked list.
Optionally, the data analysis layer invokes logic of data conversion recorded in the rule linked list to determine whether each element in the n×n element array corresponding to the data to be monitored has matched byte data in a pre-constructed byte data list, and whether a logic sequence between adjacent elements in a row direction and a column direction in the n×n element array corresponding to the data to be monitored meets a pre-formulated element displacement rule.
Here, in the embodiment of the present application, an empty rule linked list may be constructed by referring to the number of elements of the n×n element array and the displacement relationship between the elements, and when performing data conversion, the byte data correspondence relationship between the elements may be added to the empty rule linked list.
The embodiment of the application also provides electronic equipment, which comprises a processor and a memory, wherein: the memory has stored thereon computer executable instructions that are executed by the processor to perform the steps of:
acquiring data to be monitored, wherein the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, and N is a positive integer;
judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
Embodiments of the present application also provide a computer program product having stored thereon computer executable instructions that are executed to perform the steps of:
acquiring data to be monitored, wherein the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, and N is a positive integer;
judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is allocated to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer.
The electronic device of the embodiments of the present application exist in a variety of forms including, but not limited to:
(1) Mobile communication devices, which are characterized by mobile communication functionality and are aimed at providing voice, data communication. Such terminals include smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer equipment, which belongs to the category of personal computers, has the functions of calculation and processing and generally has the characteristic of mobile internet surfing. Such terminals include PDA, MID and UMPC devices, etc., such as iPad.
(3) Portable entertainment devices such devices can display and play multimedia content. Such devices include audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) The server, which is a device for providing computing services, is composed of a processor 410, a hard disk, a memory, a system bus, etc., and is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, etc.
(5) Other electronic devices with data interaction function.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, with reference to the description of the method embodiments in part. The above-described embodiments of the apparatus and system are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the components illustrated as modules may or may not be physical, i.e., may be located in one place, or may be distributed over multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing is merely one specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (7)

1. A data processing system for monitoring data security, comprising:
the data acquisition layer is used for acquiring data to be monitored, the data to be monitored is in an N-by-N element array form, each element is one byte data of the data to be monitored, and N is a positive integer;
a data analysis layer, configured to determine whether each element in the n×n element array has matched byte data in a pre-constructed byte data list, and whether a logic sequence between adjacent elements in a row direction and a column direction in the n×n element array meets a pre-established element displacement rule, where the element displacement rule may cause the element to perform a transposition along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is distributed to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer;
the data processing system further comprises:
the first data conversion layer is used for acquiring source data, converting the source data into an N-by-N element array form based on the pre-constructed byte data list, and converting each source byte in the source data into byte data in the byte data list;
the second data conversion layer is used for carrying out displacement conversion on the elements in the N-by-N element array corresponding to the source data converted by the first data conversion layer according to the preset element displacement rule so as to obtain data to be monitored under the non-abnormal condition;
the second data conversion layer performs displacement conversion on the elements in the n×n element array corresponding to the source data, which are converted by the first data conversion layer, according to the preset element displacement rule, and includes: and determining N diagonal elements in the direction from the upper left corner to the lower right corner in the N-x N element array corresponding to the source data converted by the first data conversion layer, performing left shift on other N-1 diagonal elements except for the first row in the N diagonal elements to the head of the row, and synchronously following the other N-1 diagonal elements to the left and keeping the sequence behind with the elements which are respectively positioned on the same row and behind the other N-1 diagonal elements, and synchronously shifting out the positions of the following elements positioned on the same row and sequentially filling the positions of the following elements in the same row with the elements which are respectively positioned on the same row and in front of the other N-1 diagonal elements.
2. The data processing system of claim 1, wherein when the blocking of the data to be monitored from flowing to the data application layer, the abnormal attribute tag is transferred to an intrusion blocking module configured for calling to start the intrusion blocking module to block the data to be monitored from flowing to the data application layer.
3. The data processing system according to claim 2, wherein a rule matching data structure is configured in the intrusion blocking module, an abnormal attribute tag flag bit is set in the rule matching data structure, the abnormal attribute tag flag bit has a set initial value, and the initial value is changed by transmitting a tag value of the abnormal attribute tag into the abnormal attribute tag flag bit, so as to start the intrusion blocking module to block the flow of the data to be monitored to the data application layer.
4. A data processing system according to claim 3, wherein the rule matching data structure is a PV data structure, an inline flag bit is set in the PV data structure as the abnormal attribute tag flag bit, the initial value is 0, and after the tag value of the abnormal attribute tag is transferred into the abnormal attribute tag flag bit, the value of the abnormal attribute tag flag bit is changed from 0 to 1, so as to start the intrusion blocking module to block the flow of the data to be monitored to the data application layer.
5. The data processing system according to claim 1, wherein a rule linked list is provided on the data analysis layer, and logic for performing data conversion by the first data conversion layer and the second data conversion layer is recorded in the rule linked list when the source data is converted into data to be monitored in the non-abnormal situation based on the first data conversion layer and the second data conversion layer.
6. The data processing system of claim 5, wherein the data analysis layer invokes logic of data transformations recorded in the rule linked list to determine whether each element in the N x N array of elements corresponding to data to be monitored has matching byte data in a pre-built byte data list and whether a logical order between adjacent elements in a row direction and a column direction in the N x N array of elements corresponding to data to be monitored satisfies a pre-established element displacement rule.
7. An electronic device comprising a processor, a memory, wherein: the memory has stored thereon computer executable instructions that are executed by the processor to perform the steps of:
acquiring data to be monitored, wherein the data to be monitored is in the form of an N-by-N element array, each element is one byte of data of the data to be monitored, and N is a positive integer;
judging whether each element in the N-by-N element array has matched byte data in a pre-constructed byte data list, and whether the logic sequence between adjacent elements in the row direction and the column direction in the N-by-N element array meets a pre-established element displacement rule, wherein the element displacement rule can enable the elements to be transposed along at least one of the row direction and the column direction;
if any element does not have the matched byte, or the logic sequence between any two adjacent elements does not meet the preset element displacement rule, an abnormal attribute label is distributed to the data to be monitored, and the data to be monitored is blocked from flowing to a data application layer;
the steps also include:
the first data conversion layer acquires source data, and converts the source data into an N-by-N element array form based on the pre-constructed byte data list, so that each source byte in the source data is converted into byte data in the byte data list;
the second data conversion layer carries out displacement conversion on the elements in the N x N element array which are converted by the first data conversion layer and correspond to the source data according to the preset element displacement rule so as to obtain data to be monitored under the non-abnormal condition;
the second data conversion layer performs displacement conversion on the elements in the n×n element array corresponding to the source data, which are converted by the first data conversion layer, according to the preset element displacement rule, and includes: and determining N diagonal elements in the direction from the upper left corner to the lower right corner in the N-x N element array corresponding to the source data converted by the first data conversion layer, performing left shift on other N-1 diagonal elements except for the first row in the N diagonal elements to the head of the row, and synchronously following the other N-1 diagonal elements to the left and keeping the sequence behind with the elements which are respectively positioned on the same row and behind the other N-1 diagonal elements, and synchronously shifting out the positions of the following elements positioned on the same row and sequentially filling the positions of the following elements in the same row with the elements which are respectively positioned on the same row and in front of the other N-1 diagonal elements.
CN202310110857.8A 2023-02-14 2023-02-14 Data processing system for monitoring data security and electronic equipment Active CN115879104B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310110857.8A CN115879104B (en) 2023-02-14 2023-02-14 Data processing system for monitoring data security and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310110857.8A CN115879104B (en) 2023-02-14 2023-02-14 Data processing system for monitoring data security and electronic equipment

Publications (2)

Publication Number Publication Date
CN115879104A CN115879104A (en) 2023-03-31
CN115879104B true CN115879104B (en) 2023-05-30

Family

ID=85761052

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310110857.8A Active CN115879104B (en) 2023-02-14 2023-02-14 Data processing system for monitoring data security and electronic equipment

Country Status (1)

Country Link
CN (1) CN115879104B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110503189A (en) * 2019-08-02 2019-11-26 腾讯科技(深圳)有限公司 A kind of data processing method and device
CN112181784A (en) * 2020-10-21 2021-01-05 中国工商银行股份有限公司 Code fault analysis method and system based on bytecode injection
CN114461618A (en) * 2021-12-31 2022-05-10 国网河北省电力有限公司营销服务中心 Metering missing data completion method and device and terminal equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11496507B2 (en) * 2017-03-09 2022-11-08 Nec Corporation Abnormality detection device, abnormality detection method and abnormality detection program
CN110865921A (en) * 2019-11-08 2020-03-06 拉扎斯网络科技(上海)有限公司 Data monitoring method and device, readable storage medium and electronic equipment
CN111709016B (en) * 2020-08-20 2020-11-10 创智和宇信息技术股份有限公司 Method and system for protecting basic medical insurance settlement data
CN115426287B (en) * 2022-09-06 2024-03-26 中国农业银行股份有限公司 System monitoring and optimizing method and device, electronic equipment and medium
CN115361112B (en) * 2022-10-20 2023-01-10 广州万协通信息技术有限公司 Driving monitoring data processing method, device, equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110503189A (en) * 2019-08-02 2019-11-26 腾讯科技(深圳)有限公司 A kind of data processing method and device
CN112181784A (en) * 2020-10-21 2021-01-05 中国工商银行股份有限公司 Code fault analysis method and system based on bytecode injection
CN114461618A (en) * 2021-12-31 2022-05-10 国网河北省电力有限公司营销服务中心 Metering missing data completion method and device and terminal equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于Zigzag置换算法的数据传输技术的研究;冀汶莉;韩晓斌;姚军;;计算机工程与应用(第02期);全文 *

Also Published As

Publication number Publication date
CN115879104A (en) 2023-03-31

Similar Documents

Publication Publication Date Title
US20210352090A1 (en) Network security monitoring method, network security monitoring device, and system
RU2632408C2 (en) Classification of documents using multilevel signature text
US9747441B2 (en) Preventing phishing attacks
CN113315742B (en) Attack behavior detection method and device and attack detection equipment
US9710122B1 (en) Customer support interface
CN111371778B (en) Attack group identification method, device, computing equipment and medium
CN112003834B (en) Abnormal behavior detection method and device
CN113765846B (en) Intelligent detection and response method and device for network abnormal behaviors and electronic equipment
KR20230059015A (en) System for blocking harmful site and method thereof
CN115086064A (en) Large-scale network security defense system based on cooperative intrusion detection
Chaganti et al. Stegomalware: A Systematic Survey of MalwareHiding and Detection in Images, Machine LearningModels and Research Challenges
CN114553555A (en) Malicious website identification method and device, storage medium and electronic equipment
US11481489B2 (en) System and method for generating a representation of a web resource to detect malicious modifications of the web resource
CN115879104B (en) Data processing system for monitoring data security and electronic equipment
CN110808997B (en) Method and device for remotely obtaining evidence of server, electronic equipment and storage medium
JP6199844B2 (en) Suspicious part estimation device and suspected part estimation method
CN111262842B (en) Webpage tamper-proofing method and device, electronic equipment and storage medium
CN115396128A (en) Malicious traffic detection method and device, storage medium and electronic equipment
CN113378025A (en) Data processing method and device, electronic equipment and storage medium
CN112003833A (en) Abnormal behavior detection method and device
CN114765634B (en) Network protocol identification method, device, electronic equipment and readable storage medium
CN115146737B (en) Modeling method of matching model, protection implementation method and related equipment
CN113076195B (en) Object shunting method and device, readable medium and electronic equipment
CN112613007B (en) Data admission method and device based on trusted authentication and related products
CN115150165B (en) Flow identification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant