Search

CN-122027748-A - Cross-border data dynamic management and control method and system based on flow analysis

CN122027748ACN 122027748 ACN122027748 ACN 122027748ACN-122027748-A

Abstract

The invention discloses a cross-border data dynamic management and control method and a system based on flow analysis, which relate to the technical field of data transmission and comprise the following steps of encrypting a data stream image according to a Hadamard product matrix and a diagonal algorithm of a matrix vector product, performing first verification on a new data stream according to an encryption verification method, performing second verification on the new data stream according to a decryption verification method, and judging whether the new data stream is compliant or not based on a first verification result and a second verification result. The invention uses PPMI weighting co-occurrence and the most xiao Ha-th sliding step size to generate a globally unique and sequencable natural number for each byte graph, the data flow image and the random Hadamard matrix are subjected to Hadamard product and diagonalized product, the encryption process is written into a matrix vector diagonal coefficient, secondary confirmation independent of a rule base is provided, the sequence number sequencing space and the encryption matrix are updated on line along with the flow distribution, and the corresponding encryption graph template can be rapidly issued to an edge node.

Inventors

  • ZHONG LEI

Assignees

  • 中国移动通信集团广西有限公司

Dates

Publication Date
20260512
Application Date
20251210

Claims (10)

  1. 1. The cross-border data dynamic management and control method based on flow analysis is characterized by comprising the following steps of S100, constructing a byte map according to a preprocessed data packet, converting the byte map into a matrix, and converting the matrix into an image according to a preset rule; Step S200, setting the serial number of a byte map based on PPMI algorithm and sliding step algorithm, constructing a data stream image based on the serial number of the byte map, encrypting the data stream image according to the Hadamard matrix and the diagonal algorithm of matrix vector product, decrypting the encrypted stream based on the inverse operation of the encryption process, setting an encryption verification method according to the encryption process, and setting a decryption verification method according to the decryption process; Step S300, performing first verification on the new data stream according to the encryption verification method, performing second verification on the new data stream according to the decryption verification method, and judging whether the new data stream is compliant or not based on the first verification result and the second verification result.
  2. 2. The method for dynamically managing cross-border data based on traffic analysis according to claim 1, wherein step S100 comprises the following sub-steps, step S101, of acquiring any one bidirectional data stream; step S102, extracting session space-time characteristics of a bidirectional data stream, wherein the session space-time characteristics comprise session time characteristics and session space characteristics; Step S103, classifying all data packets based on session space-time characteristics to obtain a first data packet; step S104, preprocessing the first data packet, and constructing a byte map according to the number of bytes of the header and the number of bytes of the load of the preprocessed first data packet; step S105, setting a color conversion rule, and converting the byte map into an image according to the matrix and the color conversion rule corresponding to each node of the byte map.
  3. 3. The traffic analysis-based cross-border data dynamic management method according to claim 2, wherein the session time characteristic is represented as an average interval duration of data packet transmission in any session satisfying the first condition, and the spatial characteristic is a transmission path of data packet transmission in any session satisfying the first condition; The byte map comprises a first byte map and a second byte map, wherein the first byte map comprises a first-level node and a first edge, the second byte map comprises a second-level node and a second edge, the second-level node is a child node unfolded by the first-level node, a first data class is set as the first-level node, and a first data packet corresponding to the first data class is set as the second-level node corresponding to the first-level node; the image includes a first image and a second image, the first image is composed of a first byte map, the second image is composed of a second byte map, and the method for converting the byte map into the image includes a first conversion method and a second conversion method, which correspond to the first image and the second image, respectively.
  4. 4. The method for dynamically managing and controlling cross-border data based on flow analysis according to claim 3, wherein a calculation method is configured for session time features, the calculation method includes selecting any one session, calculating time intervals between adjacent data packets according to time sequence, and recording the time intervals as second time lengths, wherein the second time lengths are smaller than or equal to the first time lengths, traversing the second time lengths corresponding to each group of adjacent data packets in the session, calculating an average value of the second time lengths, and setting the average value of the second time lengths as session time features.
  5. 5. The method for dynamically managing and controlling cross-border data based on traffic analysis according to claim 3, wherein a setting method is configured for session space features, the setting method includes selecting any one session, acquiring a source address and a destination address corresponding to the session, acquiring a first address translation timestamp in a source address server log of a session time period, extracting a second address translation timestamp in the destination address server log, wherein the first address translation timestamp is represented as a timestamp corresponding to converting a private IP into a public IP, the second address translation timestamp is represented as a timestamp corresponding to converting the public IP into the private IP, constructing a time interval according to an upper limit and a lower limit of the session time, sorting the first timestamp and the second timestamp belonging to the time interval according to a time sequence, extracting the private IP corresponding to each time stamp after sorting, acquiring a position of a central point of a spatial coverage of the private IP as a representative position, connecting the representative position through a directional arrow and a smooth curve according to the time sequence, obtaining a curve segment, and setting the curve segment as the session space features.
  6. 6. The method for dynamically managing cross-border data based on traffic analysis as recited in claim 1, wherein the step S104 includes steps of, step S1041, obtaining any first data packet; step S1042, judging whether the first data packet has a payload, when the payload exists, executing step S1043, when the payload does not exist, deleting the first data packet, returning to step S1041, and obtaining the next first data packet different from the original first data packet; step S1043, deleting the Ethernet head of the first data packet, anonymously processing the source address, the destination address, the source port and the destination port; Step S1044, traversing each first data packet, and repeating steps S1041 to S1043 to complete the preprocessing process for each first data packet.
  7. 7. The method for dynamically managing cross-border data based on traffic analysis according to claim 1, wherein step S105 comprises the steps of, step S1051, selecting any one node, and obtaining binary codes of any one byte of the node; step S1052, counting the number of binary coded characters, comparing the number of characters with 8, jumping to step S1053 when the number of characters is less than 8, and jumping to step S1054 when the number of characters is equal to 8; Step S1053, supplementing 0 to the binary code, stopping supplementing 0 until the number of characters after supplementing 0 is equal to 8, and outputting a new binary code; Step S1054, setting a color conversion rule of a color value and a binary code value, wherein the color value is distributed between 0 and 255, the color conversion rule is denoted as f (code) =a+1, wherein code represents a decimal value corresponding to the binary code, a represents a color value, f represents a color conversion rule of mapping the color value to the color value, and after the color conversion rule is set, step S1055 is skipped; step S1055, obtaining any binary coded value, and obtaining a color value corresponding to the binary coded value according to a color conversion rule; step S1056, traversing each binary code of the node to obtain color values corresponding to each binary code, and sequentially arranging each color value according to the appearance sequence of the binary codes to form a first vector, wherein the first vector is expressed as a row and a plurality of columns of vectors.
  8. 8. The method for dynamically managing cross-border data based on traffic analysis according to claim 1, wherein step S200 comprises the steps of obtaining co-occurrence characteristics of bytes based on PPMI algorithm, wherein the co-occurrence characteristics of bytes comprise characteristics of data packets and data packet association characteristics; Step S202, according to the characteristics of the data packet, any data packet is obtained, whether the data packet meets a second condition is judged, when the data packet meets the second condition, step S203 is skipped, and when the data packet does not meet the second condition, step S204 is skipped; Step S203, another data packet is acquired, the data packet association characteristics between the data packets are acquired, whether the two data packets meet a third condition is judged, when the two data packets meet the third condition, step S205 is skipped, and when the two data packets do not meet the third condition, step S206 is skipped; Step S204, a first mark is carried out on the data packet, a first operation is carried out on the data packet with the first mark, a return link of the data packet after the first operation is tracked, first link information is generated, whether the first mark is eliminated or not is judged according to the first link information, when the first mark is eliminated, the step S203 is skipped, and when the first mark is not eliminated, the target IP address of the data packet with the first mark is shielded; Step S205, setting the serial number of the byte map; Step S206, a second mark is carried out on the other data packet, a second operation is carried out on the data packet with the second mark, a return link of the data packet after the second operation is tracked, second link information is generated, whether the second mark is added or not is judged according to the second link information, when the second mark is eliminated, the step S205 is skipped, and when the second mark is not eliminated, the target IP address of the other data packet except the data packet with the second mark is shielded.
  9. 9. The method for dynamically managing and controlling cross-border data based on flow analysis according to claim 1, wherein the data stream image is encrypted according to a diagonal algorithm of Hadamard product matrix and matrix vector product to obtain an encrypted stream; The decryption process is the inverse process of the encryption process, and extracts a fourth timestamp of decrypting the encrypted data stream; Setting an encryption verification method according to an encryption process, setting a decryption verification method according to a decryption process, and verifying the encryption verification method and the decryption verification method based on corresponding time stamps; the encryption verification method is realized through a Lorenz chaotic equation in a differential form, and the second verification is realized based on a decryption time point and a time interval between encryption time points; and setting the new data stream as being compliant when the first verification result is first pass and the second verification result is second pass, and setting the new data stream as being non-compliant when the first verification result is first fail or the second verification result is second fail.
  10. 10. The system is used for executing the cross-border data dynamic management and control method based on flow analysis, and is characterized by comprising a conversion module, an operation module and a verification module; the conversion module constructs a byte map according to the preprocessed data packet, converts the byte map into a matrix, and converts the matrix into an image according to a preset rule; The operation module sets the serial number of the byte map based on PPMI algorithm and sliding step algorithm, constructs a data stream image based on the serial number of the byte map, encrypts the data stream image according to the Hadamard product matrix and the diagonal algorithm of matrix vector product, decrypts the encrypted stream based on the inverse operation of the encryption process, sets an encryption verification method according to the encryption process, and sets a decryption verification method according to the decryption process; The verification module performs first verification on the new data stream according to the encryption verification method, performs second verification on the new data stream according to the decryption verification method, and judges whether the new data stream is compliant or not based on the first verification result and the second verification result.

Description

Cross-border data dynamic management and control method and system based on flow analysis Technical Field The invention relates to the technical field of data transmission, in particular to a cross-border data dynamic management and control method and system based on flow analysis. Background In recent years, with the continuous development of network technology and the continuous increase of network bandwidth, more and more people pay attention to the problems of network security and network service quality, and the network traffic classification and identification technology is one of the important fields of computer network research at present as the basis of network management and network analysis, and the network traffic relates to a plurality of entities closely related to each other such as a host, a network, an application, a user and the like, so that the network traffic classification and identification technology is a multi-factor fused and complex system concept. Each network application has its own corresponding traffic behavior characteristics, with the continuous appearance of various network novel applications and network application layer protocols, the complexity of network traffic is increasing, its changeable, dynamic and heterogeneous characteristics are more obvious, and in order to analyze network traffic more comprehensively and accurately, many researchers introduce a machine learning model into the work of network traffic analysis, where packet size and statistical characteristics have proven to be effective characteristics, and they are widely used and have achieved remarkable results in the task of traffic classification and identification. At present, in the chinese patent of publication No. CN119011705A, a system, a method and a device for cross-border transmission of data are disclosed, and the method respectively checks the received data by setting different data compliance requirements for management devices in different attribution areas, so that when the data are transmitted by the self-device, the data meeting the data compliance requirements in the attribution areas are ensured, and meanwhile, the safety compliance of the network data environment is ensured, but in the related art, the verification is performed on the characteristics of the data stream by the preset compliance rule, the safety of the data stream is basically judged based on the characteristic extraction method, although the data stream is concerned, the method is adapted to the data stream of different categories, but the method needs to consume a lot of time, is unfavorable for the quick response of the cross-border data safety judgment, and configures a plurality of distributed auditing devices and rules for different specifications, and is favorable for the cross-border requirement, but increases the workload in the aspects of operation maintenance, safety monitoring and the like of the device, and is unfavorable for the control efficiency of the cross-border data safety, and meanwhile, the limitation is unfavorable for the cross-border data management and the economical benefit exists. Disclosure of Invention The technical problem to be solved by the invention is that the data flow characteristics are checked through the preset compliance rules in the related technology, the safety of the data flow is judged basically based on the characteristic extraction method, the method is suitable for data flows of different categories while focusing on the data flow, but the method needs to consume a great deal of time, is unfavorable for the quick response of the judgment of the cross-border data safety, and is characterized in that a plurality of distributed auditing devices and rules are configured for different specifications, and the method is suitable for the cross-border requirements, but increases the workload in the aspects of operation maintenance, safety monitoring and the like of the devices, is unfavorable for the control efficiency of the cross-border data safety, is unfavorable for the economic benefit of the cross-border data management and control, and has a certain limitation. In order to solve the technical problems, the invention provides a technical scheme, namely, a cross-border data dynamic management and control method based on flow analysis, which comprises the following steps of S100, constructing a byte map according to a preprocessed data packet, converting the byte map into a matrix, and converting the matrix into an image according to a preset rule; Step S200, setting the serial number of a byte map based on PPMI algorithm and sliding step algorithm, constructing a data stream image based on the serial number of the byte map, encrypting the data stream image according to the Hadamard matrix and the diagonal algorithm of matrix vector product, decrypting the encrypted stream based on the inverse operation of the encryption process, setting an encryption verification method accordin