Detailed Description
The following is a clear and complete description of the technical method of the present invention, taken in conjunction with the accompanying drawings, and it is evident that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, are intended to fall within the scope of the present invention.
Furthermore, the drawings are merely schematic illustrations of the present invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. The functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor methods and/or microcontroller methods.
It will be understood that, although the terms "first," "second," etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another element. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of example embodiments. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
In order to achieve the above objective, please refer to fig. 1 to 2, an edge computing driven lightweight data encryption processing method includes the following steps:
Step S1, collecting original input data to be encrypted, carrying out original input data semantic recognition according to the original input data to be encrypted so as to obtain original data field semantic information, carrying out field structure analysis processing on the original data field semantic information so as to obtain an original data field structure, and carrying out original input data type recognition based on the original data field semantic information and the original data field structure so as to obtain an original input data type;
In the embodiment of the invention, the original input data to be encrypted is collected. The data are acquired through a data acquisition module in the edge computing node, and the module gathers the raw data collected according to specific application scenes (such as industrial equipment, an internet of things sensor, a communication network and the like). The collected data comprise various types of texts, pictures, sensor values and the like, and the sources are wide. The acquired data is typically in a hybrid of structured and unstructured form, and at this stage, it is necessary to pre-process the data. Specifically, the data preprocessing is performed through the data cleaning module to remove noise and standardization, and irrelevant information is removed. And carrying out semantic recognition processing based on the original input data. The semantic recognition module analyzes the input data through natural language processing technology and machine learning algorithm (such as deep neural network, support vector machine and the like) and extracts core semantic information of the input data. This process optimizes for different data types, for example, for text data, semantic recognition uses techniques such as word segmentation, named entity recognition, etc., while for sensor data, key information is extracted from the values by pattern recognition techniques. By the aid of the technology, semantic information contained in the input data can be accurately identified from the input data, and key features such as a numerical type, a time stamp and a geographic position can be accurately identified. And analyzing the field structure of the original data according to the semantic information. The field structure analysis module classifies the data fields based on the semantic recognition result, and extracts structural characteristics such as the type, the length, the content format and the like of each field. For example, in processing tabular data, the system identifies the column-to-column relationships and labels the data (e.g., strings, integers, floating fractions, etc.) according to field type. For text data, field parsing may parse out specific fields (e.g., user name, password, date, etc.) according to grammatical rules or predefined structures of the data. The process uses a custom field parsing algorithm that can flexibly adapt to data formats according to different data sources and structural rules. And carrying out the identification of the type of the original input data based on the semantic information and the field structure of the original data field. The data type identification module determines what data type (e.g., text, number, date, etc.) each field belongs to by analyzing the structural features of the field. For example, if a certain field content is a number, it is determined as an integer type, and if it is a time format, it is determined as a date type. With these determinations, the system can prepare for the data encryption process and determine the manner in which the data is to be processed.
S2, performing field encryption priority label distribution processing according to the type of the original input data to obtain field encryption priority label distribution data; determining a data encryption processing strategy according to the original input data type and the field encryption priority label distribution data;
In the embodiment of the invention, the field encryption priority label is allocated according to the original input data type obtained in the previous step. This process is implemented by the encryption prioritization module. The module assigns a corresponding encryption priority label based on the sensitivity of each field, the frequency of use, and its impact on overall data security. For high sensitivity fields, a higher encryption priority is assigned, while for low sensitivity fields, a lower priority is assigned. For example, if the data type is address, telephone, etc., the priority of this field is higher, while for some public data (e.g., non-confidential statistics) the priority is lower. And distributing a data encryption processing strategy according to the type of the original input data and the field encryption priority label. This policy determines the choice of encryption algorithm, the setting of encryption strength, and the specific data processing flow. The encryption strategy generation module selects proper encryption algorithm (such as AES symmetric encryption, RSA asymmetric encryption and the like) and sets encryption intensity according to the field encryption priority label, data sensitivity and system resource status. For fields requiring higher security, more complex, stronger encryption is employed and hardware resources are adapted to reduce impact on system performance. If the data volume is large or the fields needing frequent encryption and decryption are needed, the encryption strategy selects a high-efficiency stream encryption algorithm, so that the encryption processing efficiency is ensured. And encrypting the original input data based on the determined encryption strategy. The encryption processing module encrypts the data according to the selected encryption algorithm and strategy. The encryption operation obtains the encrypted data by encrypting each field one by one. The encrypted data is the encrypted data to be stored or transmitted safely, and a certain balance is maintained in terms of resource consumption.
Step S3, evaluating the abnormal disturbance condition of the encryption processing data according to the data encryption processing condition, evaluating the gradient increasing trend of the load of the edge node according to the abnormal disturbance condition of the encryption processing data, and determining the dynamic degradation trend of the structure of the edge encryption element according to the gradient increasing trend of the load of the edge node;
In the embodiment of the invention, the data after encryption processing is subjected to abnormal disturbance evaluation. The abnormal disturbance evaluation module can compare the difference of data before and after encryption by detecting distortion or structural abnormality in the encrypted data, and check whether the problems of field loss, data error and the like exist. If any potential anomalies are found, the system marks and records the anomalies, providing a basis for subsequent adjustment. And evaluating the load gradient increasing trend of the edge node based on the abnormal disturbance condition of the encryption processing data. The evaluation calculates the load change trend of the edge node by monitoring the indexes such as the processing capacity, the memory occupation, the CPU load and the like of the edge node and combining the complexity of encryption processing. The load assessment module predicts future load changes of the nodes using resource monitoring and prediction algorithms (e.g., based on time series analysis or regression models). If the system detects that the node load is about to exceed the set threshold value, early warning is carried out, and an optimization strategy is provided for the next encryption processing. Based on the gradient increasing trend of the edge node load, the structure dynamic degradation trend of the edge encryption element is evaluated. The evaluation calculates the thermal effect or hardware fault condition of the encryption element by analyzing the node load and the encryption processing intensity. The encryption element monitoring module uses hardware diagnostic tools and thermal effect monitoring algorithms to evaluate the operational stability of the element and predict its degradation tendency in long-term use. If an abnormal trend of the encryption element is detected, the system can take corresponding adjustment measures to avoid failure or performance degradation of the encryption process caused by hardware faults.
And S4, detecting the response delay condition of the encryption edge node according to the dynamic degradation trend of the edge encryption element structure, evaluating the data encryption risk trend based on the response delay condition of the encryption edge node, and performing data encryption strategy optimization according to the data encryption risk trend to obtain data encryption strategy optimization data.
In the embodiment of the invention, the response delay condition of the encryption edge node is detected according to the dynamic degradation trend of the edge encryption element. The response delay detection module captures any delay due to aging or overload of the device by monitoring the response time during the encryption process in real time. By setting the threshold and the overtime mechanism, the system can discover the problem of node response delay in time and record delay data. The data can be used as one of the basis for optimizing the encryption strategy, so that the encryption processing efficiency is further improved. Based on the response delay condition of the encryption edge node, the risk trend of data encryption is evaluated. The data encryption risk assessment module analyzes potential risks in the data encryption process by comprehensively considering factors such as node load, response time, hardware stability and the like. For example, if the node load is too high, the encryption processing speed is reduced or data is lost, and if the hardware fails, the encryption result cannot be returned accurately. The module comprehensively evaluates the data encryption process according to the risk factors and generates an encryption risk trend report. According to the encryption risk trend, the system optimizes the data encryption strategy. The encryption strategy optimization module is used for preparing an encryption strategy which is most suitable for the current node state and load condition by adjusting the aspects of encryption algorithm, encryption priority, resource allocation and the like. This process involves dynamic adjustment of the encryption algorithm, such as selecting a lighter encryption scheme at high load and using a stronger encryption algorithm at low load. The optimized encryption strategy can be automatically applied to the encryption process so as to ensure the security of data and the high efficiency of encryption processing.
Preferably, step S1 comprises the steps of:
S11, collecting original input data to be encrypted;
In the embodiment of the invention, the original input data to be encrypted is obtained through a physical or virtual sensor. Raw input data originates from a variety of different types of devices, including sensors, databases, user inputs, etc., and it is necessary to ensure that the raw input data collected is able to fully reflect the state of the data to be encrypted. In the data acquisition process, high-precision acquisition tools and equipment are adopted, real-time sensor data are acquired through an internet of things (IoT) device, and the data are acquired from a system or a cloud platform through an API (application programming interface). The collected data is stored via a data storage medium (e.g., database, file system, etc.) to provide a basis for subsequent processing and encryption operations.
Step S12, carrying out desensitization treatment on the data to be encrypted on the original input data to be encrypted, so as to obtain desensitized data to be encrypted;
In the embodiment of the invention, the acquired original input data is subjected to desensitization treatment, and the desensitization treatment adopts different treatment strategies according to the type and the sensitivity of the data. For information data, the sensitive information is hidden or fuzzy processed by adopting character replacement, encryption replacement, desensitization coding and other modes. For numerical data, the desensitization method includes blurring the data, processing the interval, and the like. The process uses a data desensitizing tool or a program script to process the sensitive information through a regular expression or an encryption algorithm, ensures that the desensitized data does not contain the original sensitive information, and simultaneously retains the validity of the data to meet the subsequent operation requirements. The processed data is stored as desensitized data to be encrypted for subsequent encryption processing.
S13, carrying out semantic recognition on original input data according to the desensitization data to be encrypted to obtain original data field semantic information;
In the embodiment of the invention, the data semantic recognition is performed based on the desensitized data to be encrypted. The semantic identification refers to analyzing each field in the desensitization data to be encrypted and identifying the corresponding actual meaning. To achieve this goal, natural Language Processing (NLP) technology is used, and tools such as semantic labeling, dictionary matching, regular expressions and the like are combined to extract semantic information of fields from the desensitized data to be encrypted. In the identification process, the types (such as text, numbers, date and the like) of the data fields are accurately identified, and specific business meanings are marked according to a dictionary library or a training model, so that the semantic information of the original data fields is obtained.
S14, carrying out field structure analysis processing on the semantic information of the original data field to obtain an original data field structure;
In the embodiment of the invention, after the semantic information of the original data field is obtained, the field structure analysis processing is performed next. The purpose of field structure parsing is to understand the arrangement of data fields, data types, and relationships between fields. For example, field structure parsing may identify whether a field is a single data item or a multidimensional data item, whether the data has a hierarchy (e.g., nested fields), whether there is an association between fields, etc. In the process, the data structure is deeply analyzed according to the data format by utilizing tools such as XML analysis, JSON analysis and the like. If the semantic information of the original data field comprises a form field, a database table field and the like, the structure of the field is analyzed through SQL query, the constraint relation of a main key, an external key and the like of the data table is identified, the complete original data field structure is obtained after analysis, the dependency relation and the hierarchical relation among the fields are reflected in the analysis result, and support is provided for the subsequent data type identification and encryption processing.
And step S15, carrying out original input data type identification based on the original data field semantic information and the original data field structure to obtain an original input data type.
In the embodiment of the invention, the data type is identified by utilizing the semantic information and the field structure of the original data field obtained in the previous step. The goal of this step is to sort the raw input data according to its specific business scenario and data structure, identifying the type of data. Common data types include text, numeric, date, boolean, binary, etc. Based on the semantic information of the data fields, the system can determine the type of the field data in combination with the structural features of the fields. For example, for a field containing a date format, the system can automatically identify it as a date type, and for a field containing an account balance, it can identify it as a value type. At this time, the system performs type recognition by methods such as type matching and data pattern analysis, and further verifies the correctness of the data type according to the field structure. The identified original input data type plays an important role in the data encryption process, and determines the selection of an encryption algorithm and the allocation of encryption priority labels.
Preferably, step S13 comprises the steps of:
s131, extracting basic format characteristics of the encrypted data field according to the desensitized data to be encrypted to obtain basic format characteristics of the encrypted data field;
In the embodiment of the invention, in a lightweight preprocessing module deployed at an edge node, after receiving data input to be encrypted, data is divided into structural segments according to field levels. The data content of each field is initially characterized by a character encoding type (e.g., ASCII code interval), byte length, special symbol density (e.g., non-alphanumeric symbols such as "_", "-", etc.), field length range (e.g., defined between 5 and 128 characters). And then, counting the character distribution frequency in each field, and constructing a character set distribution matrix for judging whether the formation mode of the field data presents linear arrangement, a repeated mode or a fixed prefix structure. For example, if a field is fixed for the first 4 bits in most samples, followed by a sequence of numbers, then the field is marked as having prefix-array base format characteristics. The format features of all the fields are packaged in a JSON structure and output as a data field basic format feature result to be encrypted, and the data field basic format feature result is used as basic input for subsequent grammar similarity analysis.
Step S132, performing similar grammar pattern matching with a similarity threshold value of 0.75 according to the basic format characteristics of the data field to be encrypted to obtain similar grammar matching data;
In the embodiment of the present invention, after receiving the basic format feature of the data field to be encrypted output in step S131, a rule matching unit deployed on the edge computing node is utilized to call a built-in grammar pattern rule base. The rule base stores more than 5 ten thousand format matching rules, and each rule is a standard format expression formed by characteristic combinations such as character composition, structure segmentation, numerical value interval, length definition and the like. In the matching process, a structure alignment algorithm is adopted, character level comparison is carried out on the format characteristics of the field to be analyzed to each rule, and the editing distance is used as the basis of the matching score. In order to control the matching accuracy, a similarity threshold value of 0.75 is set, rule results lower than the value are eliminated, and redundant matching information is prevented from interfering downstream analysis. Grammar rules matched in the above manner are called similar grammar matching data, and the result is used as a core input of field format classification and context domain analysis.
Step S133, analyzing the data context domain features according to the similar grammar matching data and the basic format features of the data fields to be encrypted;
In the embodiment of the invention, the similar grammar matching data and the original basic format feature are used as joint input and are transmitted into a context feature analysis unit. The unit adopts a bidirectional scanning strategy in the edge node to analyze the context behaviors such as the arrangement relation of the field between the front field and the back field in the original data set, the close combination frequency of the field, the use mode of special separators among the fields and the like. For example, by counting whether the field frequently co-occurs with a previous field or forms a particular data combination pattern (e.g., timestamp + location identification) with a subsequent field, the context semantic boundary in which the field resides can be identified. In the process, a sliding window method and a frequency combination statistical algorithm in a window are used for constructing a field context structure map, map data are extracted into data context domain features, and the data context domain features are output to a next field combination identification link.
Step S134, identifying the context repetition combination condition of the fields based on the data context domain characteristics;
In the embodiment of the invention, based on the data context domain features extracted in the last step, the identification processing of the repeated combination condition of the field contexts is further executed. And starting a frequency analyzer on the edge computing node, uniquely encoding different field combination structures by utilizing a hash compression technology, and recording the occurrence frequency of the combination structures in different data blocks in a bitmap statistical mode. For example, if a field combination A-B-C exists in a data set and occurs in more than 80% of the data segments, the system marks it as a high repetition combined structure. In order to enhance statistical accuracy, the edge node adopts 5 groups of independent data caches to carry out repeated comparison, avoids interference caused by sample offset, outputs context repeated combination conditions of fields, marks repetition rate values of each combination structure and provides a judgment basis for whether sequence rearrangement is executed subsequently.
S135, carrying out field sequence rearrangement processing when the repeated combination condition of the field context exceeds 86%, so as to obtain field sequence rearrangement data;
In the embodiment of the present invention, for the field sequence marked as the repeated combination condition in step S134, the system calls the field rearrangement unit to perform the position optimization processing. When the repetition rate of a certain field combination structure exceeds 86%, a rearrangement mechanism is triggered. The reordering process uses a ranking strategy based on position stability priority, where fields that appear steadily in the combination (defined as fields that appear in more than 90% of the samples) are adjusted to the header of the combination, and dynamic fields (repetition rate between 86% -90%) are ranked later. This is done by rebuilding the field index table and updating the field mapping relationship on the edge node. The whole processing process records the mapping relation between the original index and the rearranged index of the field, outputs rearranged data of the field sequence, and provides a clear-structured input basis for subsequent semantic recognition.
And step S136, carrying out semantic recognition on the original input data based on the field sequence rearranged data to obtain the semantic information of the original data field.
In the embodiment of the invention, the field sequence rearrangement data obtained in the step S135 is taken as input, and the semantic recognition unit is called to execute the field semantic deduction task. The task performs multidimensional classification processing based on information such as character structural features of field contents, positions of fields in combination, coupling frequencies between fields and the like. Then, the field meaning is logically attributed through an embedded semantic categorizing rule set (comprising a position indication structure, a flag bit structure, a time structure, a coding structure and the like). For example, if a field is always arranged in the second bit in the combined structure and contains consecutive 8-bit digits, the system identifies the field as a sequence identification field. The recognition result does not depend on model reasoning, but carries out field label labeling output result based on logic rules to obtain the semantic information of the original data field, wherein each field is added with a semantic label and deduces a source field combination path.
Preferably, step S14 comprises the steps of:
step S141, identifying physical boundary information of a data field to be encrypted based on the semantic information of the original data field;
In the embodiment of the present invention, in the semantic information of the original data field obtained in step S136, each field is given a structure position, a semantic tag, and a context combination path. Based on the result, the edge node activates a data structure recognition engine module deployed locally, and invokes a field structure locating algorithm to recognize the physical boundary information of the semantic field. The algorithm constructs a field boundary detection rule table through parameters such as the initial offset, the termination offset, the character coding bit number, the number of interval separators between fields and the like of the fields in the data character string. In a specific operation, a field start position is defined as a first occurrence position of a continuous character sequence, and a termination position is defined as a position where a semantic breakpoint (e.g., a separator, a length mutation, a coding mode switch, etc.) occurs. Taking the original data with the length of 128 bytes as an example, if a field starts at bit 11 and ends at bit 28, its physical boundary is [11,28], and the boundary information is output and uniformly packaged into a physical boundary information structure of the field of the data to be encrypted, which is used as the direct input in step S142.
Step S142, measuring the length of the data field to be encrypted according to the physical boundary information of the data field to be encrypted;
in the embodiment of the present invention, the physical boundary information of the data field to be encrypted output in step S141 is sent to the length measurement submodule in the edge node. The module is internally provided with a character width mapping table and a byte counter, and calculates the byte span length of each field in a sequential traversal mode. For data sources in UTF-8 encoding format, the system reads the field start and stop offsets (e.g., start 11, stop 28), then reads the byte sequence of the corresponding section of the original data, compares the encoding widths byte by byte and accumulates the byte lengths actually occupied by the count fields. If the field contains multi-byte symbols (such as Chinese characters or special format marks), the system identifies and measures accurately one by one according to the coding table, does not perform width unification to simplify the physical length information of each field to output in the form of byte number, and encapsulates the physical length information and the original boundary information together into a data field length record table to be encrypted, wherein the data field length record table comprises field numbers, starting positions, ending positions and byte lengths, and provides fixed-length data support for the next semantic attribute classification.
Step S143, carrying out semantic attribute classification processing on the semantic information of the original data field to obtain field semantic packet data;
In the embodiment of the invention, based on the obtained semantic information of the original data field and the field length record table output in the step S142, a semantic attribute classification processing module built in the edge node is started. The module does not rely on model reasoning, but rather performs field semantic clustering through a hard-coded semantic tag rule set. The specific operation includes primary grouping all fields according to their semantic tags (e.g., location identification, time tag, number count, state description, etc.), and then further grouping the sub-groups according to the field length interval (e.g., 0-10 bytes, 11-20 bytes, etc.) and the syntactic structural features that appear in the context (e.g., in the head, middle, tail of the data). In practice, the fields that belong to the same location-identifying semantic tags and have byte lengths between 5-10 and appear at the end of the data structure are marked with the same semantic packet number, e.g., group_03. All field semantic packet information is uniformly recorded into a field semantic packet data table, and each record contains parameters such as a field number, a packet number, a classification label, a byte length interval, a context section position and the like.
Step S144, identifying field semantic association coupling attributes according to the field semantic grouping data;
In the embodiment of the invention, a field semantic packet data table is used as input and is sent to a semantic coupling analysis module deployed by an edge node. The module performs coupling attribute identification based on context combination frequency between fields within a field packet, common context boundary coincidence and field content interaction characteristics. The operation flow comprises three parts, namely (1) context combination frequency analysis, namely counting the frequency of co-occurrence of any two fields in the same data segment in sample data, (2) boundary coincidence degree calculation, namely analyzing whether coincidence or relative fixed offset rules exist at the start and stop of the boundary of the fields, namely, arranging the field A and the field B in most samples at intervals of 3 bytes, and (3) interaction characteristic matching, namely, detecting the association degree between field contents, namely, whether numerical cascading or unit conversion relation exists. All indexes are standardized to be coupling attribute values in the [0,1] interval, if the coupling value between the field pairs is higher than a set threshold (such as 0.6), the coupling value is marked as that semantic coupling output exists as a field semantic association coupling attribute table, and the table comprises parameters such as field pair numbers, coupling attribute values, co-occurrence times, boundary shift average values and the like and is used for subsequent structure nesting judgment processing.
Step S145, performing field structure nesting determination based on the field semantic association coupling attribute exceeding 0.89 to obtain a field structure nesting condition;
In the embodiment of the invention, the field semantic association coupling attribute table generated in the step S144 is subjected to screening operation, and all field pairs with coupling attribute values larger than 0.89 are selected. The field pairs are used as nesting judgment analysis objects and are sent to a field structure nesting judgment unit in the edge node. The unit adopts a hierarchical nested relation deduction rule to judge whether the fields form an inclusion relation or not. The specific process comprises the steps of checking whether a field physical boundary completely contains another field (for example, a field A boundary is [15,40] and a field B boundary is [22,35 ]), comparing whether field packet numbers are consistent with each other and whether a semantic tag has an inheritance relationship (for example, a state field contains a plurality of specific state subfields), and marking the field pair as a nested structure if three conditions are met simultaneously. All nested structure records are written into a field structure nesting situation table, which contains detailed parameters such as a nesting parent field number, a sub-field number, a nesting depth, a boundary level and the like.
Step S146, determining data field hierarchy information according to field structure nesting conditions and field semantic association coupling conditions;
In the embodiment of the invention, a data field hierarchical structure analyzer deployed in an edge node is started based on a field structure nesting condition table and a field semantic association coupling attribute table. The parser maps nested relationships to a tree hierarchy, each node representing a field, and each edge representing a nested relationship or a strongly coupled connection. The parser reads the nesting condition table, constructs a root node field, adds subfields layer by layer, and accurately marks the nesting depth of each layer of field by adopting a recursion structure. If the field pair with the coupling attribute value exceeding 0.7 and not reaching the nesting threshold value exists, the field pair is marked as peer coupling, and the formed data field hierarchical information is marked in a horizontal connection side mode in the hierarchical structure chart and is packaged into a data field hierarchical structure chart, wherein the data field hierarchical structure chart comprises fields such as a field ID, a hierarchical depth, a father field ID, a coupling association ID, a path identifier and the like, and full-structure information input is provided for field structure analysis.
And step S147, carrying out field structure analysis processing based on the data field hierarchy information and the data field length to be encrypted exceeding 10 to obtain an original data field structure.
In the embodiment of the present invention, the data field hierarchy map output in step S146 and the data field length record table to be encrypted in step S142 are processed in a combined manner. The field structure parsing engine is activated and a parsing threshold is set that structure parsing is only started when the field length exceeds 10 bytes. The parsing engine reads all field numbers meeting the length condition, and searches the corresponding hierarchical structure and nested path in the map. And then adopting a depth-first traversal algorithm to carry out node expansion on the nested field structure, recording the path level, the nesting layer number and the transverse coupling field group of each field, and outputting the structural representation. For example, if the field X is a parent field and includes two sub-fields of the field Y and the field Z, and Y and Z are in a transverse coupling relationship, the output is that the field X-field Y (level 2, nested), the field X-field Z (level 2, nested), and the field Y ↔ and the field Z (coupled) analysis result is output as an original data field structure table, wherein the detailed data includes a field structure path, a field hierarchy ID, a coupling identifier, a nesting depth, a structure path index and the like, and the structure input is provided for the subsequent encryption rule generation.
Preferably, step S2 comprises the steps of:
s21, performing field encryption priority label distribution processing according to the type of the original input data to obtain field encryption priority label distribution data;
In the embodiment of the invention, in the initial processing stage of the edge computing node, a field identification matrix is required to be constructed based on the acquired original input data types. By carrying out structural feature recognition on each field in the input data, a corresponding field structure vector is constructed by combining a plurality of dimensions such as character types, symbol distribution density, structure nesting complexity, context semantic coupling degree, field length and the like of the fields. The method comprises the steps of taking character types as a basis for classification, distinguishing the fields of pure numbers, mixed alphanumerical types, special characters and whole alphanumerical types, detecting whether fields have multi-layer data combinations or not according to field nesting relations, such as list sleeve dictionaries, key value pair nesting and the like, further dividing the structural complexity level, evaluating the dependency relations of the fields in a semantic chain by combining the occurrence frequency of the fields in original input data with the rules of semantic positions (such as first fields, last fields and middle fields), and constructing a multi-dimensional field evaluation parameter set through the analysis. The method comprises the steps of taking field processing complexity as a reference, dividing the field encryption priority into five levels according to expected resource consumption and processing time of encryption realization as sequencing standards, wherein a first level (P1) represents low structural complexity, no nesting, simple character types and minimum processing resource requirements, a fifth level (P5) represents high structural complexity, multi-layer nesting, complex character types and higher dependency on semantic analysis, generating field encryption priority label distribution data, storing the label data in a key value mode, taking a field name as a key, taking a corresponding encryption priority level as a value, and taking the label data as basic input of subsequent encryption strategy formulation and resource scheduling.
S22, predicting the consumption condition of the encryption resources of the data according to the field encryption priority label distribution data;
In the embodiment of the invention, after obtaining field encryption priority label distribution data, an edge node scheduling module starts a resource consumption prediction sub-process to construct an encryption resource prediction parameter table according to standard encryption complexity factors corresponding to each level of encryption priority label. And respectively mapping the P1 to P5 grades into resource occupation estimation intervals by taking static historical data as a reference, extracting historical encryption task log records from local caches of the edge equipment, extracting actual resource occupation values of each field in the actual encryption process, and extracting average resource use values of 3 nearest task periods in a sliding window mode to serve as experience parameters of the current prediction process. On the basis, the number of the encryption grade fields of each class and the total byte length in the current original input data are combined, and the resource summation is carried out on each stage of encryption label field, so that the estimated total resource amount corresponding to the field encryption priority is obtained. And then weighting and combining all the priorities to generate a total resource predicted value, and simultaneously outputting resource weight ratio data corresponding to each level of label, wherein the data encryption resource consumption conditions generated by the input of the subsequent strategy generation step comprise a field hierarchical resource estimation list, a total resource estimation, single-field average time consumption, single-task estimated time consumption and a resource distribution weight table.
S23, determining a data encryption processing strategy according to the consumption condition of the data encryption resources and the field encryption priority label distribution data;
In the embodiment of the invention, after receiving field encryption priority label allocation data and data encryption resource consumption conditions, an encryption scheme configuration flow is started to carry out resource adaptation calculation according to a total resource estimation value and the current available resource condition of an edge node, if the total resource estimation value is smaller than the total value of the current node residual allocable resources, a full-field instant encryption strategy is started, all fields directly enter the encryption flow according to the label sequence, if the total estimation value is close to or exceeds the upper limit of the current allocable resources, a batch encryption processing mechanism is started, priority encryption is carried out by limiting the highest priority field (such as P5 level), low priority fields (such as P1 and P2 level) are delayed to be executed, an encryption execution task is divided into time segments according to resource weights by a scheduling period controller, a field encryption queue is set, and the peak value occupied by single-period resources is reduced. In the policy generation process, the type of encryption algorithm is determined according to field distribution characteristics, for example, a double symmetric algorithm and structure nesting segmentation processing is adopted for a P5 field, a standard symmetric encryption algorithm is adopted for a P3 field, a lightweight Ha Xirao code mode is adopted for a P1 field, and the processing is executed after field structure decoupling. The policy result data includes an encryption queue configuration list, an assignment time window of each field, a corresponding algorithm number, a resource constraint condition and a field execution order, which are used as control parameter inputs in a subsequent encryption processing process.
And step S24, carrying out input data encryption processing on the original input data type based on the data encryption processing strategy to obtain encryption processing data.
In the embodiment of the invention, according to the data encryption processing strategy generated in the step S23, a data encryption execution module sequentially starts a field processing sequence and an algorithm number appointed in a field encryption process loading strategy list according to strategy setting parameters, disassembles a P5 tag field according to structural segmentation, each segment of data unit is subjected to block processing by adopting an advanced symmetric encryption standard AES-256, each block of additional data segment check code and processing number are used for marking a source field segment structure after processing, P4 and P3 tag fields are processed again, a corresponding field name and a ciphertext key value table are generated for subsequent data index after processing is completed according to a set standard symmetric encryption algorithm (such as AES-128), then a light-weight encryption mechanism is started for the P1 and P2 tag fields, a hash scrambling function set embedded in an edge encryption engine is called, and field value disturbance and encryption are completed through a light-weight algorithm such as a displacement scrambling code, a character order, a CRC (CRC) code. After all the field processing is completed, the sequence of the original data structure is assembled and restored by integrating the encryption fields, encryption processing data is generated, the encryption processing data keeps the original data structure unchanged, the field values are processed completely according to the encryption strategy, and the processed data is attached with a field encryption index table and a processing record list for the edge node to be used for cache scheduling and data chain uploading.
Preferably, step S23 comprises the steps of:
step S231, evaluating the encryption difficulty condition of the data field according to the field encryption priority label distribution data;
In the embodiment of the invention, the field encryption difficulty condition of the data is evaluated according to the field encryption priority label distribution data, and in step S231, all fields and the corresponding encryption priority levels thereof are extracted from the field encryption priority label distribution data generated in step S21. And loading an encryption algorithm complexity evaluation parameter set in the edge node local processing module, wherein the parameter set is established in advance through an experimental statistical mode and covers the unit calculation resource consumption and the average processing time of the encryption algorithms such as AES-256, AES-128, SM4, RC4 and the like under the conditions of different data lengths, field structure complexity and character set types. For example, for a nested structure field of length exceeding 512 bytes, AES-256 would require an average CPU cycle of 2600cycles and a memory footprint of 12MB, while for a flat structure field of 64 bytes or less, SM4 would require only 600cycles and a memory footprint of about 1.5MB. The edge node control module matches the structural features of the field content one by one according to the field priority labels, including character types (only numbers, numbers and letters are mixed, special symbols are included), length ranges (less than 64 bytes, 64 to 512 bytes, more than 512 bytes), and whether structural nesting (such as JSON nesting, list dictionary combination, etc.) is included. And (3) searching the resource load factors of the corresponding encryption algorithm in the processing parameter set by combining the field structure characteristics and the standard encryption algorithm corresponding to the labels of the field structure characteristics to obtain the field encryption difficulty factor scores. The scoring standard is from 1 to 10,1 represents the lowest complexity (such as flat digital field matching SM4 encryption), and 10 represents the highest complexity (such as multi-layer nested structure matching AES-256 processing), each field corresponds to the encryption difficulty scoring result one by one, and data field encryption difficulty status data is generated.
Step S232, calculating the calculation power occupation condition of the data encryption edge node based on the encryption difficulty condition of the data field;
According to the data field encryption difficulty condition data generated in the step S231, an internal computing power resource measuring and calculating module of the edge node is called to estimate and process the resource consumption of all fields in a planned encryption period according to the field quantity, the field length and the encryption difficulty score, and the fields with different encryption grades are classified and grouped. Each set of fields corresponds to a specific algorithm processing channel with a set encrypted instruction cycle statistics parameter. Taking an AES-256 encryption channel as an example, for a field group with a score of 10, the system sets a single field processing period to 2800CPUcycles and an average parallel thread utilization to 75%, simulates processing behaviors in a fixed period window mode in a computing task scheduler, and performs encryption simulation calculation on each group of fields in one virtual period. And for all field groups, respectively comparing the estimated CPU cycle sum, the memory use peak value, the thread scheduling average waiting time and the idle resource condition in the current edge node resource pool to generate calculation power occupancy rate data required by the edge node to currently process the group of data, wherein the calculation power occupancy rate data comprises CPU utilization rate percentage, a memory total occupancy value (MB), thread queue depth and predicted total encryption time (ms). And summarizing all field group resources to form complete data encryption edge node calculation power occupation situation data.
Step S233, field weight distribution processing is carried out on the calculation power occupation condition of the data encryption edge node to obtain field encryption weight data;
In the embodiment of the invention, the field weight distribution processing is carried out on the calculation power occupation situation of the data encryption edge node to obtain the field encryption weight data, and the field weight distribution processing is carried out on the basis of the calculation power occupation situation data of the data encryption edge node obtained in the step S232 in the step S233. In the execution process, the system scheduling module constructs a field encryption influence factor matrix according to the field encryption difficulty score and the actual resource occupation amount, the matrix takes a field name as an index row, takes a resource occupation dimension (CPU period, memory occupation and encryption time) as a column, and normalizes the resource occupation value of each field to be between 0 and 1 in a normalization processing mode. After the normalization processing is completed, a field priority label is introduced as a weighting multiplier, for example, a P5 priority field is multiplied by a weight coefficient of 1.5, and a P1 priority field is multiplied by a weight coefficient of 0.5, so that the comprehensive weighting duty ratio of the resources of each field is further obtained. And (3) carrying out normalization processing on all the field weighted occupation ratios to enable the field encryption weight sum to be 1 to generate field encryption weight data, wherein the data format is encryption weight values corresponding to field names, and the encryption weight data are used for carrying out node resource capacity marking distribution mapping in the step S234.
Step S234, marking the node encryption resource interval according to the encryption resource consumption condition to obtain node encryption resource capacity marking data;
In the embodiment of the invention, node encryption resource interval marking is carried out according to the encryption resource consumption status to obtain node encryption resource capacity marking data, and step S234 is used for carrying out interval division and capacity marking processing on the node resource bearing capacity by combining the data encryption resource consumption status data generated in step S22 and the current edge node physical resource status. In the specific operation, indexes such as the number of CPU cores which can be scheduled currently, the free memory capacity, the free ratio of encryption engine threads, the response delay time length of each unit of average encryption task and the like are extracted from an edge node resource state monitoring module. And calculating interval difference values between the indexes and the total resource demand value in the data encryption resource consumption condition, and dividing the intervals into three intervals according to the resource matching degree, namely a high adaptation area (the resource surplus is more than 20% of the predicted demand), a middle adaptation area (the resource surplus is within +/-20%) and a low adaptation area (the resource surplus is less than 20% of the predicted demand). Each resource interval is given with a mark value which is a mark A, B, C respectively to form node encryption resource capacity mark data, and the data structure contains the current remaining value of each type of resource (CPU, memory and thread), the corresponding interval and a mark label to provide a mapping foundation for the subsequent encryption strategy combination.
Step S235, performing strategy combination mapping processing on the node encryption resource capacity marking data and the field encryption weight data to obtain encryption strategy combination mapping data;
In the embodiment of the invention, the node encryption resource capacity marking data and the field encryption weight data are subjected to policy combination mapping processing to obtain encryption policy combination mapping data, and the field encryption weight data obtained in the step S233 and the node encryption resource capacity marking data obtained in the step S234 are subjected to policy combination mapping processing. The system call policy combination module reads the encryption weight values of all the fields and the current node resource capacity marking value, establishes an encryption policy template library according to the resource marking category, for example, allows the highest occupied weight field to be encrypted preferentially when the section A is marked, enables multi-thread parallel processing, starts a resource balance scheduling policy when the section B is marked, preferentially processes the medium weight field and sets a thread delay queue, and starts a resource conservation policy when the section C is marked, only processes the low weight field and limits the number of parallel threads to single threads. In the template mapping process, the field weight interval and the resource mark interval form a mapping matrix, and the encryption execution strategy to be adopted by each field is determined by a table look-up mode, including whether parallel processing is started, what algorithm is used, the start-stop time of a processing time window and other contents are used for generating encryption strategy combination mapping data, and the encryption strategy combination mapping data is output as a structured mapping table, so that a strategy combination feasibility evaluation basis is provided for step S236.
Step S236, evaluating the feasibility of the data encryption strategy combination based on the encryption strategy combination mapping data;
In the embodiment of the invention, the feasibility of the encryption strategy combination of the data is evaluated based on the encryption strategy combination mapping data, and the feasibility verification processing is carried out item by item on the encryption strategy combination mapping data generated in the step S235 by calling the edge node strategy feasibility evaluation module. The feasibility evaluation is carried out based on a task period scheduling simulation engine, the system sequentially schedules simulation tasks according to an encryption algorithm, the thread concurrency quantity and a field encryption time window set in a strategy mapping table, records a resource occupation curve of each round of encryption tasks in a virtual period, and judges whether the current node resource load is exceeded. For those with resource conflicts (e.g., memory overflow, thread congestion, response delay exceeding expectations), the system is marked as an infeasible policy, and for those that can complete tasks within the upper limit of the resource are marked as viable. The feasibility evaluation result takes the field as a unit to generate a strategy feasibility Boolean matrix, and the matched illustrative data comprise task execution total duration prediction, average thread occupancy, algorithm calling times and maximum memory use peak value to form data encryption strategy combined feasibility evaluation data, so as to provide a basis for strategy adaptation in the step S237.
Step S237, evaluating the adaptation condition of the data encryption processing strategy according to the feasibility of the data encryption strategy combination;
In the embodiment of the invention, the data encryption strategy combination feasibility evaluation data encryption processing strategy adaptation condition is evaluated, the strategy adaptation analysis module is utilized to read the data encryption strategy combination feasibility evaluation data generated in the step S236, whether the encryption strategy of each field is matched with the current edge node resource condition is comprehensively matched and judged, all feasible strategy fields are arranged according to the descending order of weight, the execution sequence is attempted to be arranged in an available time window, and for the infeasible strategy fields, the system automatically searches for an alternative scheme under the weight level of the corresponding field in the standby strategy template library, and comprises the steps of replacing the encryption algorithm for the lower resource consumption or adjusting the thread scheduling strategy, and re-executing the step S236 for two-round evaluation. The adaptation process generates a field policy adaptation result list including encryption policies adopted per field, execution time window numbers, resource call channels and whether to enable degradation policy flags. The list data structure uses the field name as an index and the adaptation condition data as a value as an input of the encryption processing policy determining operation in step S238.
Step S238, determining the data encryption processing strategy according to the adaptation condition of the data encryption processing strategy and the combination feasibility of the data encryption strategy.
In the embodiment of the invention, a data encryption processing strategy is determined according to the adaptation condition of the data encryption processing strategy and the combination feasibility of the data encryption strategy, a field strategy adaptation result list generated in the step S237 and encryption strategy combination feasibility evaluation data provided in the step S236 are integrated, the encryption processing strategies of all fields are structured and confirmed according to the field strategy adaptation list, parameters such as the type of an adopted encryption algorithm, the number of an encryption execution thread, the processing period position and the like are selected on a field-by-field basis, and a corresponding execution task queue is established in an edge node dispatcher. And then sequencing the field task queues according to the execution sequence, eliminating tasks with resource conflict or execution time intersection, and performing secondary verification on the residual resource capacity to ensure that all strategy sets have complete executable in the target encryption period. And finally, generating a data encryption processing strategy table, wherein the content comprises information such as field names, adopted encryption algorithm numbers, execution thread channels, processing window numbers, resource quota parameters and the like. This policy table serves as the only control data source for performing the encryption processing task in step S24.
Preferably, the encryption processing data abnormal disturbance condition evaluation in step S3 includes:
detecting a node data encryption processing offset trend according to the data encryption processing condition;
In the embodiment of the invention, the monitoring system of the edge computing node is used for collecting the data processing conditions of the encryption tasks in real time, wherein the data processing conditions comprise the information such as the number of the encryption tasks executed on each node, the encryption execution period, the node resource occupation condition and the like. The encrypted task data of each node is captured by a monitoring module in the edge computing scheduling system, and all the time stamp, the input data size, the encryption algorithm type and the output result of the encrypted execution task are recorded in a special log system. Based on the collected encrypted task logs, calculating the encryption processing offset of each node in a past period of time by adopting a time sequence data analysis method. The encryption processing offset refers to a deviation condition in which a certain node processes an encryption task within a prescribed time, and is generally expressed as a difference between a start time of the encryption task and an expected processing time. If the deviation between the actual processing time and the predicted processing time of the encryption task of a certain node exceeds a set threshold (such as + -10%), the abnormal deviation is recorded. The embodiment of the offset trend detection uses a time sequence data smoothing algorithm (such as a moving average algorithm) to conduct trend prediction on historical encryption processing offset data, generates an offset trend graph result of each node encryption task, outputs the graph result in a form of a graph, displays a change curve of the offset trend of each node encryption task, and provides a basis for subsequent offset anomaly detection.
Detecting the nesting conflict condition of the field of the encryption statement according to the node data encryption processing offset trend;
In the embodiment of the invention, further encryption statement analysis is performed based on the obtained node encryption task migration trend data. Encryption statement field nesting conflicts often occur in complex encryption operations, particularly when the encryption algorithm involves multiple fields and complex data nesting, which can result in some encryption operations conflicting and thus affecting processing efficiency. In this step, field nesting level information in all the encrypted sentences, especially the multi-level nested encrypted sentences, is extracted. The technical means used for field nesting conflict detection is based on the construction of a field reference tree, each encryption statement is parsed into a field reference tree, the nodes of the tree represent fields in the encryption statement, and the edges represent encryption relations among the fields. Nesting conflicts occur when two encrypted fields are subject to repeated encryption or cross encryption in the same encryption task. Any nesting conflict detected by parsing and comparing the field reference tree is marked and recorded. The detection process uses a graph matching algorithm in graph theory to identify nested conflict paths, and performs automatic analysis through an encryption statement analysis tool, wherein nested conflict conditions form conflict reports and are presented in the form of graphs and tables, and the conflict reports comprise field IDs, nested conflict levels and conflict field equivalent information of each encryption statement.
Determining the boundary misidentification condition of the encryption processing field based on the field nesting conflict condition of the encryption statement;
In the embodiment of the invention, the field boundary misidentification problem in the encryption processing process is analyzed by utilizing the field nesting conflict information of the encryption statement obtained in the previous step. Field boundary misidentification often occurs in multi-field encryption operations, particularly in the encryption process, where the start and end positions of certain fields are misjudged, resulting in inaccurate encryption results. The key technique used in this step is a field boundary recognition algorithm based on an encryption algorithm that scans the field-to-field spacing locations in the encryption statement. By analyzing the execution log of the encryption statement, it is checked whether or not the field boundaries at the start and end of the encryption operation coincide with the original data fields. If the actual boundary of the encrypted field deviates from the set boundary position by more than a predetermined range, the field boundary misidentification is considered to occur. The determination of the misrecognition condition is verified by the byte offset of the encrypted field. If the byte alignment is found to be inaccurate in the field boundary identification process, marking the field as boundary misidentification, and generating detailed log records and reports, wherein the report content comprises field IDs, misidentified byte ranges, offsets and related encryption task IDs.
Identifying an encryption processing data distortion condition based on the encryption processing field boundary misidentification condition;
in the embodiment of the invention, the distortion condition of the encryption processing data is further determined by analyzing the identified field boundary misidentification information. Data distortion is typically manifested as the inability of encrypted data to recover to the correct original data, mainly due to partial data loss or duplication caused by field boundary errors. The method comprises the steps of comparing original data with encrypted data, detecting byte differences between the original data and the encrypted data, decrypting the encrypted data through the inverse operation of an encryption algorithm, obtaining decrypted data, and comparing the decrypted data with the original data byte by byte. Data distortion is considered to occur if there is a byte inconsistency between the encrypted data and the decrypted data (e.g., zero values or illegal characters occur at certain locations). The process of distortion identification uses a byte level difference detection algorithm that quickly identifies differences between data by comparing hash values of the original data and the decrypted data (e.g., SHA256 hash). This step generates a distortion report containing the location of the distortion, the type of distortion (e.g., byte loss, data repetition) and associated field identification information for each field encryption.
Analyzing the byte alignment deviation degree of the encryption processing data according to the distortion condition of the encryption processing data;
In the embodiment of the invention, the degree of data byte alignment deviation is further analyzed according to the obtained data distortion condition. In the encryption process, byte alignment deviation causes that data cannot be correctly recovered in the decryption process, and the usability of the data is affected. The byte alignment difference between the encrypted data and the decrypted data is evaluated by a byte alignment comparison algorithm. The algorithm evaluates the byte stream alignment bias of the overall encrypted data by calculating the alignment error of each data unit (e.g., character, integer, floating point number, etc.) in the byte stream. If the byte stream alignment error exceeds a specified threshold (e.g., 1 byte), then a byte alignment deviation is considered to exist. The calculation method of byte alignment deviation is based on the data block size and memory alignment requirement (for example, the data block needs to be aligned according to 64 bytes), if the actual starting position of the data block does not match the alignment position, the deviation value will be recorded and reported. After this report is generated, it will contain the value of the byte alignment offset, the affected data block range, and the relevant field identification information.
Predicting the increasing trend of the analysis difficulty of the encrypted data according to the byte alignment deviation degree of the encrypted data and the distortion condition of the encrypted data;
In the embodiment of the invention, the difficulty increasing trend of the encrypted data analysis is further predicted according to the obtained byte alignment deviation information and the data distortion condition in the step S3.4. And predicting the analysis difficulty encountered by the future encrypted data in decryption by comparing byte alignment deviation with the variation trend of the data distortion degree. Based on the historical data and the real-time data executed by the encryption task, a time sequence analysis method is adopted to calculate the byte alignment deviation and the time variation trend of the data distortion condition. Specifically, a weighted moving average algorithm is used for smoothing byte alignment deviation values and data distortion degrees in historical data, so that an increasing trend of the analysis difficulty of future encrypted data is obtained. From these trend data, the processing difficulty of future encrypted data in parsing, such as calculation overhead in decryption, extension of decryption time, etc., is predicted. The predicted results will be recorded in an analysis report that includes trend charts, predicted values, and encryption task adjustment suggestions.
Determining the consistency difference degree of the data before and after encryption based on the analysis difficulty increasing trend of the encrypted data;
In the embodiment of the invention, the consistency difference degree of the data before and after encryption is further analyzed according to the analysis difficulty increasing trend of the obtained encrypted data. Data consistency differences generally refer to differences in logic and structure of decrypted data from original data, particularly data errors due to erroneous byte alignment or field nesting during encryption. This step compares the hash value, data structure, and field integrity of the original data and the decrypted data. A data structure verification tool (such as a JSON Schema verifier or an XML Schema verifier) is used for comparing the structural consistency of the original data and the decrypted data, and a structural difference index is calculated. If there is a difference between the structure in the decrypted data and the original data, and the difference is beyond a predetermined tolerance range (e.g., missing structural elements, field type mismatch), then the consistency difference is marked.
And evaluating the abnormal disturbance condition of the encrypted data according to the consistency difference degree of the data before and after encryption and the analysis difficulty increasing trend of the encrypted data.
In the embodiment of the invention, the consistency difference degree of the data before and after encryption and the increasing trend of the analysis difficulty of the encrypted data are comprehensively considered, and the abnormal disturbance condition of the encrypted data is estimated. And carrying out quantitative evaluation on the disturbance degree of the encrypted data by combining a prediction model according to the data processing results in the previous steps. By combining the consistency difference degree with the analysis difficulty increasing trend, a disturbance index is generated, and the disturbance index characterizes the abnormal disturbance degree of the data in the encryption processing process. The calculation formula of the index comprehensively evaluates the disturbance condition of the encryption processing data by comparing indexes such as consistency difference, byte alignment deviation, analysis difficulty and the like of the encryption data according to the historical data and the analysis result. After the evaluation result is generated, the evaluation result is presented in the form of a chart, including the time change trend of the disturbance index, the abnormal point, the influence range and the corresponding processing advice.
Preferably, the edge node load gradient increasing trend evaluation in step S3 includes:
carrying out encryption processing abnormal cause analysis according to the abnormal disturbance condition of the encryption processing data to obtain encryption processing abnormal cause data;
In the embodiment of the invention, the encrypted data generated in the encryption process is acquired, and compared with the original unencrypted data through the data consistency checking tool, and the data disturbance condition in the encryption process is analyzed. The specific operation includes comparing the encrypted data with the original data by using a specially designed data consistency difference engine, and recording difference points such as data loss, field change, data error and the like. And analyzing the sources and influence factors of the differences by using preset rules and models according to the differences, and further inducing the encryption processing abnormality. The analysis result provides a basis for subsequent anomaly source identification. For example, if a high proportion of data fields are found to be lost before and after encryption, it may be presumed that the encryption algorithm is at risk of loss when processing certain data. The output of this step is encrypted processing of the anomaly incentive data, including potential sources of anomalies and incentive lists, for further analysis by subsequent steps.
Performing encryption processing abnormal edge node identification based on the encryption processing abnormal incentive data to obtain encryption processing edge node abnormal data;
In the embodiment of the invention, after the encrypted processing abnormal incentive data is obtained, an edge node abnormal identification process is entered. And evaluating each edge node by using an edge node data analysis tool through the network topology information and the log data of encryption processing and combining the change characteristics of the encrypted data. The evaluation process is based on historical performance data of the nodes, such as CPU utilization rate, memory occupation condition, network delay and the like, and analyzes whether each edge node has an abnormality one by combining encryption processing abnormality incentive data. In operation, the anomaly causing data is matched with the operation state (such as CPU load, memory use, network bandwidth, etc.) of the edge node, and the node with abnormal load or resource shortage in the encryption processing process is identified. The process monitors the behavior of the edge nodes in real time by configuring an anomaly detection rule, and ensures detailed analysis of the encryption processing condition of each node to obtain the encryption processing edge node anomaly data, wherein the anomaly data comprises the identification, anomaly type, anomaly duration and occurrence frequency of the anomaly nodes.
Detecting the excessive memory occupation degree of the edge node according to the encrypted edge node abnormal data;
In the embodiment of the invention, the edge node with overlarge memory occupation is identified according to the obtained encrypted edge node abnormal data. For this reason, the memory usage of each node needs to be monitored and evaluated in detail. The method specifically comprises the step of collecting the memory occupation condition of each node in real time through a performance monitoring tool of an edge computing platform. And judging whether the node excessively occupies the memory according to a preset threshold (for example, the memory occupation exceeds a certain percentage, for example, 80%). And comparing the historical data, further analyzing the memory occupation trend of the node, identifying the memory use peak time period, and calculating the excessive occupation amplitude. The data comprises total memory usage, usage proportion, memory occupation peak value of each node and the like. And finally, comprehensively analyzing the use condition of the node memory by using a memory occupation measuring tool to obtain the excessive degree of memory occupation, and identifying a specific abnormal node.
Detecting the excessive degree occupied by an edge node CPU based on the encryption processing edge node abnormal data;
In the embodiment of the invention, similar to the memory occupation detection, in this step, the edge node in the encryption processing process is detected to an excessive degree of CPU occupation. And according to the obtained edge node abnormal data, combining the CPU performance monitoring data of each node, and identifying the node with abnormal CPU occupation. The operation steps are that a CPU monitoring tool of an edge computing platform is used, and whether the condition of overlarge CPU load exists or not is determined by collecting the CPU service condition of each node in real time and comparing the CPU service condition with a set threshold value (for example, the CPU occupies more than 90%). The process also comprises the steps of calculating the peak value, duration time and the like occupied by the CPU of the node, analyzing abnormal fluctuation occupied by the CPU in the encryption operation process, obtaining data of overlarge degree occupied by the CPU, and marking out the edge node with abnormality.
Counting the abnormal occupation overlapping distribution condition of the edge nodes by the excessive occupation degree of the CPU of the edge nodes and the excessive occupation degree of the memory of the edge nodes;
in the embodiment of the invention, the overlapping distribution condition of the edge node under the condition of overlarge memory and CPU occupation is calculated through statistics of the obtained data of overlarge memory occupation and CPU occupation. The method comprises the specific operation of combining data with overlarge memory occupation and overlarge CPU occupation, and carrying out cross statistics to obtain the occupation condition of the same node when the memory and the CPU are overlarge in load. And displaying the occupation overlapping condition of each node under different load states in a data visualization mode such as thermodynamic diagram or histogram. For example, if a certain node has a CPU utilization of over 90% when the memory footprint reaches 80%, then the two data points belong to an overlapping distribution. The statistics will help identify which nodes have memory and CPU occupancy anomalies at the same time.
Determining an edge node encryption operation pressure concentration trend based on the situation that the edge nodes occupy the overlapping distribution abnormally;
In the embodiment of the invention, the pressure concentration trend of the edge node encryption operation is determined by utilizing the overlapping distribution condition. By analyzing the abnormally occupied nodes and the corresponding resource use conditions, the excessive operation pressure of the nodes in the encryption processing process is identified, and in certain time periods, when the memory and the CPU of a plurality of nodes are excessively occupied, the encryption tasks of the nodes are concentrated. And (3) obtaining a pressure concentration trend of encryption operation by combining the use condition of node resources through an operation pressure evaluation tool, and analyzing whether the phenomenon of excessive accumulation of encryption tasks occurs in certain nodes to obtain pressure concentration trend data, wherein the pressure concentration trend data comprises concentration degree, duration time, node distribution and the like.
Detecting encryption scheduling unbalance conditions of the edge nodes according to the central pressure trend of the edge nodes;
In the embodiment of the invention, based on the obtained central trend of the encryption operation pressure of the edge node, the encryption scheduling unbalance detection process is entered, and the distribution condition of the encryption task is analyzed by monitoring a scheduling system of the edge computing platform. Specifically, it is checked whether or not the encryption tasks are uniformly distributed to the respective edge nodes, and nodes whose tasks are not uniformly distributed are identified. And judging whether the conditions that some nodes are overloaded and the nodes are lighter exist by analyzing the relation between the node loads and the task distribution. Encryption scheduling imbalance is generally represented by overload of resources of partial nodes, affecting the efficiency and stability of the whole system, outputting data of the encryption scheduling imbalance of edge nodes, and identifying nodes with uneven scheduling and corresponding task types.
And evaluating the gradient increasing trend of the edge node load according to the encryption scheduling unbalance condition of the edge node and the central trend of the encryption operation pressure of the edge node.
In the embodiment of the invention, the gradient increasing trend of the load of the edge node is estimated by combining the encryption scheduling unbalance data and the encryption operation pressure concentration trend data. Specifically, the encryption scheduling unbalance condition and the calculation pressure concentration trend are comprehensively analyzed, and the increasing speed and the increasing degree of the load gradient are calculated. And calculating the speed and the change trend of the load increase of the edge nodes through a data analysis tool, drawing a load increase curve, obtaining the gradient increase trend of the load of the edge nodes, reflecting how the encryption task is transferred and expanded among different nodes along with the time, and indicating the further aggravation of the load of future nodes.
Preferably, the dynamic degradation trend determination of the edge encryption element structure in step S3 includes:
identifying node encryption processing stability attenuation conditions according to the gradient increasing trend of the edge node load;
In the embodiment of the invention, the node encryption processing stability is evaluated according to the edge node load gradient increasing trend data obtained in the previous step. The operation process is that by analyzing the encryption processing load data of the edge node in different time periods, whether the encryption processing efficiency of the node is reduced under the condition of increasing the load is identified. The encryption processing stability detection tool is adopted, key parameters such as node encryption data throughput, delay, calculation time consumption and the like are monitored in real time, whether the processing time of an encryption task is increased in the load step-by-step growth process is recorded, and the correlation of load growth and encryption processing efficiency is calculated. When an increase in load is detected, the throughput of the encryption process decreases or the delay increases, and it is presumed that the stability of the node encryption process is decaying. And obtaining quantized data of node encryption processing stability attenuation through the parameters, wherein the quantized data comprise attenuation rate, influence threshold value, duration and the like.
Detecting the cache overflow risk increase degree of the edge node based on the stability attenuation condition of the edge encryption processing;
In the embodiment of the invention, the buffer overflow risk of the edge node is further detected by utilizing the obtained encryption processing stability attenuation data. In the implementation, the buffer monitoring tool is used for collecting the data such as the utilization rate, the residual space, the overflow times and the like of the buffer of each node by monitoring the memory and the buffer occupation condition of the edge node. When the encryption processing stability of the node is degraded, the cache processing capacity is affected, resulting in an increased risk of cache overflow. And calculating the increase degree of the overflow risk by setting a buffer overflow threshold and combining the change of the node encryption task. For example, when encryption processing delay increases and throughput decreases, the writing and reading speeds of the cache are limited, resulting in frequent overflow of the cache area. And according to the data, obtaining the specific degree of cache overflow risk increase, including the rate of risk increase, threshold breakthrough time point and the like.
Detecting an operation overload condition of the edge encryption element according to the increase degree of the overflow risk of the edge node and the stability attenuation condition of the node encryption processing;
In the embodiment of the invention, the buffer overflow risk data and the encryption processing stability attenuation data are combined to judge whether the node has an operation overload condition of an encryption element, and the increase degree of the buffer overflow risk, encryption processing delay, processing capacity and other factors are subjected to linkage analysis. By setting the load threshold of the encryption element, when the encryption processing stability of the node is reduced and the buffer overflow risk is increased, the running state of the encryption element is estimated in real time by using an overload detection algorithm. The load of the encryption element exceeds a set threshold, which indicates that the encryption element cannot effectively complete the encryption task under high load, and the node is overloaded. In the process, the monitoring system counts load data of each node, such as CPU, memory, hard disk I/O and the like, and comprehensively evaluates whether the encryption element of the node is overloaded. The output results are overload conditions of the encryption element, including overload node identification, overload duration, and overload severity.
Measuring the high-temperature operation state of the edge encryption element according to the operation overload condition of the edge encryption element;
According to the embodiment of the invention, according to the overload condition of the encryption element, the temperature state of the edge encryption element is monitored by using the temperature sensor and the thermal analysis tool, and the working temperature data of the edge encryption element, especially the temperature change condition when the working load is higher, is obtained by using the real-time temperature monitoring tool. When a node is in an operational overload of an encryption element, the element's temperature typically increases significantly. By continuously recording the temperature profile of the encryption element in the event of overload, it is detected whether the temperature exceeds a set safety threshold (for example 80 ℃). Once the threshold value is exceeded, the node can be judged to be in a high-temperature running state, whether the temperature of the element continuously rises or not is further evaluated, whether overheat risks exist or not is judged, and high-temperature running state data of the edge encryption element are obtained, wherein the high-temperature running state data comprise information such as a time period when the temperature exceeds the standard, temperature fluctuation amplitude and the like.
Detecting the heat effect accumulation condition of the encryption element according to the high-temperature operation state of the edge encryption element;
in the embodiment of the invention, when the edge encryption element is in a high-temperature running state, the heat effect accumulation condition of the encryption element is further evaluated. And recording the working time of the encryption element at high temperature by using a temperature sensor and a thermal effect simulation tool, and comparing the working time with historical temperature data. The process includes analysis of thermal cycling data of the cryptographic element, particularly the effects of frequent temperature changes and long exposure to high temperatures on the material (e.g., semiconductor, metal contacts, etc.) within the element. The influence of temperature fluctuation on the encryption element is calculated through a thermal effect simulation tool, and the problems of material degradation, internal circuit aging and the like caused by overheating are included. And according to the long-term high-temperature operation condition, the heat effect accumulation condition of the encryption element, such as heat fading, welding spot fatigue, chip aging and the like, is presumed, and heat effect accumulation data of the encryption element including the influence degree and duration of the heat effect are output.
Identifying a thermal aging condition of the semiconductor material of the encryption element based on the accumulation of thermal effects of the encryption element;
In the embodiment of the invention, the thermal aging condition of the semiconductor material in the encryption element is evaluated according to the accumulation condition of the thermal effect of the encryption element. The specific operation includes checking the semiconductor material of the encryption element by a material analysis tool to evaluate the change of the performance under the high temperature condition. The material analysis tool can identify signs of material aging, such as conductivity degradation, reduced high temperature resistance, and the like, by measuring electrical properties (such as conductivity, impedance, and the like) of the semiconductor material and combining thermal effect data. In addition, the microstructure changes of the semiconductor material, such as surface cracks, lattice defects, and the like, are inspected by using a Scanning Electron Microscope (SEM) or a physical analysis technique. From these analyses, the thermal aging conditions of the semiconductor material of the cryptographic element, including the extent of aging of the material, the point in time at which the signs of aging occur, and the specific cause of aging, were derived.
And determining the dynamic degradation trend of the structure of the edge encryption element according to the thermal ageing condition of the semiconductor material of the encryption element and the thermal effect accumulation condition of the encryption element.
In the embodiment of the invention, the thermal aging condition and the thermal effect accumulation data of the semiconductor material of the encryption element are combined, the dynamic degradation trend of the structure of the edge encryption element is estimated, and the degradation trend of the whole structure of the element is analyzed according to the thermal aging information of the semiconductor material and the thermal effect accumulation condition. For example, if the material ages significantly, it causes degradation of the electrical performance of the encryption element, affecting the processing capacity of the encryption task. By constructing a degradation model of the encryption element structure and combining historical operation data and thermal aging analysis, the degradation degree of the encryption element and the influence of the degradation degree on encryption processing in a future period of time are predicted, the dynamic degradation trend of the edge encryption element structure is obtained, and information including degradation rate, expected service life, time point required to be replaced and the like is output.
Of particular importance, encryption element semiconductor material thermal aging condition identification includes:
detecting the conductivity drop condition of the encryption element according to the heat effect accumulation condition of the encryption element;
In the embodiment of the invention, the conductivity drop condition of the encryption element is detected according to the thermal effect accumulation condition of the encryption element. In a specific operation process, the monitoring system needs to track the working temperature of the encryption element in real time and calculate the cumulative value of the thermal effect by combining the temperature data acquired by the temperature sensor. The cumulative thermal effect value reflects the cumulative thermal effect of the cryptographic element during long-term operation, and the conductivity of the material gradually decreases as the temperature increases. The conductivity of the cryptographic element can be accurately determined using a conductivity measuring instrument. And comparing the real-time conductivity data with the equipment history record, analyzing the descending trend of the conductivity, thereby determining the change degree of the conductivity, and carrying out correlation analysis with the accumulation condition of the thermal effect to obtain a specific value of the descending of the conductivity.
Determining an increase in current consumption of the cryptographic element based on a decrease in conductivity of the cryptographic element;
In the embodiment of the invention, the current loss increase condition of the encryption element is further determined based on the encryption element conductivity decrease data obtained in the previous step. The decrease in conductivity of the cryptographic element directly affects its efficiency in current flow, and therefore the decrease in conductivity results in an increase in current loss. In order to detect the increase of the current loss, it is necessary to monitor the current condition of the encryption element in real time by a current detecting instrument or a current sensor and calculate the change of the current loss in combination with the conductivity data. By comparing current loss data over different time periods, a trend in loss increase is identified. The extent to which the current loss increases is determined by analyzing the inverse relationship between current and conductivity, and as conductivity decreases, the current loss increases. The rate of loss is further quantified based on the increase data of the current loss, and an increase trend of the current loss is generated.
Identifying a tendency of an internal circuit short circuit of the encryption element based on an increase in current loss of the encryption element;
In the embodiment of the invention, the identification of the short circuit trend of the internal circuit of the encryption element is performed according to the current loss increase condition obtained in the step. The rapid increase in current loss is often due to anomalies in the internal circuitry of the encryption element, including the occurrence of short circuits. By installing the current sensor and the temperature sensor at key circuit points of the encryption element, current fluctuation and temperature change of the encryption element under different working conditions are monitored. Particularly in the case of a significant increase in current loss, abnormal fluctuations in current and sharp increases in temperature tend to be precursors to short circuits. By setting a threshold value, when the real-time detection current exceeds a normal range, whether the current is caused by short circuit or not is judged. Based on the combined change of the current and the temperature, the health state of the internal circuit is further estimated, the short circuit trend is identified, and the potential short circuit problem of the circuit is pre-warned.
Predicting the internal thermal growth negative feedback effect of the encryption element based on the internal circuit short-circuit trend of the encryption element;
In the embodiment of the invention, based on the short-circuit trend of the internal circuit of the encryption element, the negative feedback effect of the internal thermal growth of the encryption element is predicted. The short circuit tends to cause a sudden increase in the local temperature of the encryption element, and this heat build-up creates a negative feedback effect that further exacerbates conductivity degradation, loss increase, and thermal degradation of the device. In order to accurately predict the negative feedback effect of such thermal growth, it is first necessary to monitor the temperature change of the short-circuit point and the surrounding area by a thermal analysis instrument while recording the temperature data of each part of the encryption element by using a thermal sensor. By combining the current and temperature data, the rate of heat accumulation is predicted and a calculation is made as to how the thermal effect due to the short circuit affects the overall heat distribution and electrical performance of the device. From this predicted data, it can be predicted how the temperature increases stepwise after the occurrence of a short circuit, and further affects the element performance and lifetime.
And identifying the thermal aging condition of the semiconductor material of the encryption element according to the internal thermal growth negative feedback effect of the encryption element and the short circuit trend of the internal circuit of the encryption element.
In the embodiment of the invention, the thermal aging condition of the semiconductor material of the encryption element is further identified according to the thermal growth negative feedback effect and the circuit short-circuit trend of the encryption element. During long-term operation of the cryptographic element, shorting and heat build-up can lead to degradation of the semiconductor material inside the cryptographic element. As the material thermally ages, the conductivity, structural stability, and overall performance of the semiconductor gradually decrease, thereby affecting the operating efficiency and lifetime of the cryptographic element. The conductivity change of the semiconductor material is monitored by using conductivity detection equipment by combining data of a thermal growth negative feedback effect and a current short circuit trend, so that whether the material is aged or not is further judged. For the identification of thermal aging, the extent and tendency of thermal aging is identified by measuring the change in resistivity, the decrease in carrier mobility, and the structural damage of the material of the semiconductor material. By comparing the data at different time points, the thermal aging condition of the semiconductor material of the encryption element is obtained, wherein the thermal aging condition comprises the reduction degree of the conductivity and the degradation degree of the material performance.
Preferably, step S4 comprises the steps of:
S41, detecting the gradient increase condition of the encryption resource loss according to the dynamic degradation trend of the edge encryption element structure;
In the embodiment of the invention, the loss of the encryption resource is detected and analyzed by combining the obtained dynamic degradation trend data of the edge encryption element structure. In the implementation process, the operation data of the encryption element is obtained through the real-time monitoring system, including the use condition of resources (such as CPU, memory, hard disk I/O and the like) in the encryption processing process. The consumption rate of resources tends to be exacerbated as the structure of the edge encryption element deteriorates. Therefore, by establishing the encryption element resource consumption monitoring system, the gradient increasing trend of the resource consumption is identified by comparing the resource consumption data in different time periods. Specifically, the monitoring tool is able to record and analyze changes in the computing resources (e.g., CPU utilization, memory usage, and storage space consumption) consumed by the encryption element as the load and number of encryption tasks increase. By comparing the historical data with the current monitoring data, the increase rate of the loss of the encrypted resource is obtained, wherein the increase rate comprises the loss rate, the increase amplitude of the resource consumption and the like.
Step S42, detecting response delay conditions of the encryption edge nodes according to the gradient increase condition of the encryption resource loss;
In the embodiment of the invention, the response delay condition of the encryption edge node is further monitored according to the gradient increase condition of the encryption resource loss. In the specific implementation process, the response delay of the encryption edge node when processing data is monitored by measuring the response time of the encryption task in real time. As encryption resources are lost and the encryption element structure is degraded, the response delay tends to increase. The monitoring system can record the response time of each encryption node in real time, and analyze the influence of the encryption resource loss on the response delay by combining the processing load of the encryption task. For example, when the computing power of the encryption element is degraded, the encryption processing time is significantly increased, resulting in an increase in the response delay of the edge node. And comparing the response delay data at different time points, detecting the relation between the encryption resource loss and the response delay, and obtaining the response delay status data of the encryption edge node, wherein the response delay status data comprises the change trend of delay and specific values of response time.
Step S43, evaluating the encryption risk trend of the edge node data based on the response delay condition of the encryption edge node;
In the embodiment of the invention, the obtained response delay data of the encrypted edge node is combined to further evaluate the risk trend of the edge node data encryption. The method specifically comprises the step of evaluating risks in the encryption process of the edge node data by combining response delay conditions of the encryption edge node with factors such as the encryption task quantity of the node, the data security requirements and the like. For example, the response delay increases to cause data flow lag in the encryption process, and the real-time performance of the encrypted data is affected, so that risks of data leakage, data loss and the like are increased. The evaluation process needs to use a risk analysis algorithm to compare response delay data with historical data, and the risk growth trend faced by the data encryption process is identified under different delay conditions. And obtaining an encryption risk trend of the edge node by calculating the relation between the response delay and risks such as data loss and leakage, and outputting data of the risk trend, wherein the data comprise risk acceleration and key nodes.
And S44, performing data encryption policy optimization according to the edge node data encryption risk trend and the encryption edge node response delay condition to obtain data encryption policy optimization data.
In the embodiment of the invention, the data encryption strategy is further optimized according to the obtained encryption risk trend of the edge node data and the response delay data of the encryption edge node in the step S4.2. In the process, the existing data encryption strategy needs to be analyzed, and weak links in the strategy are identified by combining response delay and encryption risk trend of the current edge node. For example, if the response delay of the edge node is large, the complexity of the encryption algorithm needs to be adjusted, or the load of the node is reduced by introducing a lightweight encryption algorithm, so that the delay and the risk in the encryption process are reduced. Meanwhile, the resource allocation in the encryption strategy is optimized according to the condition of gradient increase of the encryption resource loss, the optimized data encryption strategy is generated by adjusting parameters of an encryption algorithm, the length of an encryption key, a concurrent processing mode and the like in the data encryption strategy optimizing process, and optimized strategy data including adjustment content of the strategy and expected encryption performance improvement are output.
Of particular importance, step S41 comprises the steps of:
Step S411, detecting the power consumption stability attenuation condition according to the dynamic degradation trend of the edge encryption element structure;
In the embodiment of the invention, the power consumption stability attenuation condition is detected according to the dynamic degradation trend of the structure of the edge encryption element. In a specific operation process, firstly, the structural condition of the encryption element needs to be monitored for a long time, and the performance change data of the encryption element at different time points is recorded. And the structural health monitoring system is used for acquiring the operating parameters of the encryption element, including temperature, load, current and other information, in real time by combining a temperature sensor, a strain sensor and a current sensor. By analyzing these data, a numerical method (such as a fitting algorithm or regression analysis) is used to model the relationship between power consumption and structural degradation. On the basis of the power consumption data, the power consumption stability of the encryption element is determined whether the attenuation trend exists or not by comparing the power consumption data regularly. When the structure of the encryption element deteriorates, the power consumption tends to exhibit an unstable increase. Accordingly, fluctuations in power consumption and a continuous trend of increase are monitored, thereby identifying the influence of structural deterioration on the power consumption stability.
Step S412, detecting the decrease trend of the element energy efficiency ratio based on the power consumption stability decay condition;
In the embodiment of the invention, the energy efficiency ratio decline trend of the element is detected based on the power consumption stability attenuation condition. Based on the power consumption data obtained in step S411, the energy efficiency ratio of the element is further calculated by monitoring the relationship between the input power and the output encryption processing capability of the element in real time. The energy efficiency ratio indicates the encryption processing amount that can be completed per unit power consumption. An increase in power consumption may result in a decrease in energy efficiency ratio due to degradation of the encryption element. In particular, the change in the energy efficiency ratio is calculated by periodically collecting the input power and output data of the elements, and the processing power (e.g., encryption speed, decryption speed, etc.) of the encryption elements. And analyzing whether the energy efficiency ratio data in different time periods is in a descending trend or not by comparing the energy efficiency ratio data in different time periods for a plurality of times. If the energy efficiency ratio is continuously reduced, it is indicated that the energy efficiency of the encryption element is being affected by structural degradation or factors, so that a trend of reducing the energy efficiency ratio is formed.
Step S413, determining the power consumption increase condition of the encryption element according to the element energy efficiency ratio decrease trend and the power consumption stability decay condition;
In the embodiment of the invention, the power consumption increase condition of the encryption element is determined according to the element energy efficiency ratio decrease trend and the power consumption stability attenuation condition. A decrease in the energy efficiency ratio indicates a decrease in the amount of encryption tasks that the element performs per unit time, requiring more power to maintain the same throughput. And calculating the descending amplitude of the energy efficiency ratio and combining the fluctuation data of the power consumption to obtain the power consumption increasing condition of the encryption element under different working states. And the power consumption data obtained in real time by the monitoring system is combined with the change of the energy efficiency ratio and the change of the power consumption, so that the increase rate of the power consumption of the encryption element is calculated. In this process, by comparing the power consumption data of the encryption element in a plurality of operation cycles, a correlation between the power consumption and the energy efficiency ratio is identified, and it is determined whether the power consumption thereof increases with time. If the power consumption shows a trend of continuously increasing, it is judged that there is a significant increase in the power consumption of the encryption element.
Step S414, detecting encryption resource loss gradient increase condition based on encryption element power consumption increase condition.
In the embodiment of the invention, the loss gradient growth condition of the encryption resource is detected based on the power consumption growth condition of the encryption element. The consumption of the encryption resource is closely related to the power consumption of the encryption element, and as the power consumption of the encryption element increases, the consumption rate of the resource also accelerates. In order to detect the loss gradient of the encryption resource, it is necessary to monitor the power consumption change of the encryption element in real time, and analyze the relationship between the encryption element and the power consumption in combination with the use condition of the encryption resource, such as the number of processing tasks, the data encryption amount, etc. And (3) recording the resource consumption condition of each encryption task in real time through a high-precision resource monitoring system, and comparing and analyzing the resource consumption condition with the power consumption data. If the power consumption is increased, the gradient of the resource consumption is also obviously increased, which means that the efficiency of the resource consumption of the encryption element is reduced when the encryption task is processed, and the gradient of the loss shows a growing trend. By means of the method, the increasing trend of the loss of the encryption resources is accurately identified, and corresponding measures are timely taken to optimize the use efficiency of the encryption resources.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.