CN114710288B - Network switch security monitoring method, device and medium based on artificial intelligence - Google Patents
Network switch security monitoring method, device and medium based on artificial intelligence Download PDFInfo
- Publication number
- CN114710288B CN114710288B CN202210421831.0A CN202210421831A CN114710288B CN 114710288 B CN114710288 B CN 114710288B CN 202210421831 A CN202210421831 A CN 202210421831A CN 114710288 B CN114710288 B CN 114710288B
- Authority
- CN
- China
- Prior art keywords
- task
- tasks
- resources
- priority
- queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/625—Queue scheduling characterised by scheduling criteria for service slots or service orders
- H04L47/6275—Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a network switch safety monitoring method based on artificial intelligence, which comprises the steps of receiving tasks sent by a client, analyzing the tasks to obtain analysis results, generating an initial task queue, distributing system resources to the tasks in the initial task queue according to a user-defined distribution algorithm to obtain resource distribution results, distributing the tasks in the initial task queue to a distributed task queue and an undelived task queue, dynamically distributing priorities to the tasks in the undelived task queue and a newly-added task according to preset rules, optimizing the tasks in the undelived task queue and the newly-added task according to the priorities to obtain an optimized task queue, sequentially executing tasks with highest priorities in the optimized task queue according to the priorities to obtain task execution results, and carrying out corresponding operations according to the task execution results.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a network switch safety monitoring method, device and medium based on artificial intelligence.
Background
Artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is a technology that simulates, extends, and expands human intelligence using a digital computer or a machine controlled by a digital computer, collects information, acquires knowledge, and processes the collected information with the learned knowledge to obtain an optimal result.
With the popularization of the internet, network switches are widely used. In the process of transmitting data through a network switch, if the data is not strictly encrypted, the data may be leaked, which causes potential safety hazard.
When a plurality of terminals all send task information to a network switch to request the network switch to process, due to limited resources of the network switch, all tasks cannot be processed timely at the same time, so that the tasks sent by the terminals are delayed easily, and the load of the network switch is unbalanced.
Therefore, on the basis of ensuring the data security of the network switch, the task received by the network switch is ensured to be processed in time.
Disclosure of Invention
In view of the above, the invention provides a network switch safety monitoring method, device and medium based on artificial intelligence, which not only can ensure the data safety of the network switch, but also can ensure that the task received by the network switch is processed in time.
To solve the technical problems:
in a first aspect, the present invention provides a network switch security monitoring method based on artificial intelligence, for a network switch, comprising the steps of:
Receiving task information sent by a client, analyzing any received task information to obtain a corresponding analysis result, and generating an initial task queue according to the analysis result;
distributing the resources of the network switch to the tasks of the initial task queue according to a self-defined distribution algorithm, and obtaining a resource distribution result of the tasks of the initial task queue according to the distribution condition of the resources after the resources are distributed;
and according to the resource allocation result, the corresponding tasks of the initial task queues are allocated to the distributed task queues and the non-distributed task queues;
Adding the newly added task into the task queue which is not distributed, dynamically distributing the priority to the task of the task queue which is not distributed according to a preset rule, and optimizing the task of the task queue which is not distributed according to the priority to obtain an optimized task queue;
The priority of a task to be executed is the ratio of the resources required to be consumed by the task to the sum of the resources required to be consumed by all the tasks to be executed;
the newly added task is a task sent by a client which is received by the network switch in real time;
Executing the tasks in the optimized task queue according to the order of priority from high to low to obtain the execution result of the tasks;
And performing corresponding operation according to the execution result of the task.
Preferably, the analyzing the received any one task information to obtain a corresponding analysis result specifically includes:
Receiving task information sent by a client;
Analyzing the received task information to obtain first encrypted data and encrypted task data in a request head of the task information;
Decrypting the first encrypted data by using an RSA private key to obtain an AES key;
And decrypting the encrypted task data by using the AES key to obtain decrypted task data.
By the technical scheme, task data sent by the client are encrypted by the AES key and encrypted by the RSA public key, and the security of data transmission is improved and the leakage of the task data is avoided by the double encryption technology.
Preferably, the generating an initial task queue according to the analysis result includes:
the decrypted task data is analyzed to obtain the task to be executed;
all tasks to be executed obtained through analysis form a task queue, and the priority of each task to be executed in the task queue is calculated;
after determining the priority of each task to be executed, arranging all the tasks to be executed into an initial task queue according to the priority of the tasks from high to low;
The analysis result comprises first encrypted data, encrypted task data and decrypted task data.
Through the technical scheme, after the task information is received, the received task information is analyzed, and decrypted task data are obtained. And analyzing all the received task information to obtain decrypted task data. Wherein the decrypted task data includes the type of resource required to perform the task and the amount of resource required.
And adding all the tasks obtained by analysis into a task queue to be processed, and calculating the ratio of the amount of resources required to be consumed by each task to the amount of resources required to be consumed by all the tasks so as to determine the priority of each task.
And sequencing the tasks to be processed according to the priority from high to low, thereby generating an initial task queue. Tasks in the initial task team are arranged from high to low according to the priority, so that the tasks can be conveniently executed according to the high-low order of the priority.
Preferably, the allocated resources of any task in the distributed task queue meet the execution requirement of the task.
Through the technical scheme, the tasks in the initial task queue are allocated with resources according to the self-defined allocation algorithm. Wherein a portion of the tasks are allocated sufficient resources to meet the task execution needs. Such tasks are included in a distributed task queue. The tasks in the distributed task queues are distributed with enough resources and can be executed in time, so that timely response to task information sent by the client is realized.
Preferably, the tasks in the non-distributed task queues are not allocated resources or the allocated resources do not meet the execution requirements of the tasks.
By the technical scheme, when the tasks in the initial task queue are not allocated with resources or the allocated resources cannot meet the task execution requirement, the tasks are classified into the non-distributed task queues. Tasks in the undispensed task queue have relatively low priority, are not allocated with enough resources, cannot be timely executed, and are properly delayed. Because the task priority in the undispensed task queue is relatively low, execution is not urgent, and proper delay does not cause system failure.
Preferably, the custom allocation algorithm includes:
For any one task, determining the priority of the task in an initial task queue;
Distributing the resources to the tasks in the initial task queue according to the priority of the tasks and the demand of the tasks for the resources;
Comparing the amount of the resources allocated to one task with the demand of the tasks for the resources to judge whether the resources allocated to the task meet the demand;
If the amount of the resources allocated to one task cannot meet the requirement of the task on the resources, updating the resources allocated to the task according to the priority of the task and the requirement of the task on the resources;
if the amount of resources allocated to a task meets the task's demand for resources, the resources allocated to the task are not updated.
Through the technical scheme, the resources are allocated according to the priorities of the tasks and the requirements of the tasks on the resources, so that the tasks with higher priorities can be divided into the resources meeting the requirements of the tasks, the tasks are executed in time, and the timeliness of the response to the tasks of the client is improved.
After the tasks are allocated with system resources, the amount of the resources required by the tasks and the amount of the resources allocated by the tasks are compared to determine whether the tasks are allocated with the resources meeting the requirements of the tasks, and the tasks are correspondingly adjusted, so that the tasks can be timely executed, the timeliness of the response of the network switch to the task information sent by the client is improved, and certain tasks are prevented from being longer.
Preferably, the tasks with the priority being dynamically allocated to the non-distributed task queues according to preset rules, specifically, the priorities of the tasks are updated according to the amount of resources required to be consumed for executing one task, the amount of resources which are still lack of the tasks after the tasks are allocated with the resources, and the queuing time T of the tasks in the non-distributed task queues.
According to the technical scheme, the comprehensive evaluation of the task is realized by comprehensively considering the amount of resources required for executing one task, the amount of resources which are still lack for executing the task and the queuing time T of the task in the task queue which is not distributed, so that reasonable priority is given to one task, and the task can be executed in time under the condition of considering the allocation of the resources.
Preferably, the performing a corresponding operation according to the task execution result includes the steps of:
judging whether the task is executed according to the task execution result;
If the task is executed, sending a task execution result to a client to respond to task information sent by the client;
if the task executes the interrupt, the task executed by the interrupt is put into the non-distributed task queue to carry out the next resource allocation.
Through the technical scheme, when the task is executed, the task execution result is timely sent to the corresponding client, so that timely response to the task execution is realized. When the task execution is interrupted, the task which is interrupted to be executed is put into the task queue which is not distributed, and resources are redistributed as the task which is not executed. And according to whether the task is executed, corresponding operation is adopted, so that the task can be timely processed.
In a second aspect, an artificial intelligence based network switch security monitoring device includes:
The initial task queue generating module is used for receiving task information sent by the client, analyzing any received task information to obtain a corresponding analysis result, and generating an initial task queue according to the analysis result;
The task resource allocation module is used for allocating resources to the tasks of the initial task queue according to a user-defined allocation algorithm, and obtaining a resource allocation result of the tasks of the initial task queue according to the resource allocation condition after the resources are allocated;
and according to the resource allocation result, the corresponding tasks of the initial task queues are allocated to the distributed task queues and the non-distributed task queues;
The dynamic allocation priority module is used for adding the newly added task into the undispensed task queue, dynamically allocating the priority to the task of the undispensed task queue according to a preset rule, and optimizing the task of the undispensed task queue according to the priority to obtain an optimized task queue;
the task execution module is used for executing the tasks in the optimized task queue according to the order of priority from high to low to obtain the execution result of the tasks;
and the task execution result judging module is used for carrying out corresponding operation according to the execution result of the task.
In a third aspect, the present invention provides a storage medium having stored therein program instructions which, when executed, are configured to implement the artificial intelligence based network switch security monitoring method of the first aspect.
The technical scheme of the invention has the following beneficial effects:
(1) According to the network switch safety monitoring method based on artificial intelligence, the data between the client and the network switch is encrypted through the RSA public key and the AES secret key, so that the safety of data interaction between the client and the network switch is improved, and data leakage is avoided.
(2) According to the network switch safety monitoring method based on artificial intelligence, resources are dynamically allocated to tasks sent by clients according to the custom allocation algorithm so that the load of the network switch is balanced, the tasks sent by all clients can be processed in reasonable time, and the tasks are prevented from being delayed in a transitional mode.
The network switch safety monitoring method based on artificial intelligence can effectively ensure data safety, dynamically allocate resources according to the priority of tasks, ensure that the network switch is in charge of keeping balance, and reduce the safety risk of the network switch in the running process.
Drawings
FIG. 1 is a flow chart of an artificial intelligence based network switch security monitoring method of the present invention;
FIG. 2 is a flow chart of the invention for analyzing any received task to obtain analysis results;
FIG. 3 is a flow chart of generating an initial task queue according to the parsing result of the present invention;
FIG. 4 is a flow chart of the custom allocation algorithm of the present invention;
FIG. 5 is a flow chart of the present invention for performing a corresponding operation according to the task execution result.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to fig. 1 to 5 of the embodiments of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which are obtained by a person skilled in the art based on the described embodiments of the invention, fall within the scope of protection of the invention.
In the actual use process, the network switch generally faces two security risks, namely, the risk of information leakage caused by imperfect encryption measures on one hand, and the unbalanced load of the network switch caused by the fact that the task received by the network switch cannot be processed in time on the other hand. Therefore, on the basis of guaranteeing the data security of the network switch, the task information sent by the client side received by the network switch is processed in time, so that the load of the network switch is kept balanced and reliable, and the technical problem to be solved is urgent.
Before sending task data to the network switch, the client encrypts the task data to be sent to the network switch according to an encryption algorithm (RSA encryption and AES encryption) so as to ensure the safety of the task data. The specific process is as follows:
The network switch generates an AES key using a key generation tool. The key generation tool keytool, keytool is a key and certificate management tool, keytool is used to generate an AES key and encrypt task data to be transmitted using the AES key. Since the AES algorithm is a well-known technique, the present solution is not described in detail.
Generating an RSA public key according to an RSA algorithm, encrypting the AES key by using the RSA public key so as to obtain first encrypted data, and placing the first encrypted data into a request head of task data so as to generate task information.
Since the RSA algorithm is a well-known technique, the encryption process will not be described in detail in this scheme. The request header may be an http request header, the http protocol is a hypertext transfer protocol, and is an application layer protocol for transferring a hypermedia document, and at the same time, since the http protocol is a stateless protocol, no data is reserved between the client and the network switch. To this end, the client may send the task information to the network switch.
The encryption mode also considers the performance problem of the network switch system on the premise of considering the task data security, and because the RSA algorithm has low operation speed when encrypting the data, the RSA algorithm directly encrypts all the task data to be transmitted, which can lead to slow network communication and reduced data transmission speed. As the AES operation speed in the symmetric key cryptosystem is high and the security is high, the AES key is used for encrypting the transmitted task data, so that the transmission efficiency of the task data can be effectively improved.
In this embodiment, the client may be a mobile phone or a computer.
After receiving the task information sent by the client, the network switch performs processing according to the following method.
Referring to fig. 1 and 2, an artificial intelligence based network switch security monitoring method for a network switch, comprising the steps of:
Step S1, a network switch receives task information sent by a client, analyzes any received task information to obtain a corresponding analysis result, and generates an initial task queue according to the analysis result.
Wherein, any received task information is analyzed to obtain a corresponding analysis result, the method comprises the following steps:
Step S11, the network switch receives the task information sent by the client.
And step S12, the network switch analyzes the received task information to obtain first encrypted data and encrypted task data in a request head of the task information.
And S13, the network switch decrypts the first encrypted data by using the RSA private key to obtain the AES key.
And S14, the network switch decrypts the encrypted task data by using the AES key to obtain decrypted task data.
Referring to fig. 3, the generating an initial task queue according to the analysis result includes:
and S15, analyzing the decrypted task data to obtain the task to be executed.
And S16, forming a task queue by all the tasks to be executed obtained through analysis, and calculating the priority of each task to be executed in the task queue.
And S17, after determining the priority of each task to be executed, arranging all the tasks to be executed into an initial task queue according to the priority of the tasks from high to low.
The analysis result comprises first encrypted data, encrypted task data and decrypted task data.
The priority of a task to be executed is the ratio of the resources required to be consumed by the task to the sum of the resources required to be consumed by all the tasks to be executed.
The larger the corresponding ratio of a task, the higher the priority of the task. The higher the priority of a task, the more resources that need to be consumed in executing the task, and the more threads the task is allocated when being executed.
And adding all the tasks to be executed into a task queue to be processed in sequence according to the order of the priorities of the tasks from high to low, so as to generate the initial task queue.
In one embodiment, the network switch receives a plurality of tasks to be processed simultaneously, and sorts the plurality of tasks to be processed according to the priority, so as to generate an initial task queue. After analyzing the task information and acquiring decrypted task data, the network switch sends response information to the client side sending the task information so as to inform the client side that the task information reaches the network switch.
After the client sends the task information to the network switch, in order to ensure that the processing result of the task can be successfully obtained, a heartbeat request is sent to the network switch according to a preset period to obtain heartbeat information, and whether communication connection with the network switch is maintained is judged based on the heartbeat information.
If the client and the network switch keep in communication connection, the client continues to send a heartbeat request to the network switch according to a preset period to acquire heartbeat information.
If communication between the client and the network switch is interrupted, the client sends a TCP connection request to the network switch to reestablish the communication connection between the client and the network switch.
In one embodiment, the heartbeat information is a fixed information sent to the network switch at fixed time intervals according to a preset code script, for example, the network switch sends a query message (for example, may be a number 1) once every one minute (the preset period is 1 minute), and the network switch replies a preset response message (for example, may be a number 1) after receiving the query message. If the client side does not receive the response information replied by the network switch within one minute, the network switch and the client side are not in communication connection.
And step S2, distributing the resources to the tasks of the initial task queue according to a self-defined distribution algorithm, and obtaining a resource distribution result of the tasks of the initial task queue according to the resource distribution condition after the resources are distributed.
And according to the resource allocation result, the corresponding tasks of the initial task queues are allocated to the distributed task queues and the non-distributed task queues.
Any task in the distributed task queue is distributed with resources meeting the execution requirement of the task. For example, the CPU resource required by one task is 10 copies, the task is allocated with 10 copies of the CPU resource, and then the CPU resource obtained by the task satisfies the task execution requirement, and the task is allocated to the distributed task queue.
The tasks in the non-distributed task queues are not allocated resources or the allocated resources do not meet the execution needs of the tasks. For example, the CPU resource required by one task is 10 copies, the task is allocated 5 copies of the CPU resource, and then the CPU resource obtained by the task cannot meet the task execution requirement, and the task is allocated to the non-distributed task queue.
Referring to fig. 4, the custom allocation algorithm includes:
and S21, for any task, determining the priority of the task in the initial task queue.
And S22, distributing the resources of the network switch to the tasks in the initial task queue according to the priorities of the tasks and the demand of the tasks for the resources.
And S23, comparing the amount of the resources allocated to one task with the demand of the tasks for the resources to judge whether the resources allocated to the task meet the demand.
Step S24, if the amount of the allocated resources of one task cannot meet the requirement of the task on the resources, updating the resources allocated to the task according to the priority of the task and the requirement of the task on the resources.
Step S25, if the amount of the resources allocated to one task can meet the requirement of the task on the resources, the resources allocated to the task are not updated.
In one embodiment, the resource is a CPU resource of the network switch, and the CPU resource is allocated to a task of the initial task queue according to a custom allocation algorithm. Examples of allocation of resources according to the custom allocation algorithm are as follows.
For example, there are five tasks to be executed in the initial task queue, the demands of the five tasks to be executed on CPU resources are 1,2, 4 and 14, respectively, and the priorities of the five tasks to be executed are 2, 3.5, 3, 0.5 and 1, respectively.
And carrying out standardized processing on the priorities of the five tasks to be executed, namely setting the minimum priority to be 1, and updating the priorities of the other tasks to be executed according to the same proportion, wherein the priorities of the five tasks to be executed are correspondingly updated to be 4, 7, 6, 1 and 2.
For the updated priorities of the five tasks to be executed, the sum of the priorities of the five tasks is calculated to be 20. In this embodiment, the priority and the resource allocation are directly proportional to each other, and the CPU resources of the network switch are equally divided into 20 parts corresponding to the sum of the priorities being 20, and the five tasks respectively obtain 4, 7, 6, 1, and 2 parts of CPU resources.
The demands of the five tasks on CPU resources are 1, 2, 4 and 14 parts respectively. The first task has a demand for 1 part of CPU resources, 4 parts of allocated CPU resources, and the first task obtains 3 parts of CPU resources. Similarly, the second task requires 2 parts of CPU resources, 7 parts of allocated CPU resources, and 5 parts of CPU resources are obtained by the second task. The third task has a demand for 2 parts of CPU resources, 6 parts of allocated CPU resources, and 4 parts of CPU resources are obtained in the third task. Thus, the first task, the second task, and the third task total 12 CPU resources.
The fourth task has a 4-part demand for CPU resources, 1 part CPU resource is allocated, and the fourth task lacks 3 parts CPU resources. The fifth task requires 14 parts of CPU resources, the allocated CPU resources are 2 parts, and the fourth task lacks 12 parts of CPU resources.
The fourth task lacks 3 parts of CPU resources, and the fifth task lacks 12 parts of CPU resources. The corresponding priority of the fourth task is 1 and the corresponding priority of the fifth task is 2. And (3) uniformly distributing the 12 obtained system CPU resources according to the priorities of the fourth task and the fifth task, wherein when the 12 obtained system CPU resources are distributed, the CPU resources distributed by the fourth task are 12x 1/(1+2) =4 parts, and the CPU resources distributed by the fifth task are 12x 2/(1+2) =8 parts.
The fourth task lacks 3 parts of CPU resources before the CPU resources are not reallocated. 4 CPU resources are allocated again for the fourth task, and therefore, the fourth task is additionally allocated 1 CPU resource more.
The fifth lack of 12 parts of system resources before the CPU resources are not reallocated. 8 CPU resources are allocated again for the fifth task, which lacks 4 CPU resources. And transferring 1 CPU resource allocated by the fourth task to the fifth task to complete the allocation process of the CPU resource.
In one embodiment, after the allocation of CPU resources, the first task, the second task, the third task, and the fourth task each acquire the required system resources. The CPU resource allocated to the fifth task does not meet the requirement of task execution, and the required system resource is not completely obtained. The first task, the second task, the third task and the fourth task are belonged to the distributed task queue, and the fifth task is belonged to the non-distributed task queue.
And step S3, adding the newly added task into the task queue which is not distributed, dynamically distributing the priority to the task of the task queue which is not distributed according to a preset rule, and optimizing the task of the task queue which is not distributed according to the priority to obtain an optimized task queue.
And for the tasks in the undispensed task queues, determining the priorities of the tasks in the undispensed task queues according to a priority determining rule, and reordering the tasks according to the order of the priorities from high to low to obtain new task queues, namely the optimized task queues.
Thus, the priority of the task in the undelivered task queue, i.e. the priority of the task in the optimized task queue, is re-determined.
The newly added task is a task sent by a client which is received by the network switch in real time.
In one embodiment, since the tasks in the non-distributed task queue are not allocated with CPU resources meeting the demands thereof, the tasks cannot be processed by the CPU, and with the increase of the number of newly added tasks, there are the following problems:
If the priority of a task in one of the undispensed task queues is low, the task may not have access to the CPU resources it needs and may be in the undispensed task queue for a longer period of time.
Therefore, the priorities of the tasks in the non-distributed task queues need to be dynamically allocated, so that the tasks in the non-distributed task queues can timely acquire the CPU resources required by the tasks, and the tasks in the non-distributed task queues are prevented from being delayed for a long time. Therefore, the tasks in the non-distributed task queues and the newly added tasks need to be dynamically assigned with priorities according to preset rules.
The tasks with the priorities dynamically allocated to the non-distributed task queues according to the preset rules are specifically:
The priority of a task is updated according to the amount of resources that need to be consumed to execute the task, the amount of resources that the task still lacks after being allocated resources, and the queuing time T of the task in the undispensed task queue.
In one embodiment, the preset rule is to dynamically update the priority of the corresponding task in the undispensed task queue according to the amount A of resources required to be consumed for executing one task, the amount B of resources which are still lacking by the corresponding task after being allocated with resources, and the queuing time T of the corresponding task in the undispensed task queue. Specifically, the following formula (1) and formula (2) are referred to.
(1);
Wherein, And dynamically distributing the priority obtained after the i-th task in the non-distributed task queue is distributed along with the queuing time T.
Where Ai is the amount of resources that the ith task in the undispensed task queue needs to consume.
Wherein, And the total amount of resources required to be consumed for all tasks in the non-distributed task queue.
Bi is the amount of resources missing from the ith task in the undispensed task queue.
Wherein, And the amount of resources missing for all tasks in the undispensed task queue.
Wherein, The smaller the amount of the resources which are lack by the ith task in the undelivered task queue is, the higher the corresponding priority is;
the larger the queuing time T, the larger the Mi value, and the longer the queuing time of a task, the higher the assigned priority of the task.
In one embodiment, the non-distributed task queue is taken as a whole, and the non-distributed task queue and the newly added task participate in the allocation of the resource, so that the priority G of the whole queue of the non-distributed task queue is calculated, and the priority G of the whole queue meets the following formula (2).
(2);
Where N represents the total number of tasks in the undispensed task queue.
Equation (2) shows that as the number of tasks in the undispensed task queue increases, the overall queue priority increases, resulting in an increase in timeWhich in turn causes the overall queue to gradually increase in priority.
With the increase of the priority of the whole queue and the increase of the priority of the tasks in the non-distributed queue, the tasks in the non-distributed queue are preferentially allocated with the needed system resources, so that the task waiting time in the non-distributed queue is prevented from being seriously delayed.
For example, if the total number of tasks in the non-distributed queue is 3 at the current time, and the priorities of the 3 tasks are 1,2, and 3, respectively, as calculated according to the above formula (2), the priority of the entire queue of the non-distributed task queue is 6 at this time.
The priorities of the 3 newly added tasks are 3, 5 and 0.5 respectively. And adding the 3 newly added tasks into the non-distributed task queue, and uniformly distributing resources.
And distributing CPU resources to the tasks according to a self-defined distribution algorithm according to the priority 6 of the whole queue of the undelivered task queue and the priorities 3, 5 and 0.5 of the 3 tasks in the initial task queue.
The method comprises the following steps of carrying out standardized treatment on the priority of the task to obtain 12, 6, 10 and 1 respectively, namely equally dividing the resource into 29 parts.
The undispensed task queue is allocated 12 resources based on the priority 6 of the overall queue of the undispensed task queue. Wherein the three tasks in the non-dispatch queue are allocated 2, 4 and 6 resources, respectively.
For 3 newly added tasks, the priorities of the 3 tasks are 3,5 and 0.5, respectively, and then the resources allocated for the 3 newly added tasks are 6, 10 and 1 parts, respectively.
Referring to fig. 5, step S4 is performed on the tasks in the optimized task queue according to the order of priority from high to low, so as to obtain the execution result of the tasks.
Step S5, corresponding operation is carried out according to the execution result of the task, and the method comprises the following steps:
and step S51, judging whether the task is executed according to the task execution result.
And step S52, if the task is executed, sending a task execution result to the client so as to respond to the task information sent by the client.
And step S53, if the task is interrupted, placing the task which is interrupted in the non-distributed task queue for the next resource allocation.
In one embodiment, the network switch sequentially executes the tasks in the optimized task queue according to the allocated resources of the optimized task queue, and the task execution result includes task execution completion and task execution interruption.
And defining that the task execution result is 0, indicating that the task execution is interrupted and the corresponding task is not completed. And defining the task execution result to be 1, and indicating that the task is completed.
And judging whether the task is executed or not according to the task execution result.
If the task execution result is 0, indicating that the task execution is interrupted, indicating that the corresponding task request still does not acquire the needed system resources, putting the task into the task queue which is not distributed, and carrying out next system resource distribution.
And if the task execution result is 1, indicating that the task execution is finished, sending the task execution result to the client so as to complete the response of the network switch to the task sent by the client.
In this embodiment, the security of data interaction between the network switch and the client in the application system is improved by a series of encryption modes, and then the system resources of the network switch are dynamically allocated to the authenticated client, so that the system load is balanced and reasonable.
And then, corresponding priority is allocated according to the task requests of all the clients, so that the task requests of all the clients can be processed in reasonable time, and the safety risk caused by too long waiting time of the task requests is prevented.
The system can not only prevent the risk of information leakage caused by imperfect encryption measures of the system, but also effectively reduce the risk of system failure caused by unbalanced system load, thereby improving the safety of the system.
The embodiment of the application provides a network switch safety monitoring device based on artificial intelligence, which comprises:
The initial task queue generating module is used for receiving task information sent by the client, analyzing any received task information to obtain a corresponding analysis result, and generating an initial task queue according to the analysis result;
The task resource allocation module is used for allocating resources to the tasks of the initial task queue according to a user-defined allocation algorithm, and obtaining a resource allocation result of the tasks of the initial task queue according to the resource allocation condition after the resources are allocated;
and according to the resource allocation result, the corresponding tasks of the initial task queues are allocated to the distributed task queues and the non-distributed task queues;
The dynamic allocation priority module is used for adding the newly added task into the undispensed task queue, dynamically allocating the priority to the task of the undispensed task queue according to a preset rule, and optimizing the task of the undispensed task queue according to the priority to obtain an optimized task queue;
the task execution module is used for executing the tasks in the optimized task queue according to the order of priority from high to low to obtain the execution result of the tasks;
and the task execution result judging module is used for carrying out corresponding operation according to the execution result of the task.
The network switch security monitoring method based on artificial intelligence can be realized in the form of software, sold or used as independent products and can be stored in a computer readable storage medium. The technical solution of the present application may be embodied in essence or in a part contributing to the prior art or in whole or in part in the form of a software product stored in a storage medium comprising instructions for causing a network device to perform all or part of the steps of the method according to the various embodiments of the present application. The storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a magnetic disk, or an optical disk.
In the present invention, unless explicitly specified and defined otherwise, for example, it may be fixedly connected, detachably connected or integrally formed, mechanically connected, electrically connected, directly connected, indirectly connected through an intermediate medium, connected internally of two elements or the interaction relationship of two elements, and the specific meaning of the terms in the present invention will be understood by those skilled in the art according to the specific circumstances unless explicitly defined otherwise.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (5)
1. The network switch safety monitoring method based on artificial intelligence is used for a network switch and is characterized by comprising the following steps:
Receiving task information sent by a client, and analyzing any received task information to obtain a corresponding analysis result, wherein the method specifically comprises the following steps:
Receiving task information sent by a client;
Analyzing the received task information to obtain first encrypted data and encrypted task data in a request head of the task information;
Decrypting the first encrypted data by using an RSA private key to obtain an AES key;
Decrypting the encrypted task data by using the AES key to obtain decrypted task data, and generating an initial task queue according to the analysis result;
distributing the resources of the network switch to the tasks of the initial task queue according to a self-defined distribution algorithm, and obtaining a resource distribution result of the tasks of the initial task queue according to the distribution condition of the resources after the resources are distributed;
the custom allocation algorithm comprises:
For any one task, determining the priority of the task in an initial task queue;
Distributing the resources to the tasks in the initial task queue according to the priority of the tasks and the demand of the tasks for the resources;
Comparing the amount of the resources allocated to one task with the demand of the tasks for the resources to judge whether the resources allocated to the task meet the demand;
If the amount of the resources allocated to one task cannot meet the requirement of the task on the resources, updating the resources allocated to the task according to the priority of the task and the requirement of the task on the resources;
if the amount of the resources allocated to a task can meet the requirement of the task on the resources, not updating the resources allocated to the task;
The tasks of the corresponding initial task queues are distributed to distributed task queues and non-distributed task queues according to the resource distribution result, wherein the distributed resources of any task in the distributed task queues meet the execution requirements of the tasks;
Adding the newly added task into the non-distributed task queue, and dynamically distributing the priority to the task of the non-distributed task queue according to a preset rule, wherein the task comprises the following specific steps:
Updating the priority of a task according to the amount of resources required to be consumed for executing the task, the amount of resources still lacking by the task after being allocated with resources and the queuing time T of the task in the undispensed task queue;
Optimizing the tasks of the undelivered task queues according to the priority to obtain optimized task queues;
The priority of one task to be executed is the ratio of the resources required to be consumed by the task to the sum of the resources required to be consumed by all the tasks to be executed, and the higher the corresponding ratio of one task is, the higher the priority of the task is;
the newly added task is a task sent by a client which is received by the network switch in real time;
Executing the tasks in the optimized task queue according to the order of priority from high to low to obtain the execution result of the tasks;
And performing corresponding operation according to the execution result of the task.
2. The method for security monitoring of an artificial intelligence based network switch according to claim 1, wherein generating an initial task queue according to the parsing result comprises:
the decrypted task data is analyzed to obtain a task to be executed;
all tasks to be executed obtained through analysis form a task queue, and the priority of each task to be executed in the task queue is calculated;
after determining the priority of each task to be executed, arranging all the tasks to be executed into an initial task queue according to the priority of the tasks from high to low;
The analysis result comprises first encrypted data, encrypted task data and decrypted task data.
3. The method for monitoring security of network switch based on artificial intelligence according to claim 1, wherein the performing corresponding operation according to the task execution result comprises the steps of:
judging whether the task is executed according to the task execution result;
If the task is executed, sending a task execution result to a client to respond to task information sent by the client;
if the task executes the interrupt, the task executed by the interrupt is put into the non-distributed task queue to carry out the next resource allocation.
4. Network switch safety monitoring device based on artificial intelligence, its characterized in that includes:
the initial task queue generating module is used for receiving task information sent by the client and analyzing any received task information to obtain a corresponding analysis result, and specifically comprises the following steps:
Receiving task information sent by a client;
Analyzing the received task information to obtain first encrypted data and encrypted task data in a request head of the task information;
Decrypting the first encrypted data by using an RSA private key to obtain an AES key;
Decrypting the encrypted task data by using the AES key to obtain decrypted task data, and generating an initial task queue according to the analysis result;
The task resource allocation module is used for allocating resources to the tasks of the initial task queue according to a user-defined allocation algorithm, and obtaining a resource allocation result of the tasks of the initial task queue according to the resource allocation condition after the resources are allocated;
the custom allocation algorithm comprises:
For any one task, determining the priority of the task in an initial task queue;
Distributing the resources to the tasks in the initial task queue according to the priority of the tasks and the demand of the tasks for the resources;
Comparing the amount of the resources allocated to one task with the demand of the tasks for the resources to judge whether the resources allocated to the task meet the demand;
If the amount of the resources allocated to one task cannot meet the requirement of the task on the resources, updating the resources allocated to the task according to the priority of the task and the requirement of the task on the resources;
if the amount of the resources allocated to a task can meet the requirement of the task on the resources, not updating the resources allocated to the task;
The tasks of the corresponding initial task queues are distributed to distributed task queues and non-distributed task queues according to the resource distribution result, wherein the distributed resources of any task in the distributed task queues meet the execution requirements of the tasks;
the dynamic allocation priority module is used for adding the newly added task into the undispensed task queue, and dynamically allocating the priority to the tasks of the undispensed task queue according to a preset rule, specifically:
Updating the priority of a task according to the amount of resources required to be consumed for executing the task, the amount of resources still lacking by the task after being allocated with resources and the queuing time T of the task in the undispensed task queue;
Optimizing the tasks of the undelivered task queues according to the priority to obtain optimized task queues;
the priority of a task to be executed is the ratio of the resources required to be consumed by the task to the sum of the resources required to be consumed by all the tasks to be executed, and the larger the corresponding ratio of the task is, the higher the priority of the task is;
The task execution module is used for executing the tasks in the optimized task queue according to the order of priority from high to low to obtain the execution result of the tasks;
and the task execution result judging module is used for carrying out corresponding operation according to the execution result of the task.
5. A storage medium having stored therein program instructions which, when executed, are adapted to carry out the method of any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210421831.0A CN114710288B (en) | 2022-04-21 | 2022-04-21 | Network switch security monitoring method, device and medium based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210421831.0A CN114710288B (en) | 2022-04-21 | 2022-04-21 | Network switch security monitoring method, device and medium based on artificial intelligence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114710288A CN114710288A (en) | 2022-07-05 |
| CN114710288B true CN114710288B (en) | 2025-05-09 |
Family
ID=82174524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210421831.0A Active CN114710288B (en) | 2022-04-21 | 2022-04-21 | Network switch security monitoring method, device and medium based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114710288B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115426221A (en) * | 2022-10-14 | 2022-12-02 | 湖南省邮电规划设计院有限公司 | Gateway device of Internet of things |
| CN118573638A (en) * | 2024-04-30 | 2024-08-30 | 清华大学 | Transmission queuing scheduling method, system and storage medium for server communication system |
| CN119109882A (en) * | 2024-10-14 | 2024-12-10 | 浪潮网络科技(山东)有限公司 | A switch event notification method, device, equipment and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657214A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Multi-queue multi-priority big data task management system and method for achieving big data task management by utilizing system |
| CN107341050A (en) * | 2016-04-28 | 2017-11-10 | 北京京东尚科信息技术有限公司 | Service processing method and device based on dynamic thread pool |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8151272B2 (en) * | 2008-04-07 | 2012-04-03 | At&T Intellectual Property I, Lp | Optimized usage of collector resources for performance data collection through even task assignment |
| CN108268318A (en) * | 2016-12-30 | 2018-07-10 | 华为技术有限公司 | A kind of method and apparatus of distributed system task distribution |
| CN113032112A (en) * | 2019-12-25 | 2021-06-25 | 上海商汤智能科技有限公司 | Resource scheduling method and device, electronic equipment and storage medium |
| CN111193802A (en) * | 2019-12-31 | 2020-05-22 | 苏州浪潮智能科技有限公司 | User group-based resource dynamic allocation method, system, terminal and storage medium |
| US11520626B2 (en) * | 2020-09-22 | 2022-12-06 | Arm Limited | Queueing techniques for a shared computer resource |
| CN112328399A (en) * | 2020-11-17 | 2021-02-05 | 中国平安财产保险股份有限公司 | Cluster resource scheduling method and device, computer equipment and storage medium |
-
2022
- 2022-04-21 CN CN202210421831.0A patent/CN114710288B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657214A (en) * | 2015-03-13 | 2015-05-27 | 华存数据信息技术有限公司 | Multi-queue multi-priority big data task management system and method for achieving big data task management by utilizing system |
| CN107341050A (en) * | 2016-04-28 | 2017-11-10 | 北京京东尚科信息技术有限公司 | Service processing method and device based on dynamic thread pool |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114710288A (en) | 2022-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114710288B (en) | Network switch security monitoring method, device and medium based on artificial intelligence | |
| Rani et al. | An implementation of modified blowfish technique with honey bee behavior optimization for load balancing in cloud system environment | |
| US9356780B2 (en) | Device, method, and system for encrypted communication by using encryption key | |
| Agarwal et al. | A genetic algorithm inspired task scheduling in cloud computing | |
| CN107948212A (en) | A kind of processing method and processing device of daily record | |
| CN111211896A (en) | Integrated quantum key encryption method, system and storage medium suitable for power business | |
| CN115766064A (en) | Password application method, device, equipment and storage medium | |
| CN119402297B (en) | Data transmission method, device, readable storage medium and program product | |
| CN112699391A (en) | Target data sending method and privacy computing platform | |
| Alhassan | Secure multi-cloud resource allocation with SDN and self-adaptive authentication | |
| CN111787534A (en) | A data encryption and decryption method, device and electronic device | |
| Van Do et al. | Properties of Horizontal Pod Autoscaling Algorithms and Application for Scaling Cloud-Native Network Functions | |
| CN116527257B (en) | Heterogeneous computing system and resource processing method based on same | |
| CN110585727B (en) | Resource acquisition method and device | |
| CN118802130A (en) | A computing method, device, system, equipment, medium and product | |
| CN116048808B (en) | Task type-based multi-security chip scheduling method and security chip device | |
| CN116070240A (en) | Data encryption processing method and device of multi-chip calling mechanism | |
| CN113572591B (en) | Real-time high concurrency safety access device and access method for intelligent energy service system | |
| US12287845B2 (en) | Operation of a distributed deterministic network | |
| CN113285798B (en) | Data processing method, bidding terminal device and computer readable medium | |
| CN114048495A (en) | A block consensus method and device | |
| CN109618371A (en) | Method and device for on-demand data aggregation | |
| CN118300832B (en) | Multi-device access platform processing method and system | |
| CN111190733A (en) | Computing resource scheduling method and device for RSA (rivest Shamir Adleman) computation | |
| CN118659937B (en) | Distributed business digital management method, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |