[go: up one dir, main page]

CN119629179B - An information processing system based on mimicry decision method - Google Patents

An information processing system based on mimicry decision method Download PDF

Info

Publication number
CN119629179B
CN119629179B CN202510135179.XA CN202510135179A CN119629179B CN 119629179 B CN119629179 B CN 119629179B CN 202510135179 A CN202510135179 A CN 202510135179A CN 119629179 B CN119629179 B CN 119629179B
Authority
CN
China
Prior art keywords
message
information
arbitration
unit
mimicry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202510135179.XA
Other languages
Chinese (zh)
Other versions
CN119629179A (en
Inventor
李明松
丁国栋
宋雪涛
曹煜
孔冠骅
郝兵
张晓龙
苏士辉
陈若曦
邓兆森
胡俊峰
陶桐桐
何亚明
李晗雨
程国振
刘文彦
梁浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Songshan Laboratory
Original Assignee
Henan Songshan Laboratory Industry Research Institute Co ltd Luoyang Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Songshan Laboratory Industry Research Institute Co ltd Luoyang Branch filed Critical Henan Songshan Laboratory Industry Research Institute Co ltd Luoyang Branch
Priority to CN202510135179.XA priority Critical patent/CN119629179B/en
Publication of CN119629179A publication Critical patent/CN119629179A/en
Application granted granted Critical
Publication of CN119629179B publication Critical patent/CN119629179B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1006Server selection for load balancing with static server selection, e.g. the same server being selected for a specific client
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24552Database cache management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/253Grammatical analysis; Style critique
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种基于拟态裁决方法的信息处理系统,涉及消息中间件技术领域,其中:输入分发代理组件用于接收请求信息、对请求信息添加标签。异构发布者用于响应请求信息。消息分析改造组件用于对消息进行安全分析、拟态信息同步、改造消息。消息中间件与拟态裁决组件连接,用于接收发布者消息、解析消息并选择插入队列、裁决归一化处理、还原、发布消息,并反馈裁决结果。数据库用于拟态裁决组件和消息分析改造组件之间的信息同步。反馈控制组件用于接收拟态裁决异常信息。应用本发明能够在提高分布式系统安全的基础上,同时实现拟态化改造方法、加入传统安全防护,提高了消息处理的效率、可靠性,避免因为拟态裁决、归一化造成集群功能受限。

The present invention discloses an information processing system based on a mimetic arbitration method, and relates to the technical field of message middleware, wherein: an input distribution proxy component is used to receive request information and add tags to the request information. A heterogeneous publisher is used to respond to request information. A message analysis and transformation component is used to perform security analysis, mimetic information synchronization, and message transformation on messages. The message middleware is connected to the mimetic arbitration component, and is used to receive publisher messages, parse messages and select to insert into queues, arbitration normalization processing, restore, publish messages, and feedback arbitration results. A database is used for information synchronization between the mimetic arbitration component and the message analysis and transformation component. A feedback control component is used to receive mimetic arbitration exception information. The application of the present invention can realize the mimetic transformation method and add traditional security protection on the basis of improving the security of distributed systems, thereby improving the efficiency and reliability of message processing and avoiding the limitation of cluster functions due to mimetic arbitration and normalization.

Description

Information processing system based on mimicry arbitration method
Technical Field
The invention relates to the technical field of message middleware, in particular to an information processing system based on a mimicry arbitration method.
Background
With the growing trend of distributed systems becoming mainstream software systems, lawless persons use the process of message transmission among components of the distributed system, take the message transmission among the components as an intrusion service path, control a core component by issuing fake messages so as to steal and tamper platform data, issue fraudulent messages by using fake platforms, and propagate malicious programs. This presents a significant challenge to the security of information in critical areas and units, such as users, particularly government authorities, large institutions, banks, businesses, etc.
The mimicry defense theory provides an effective solution to the network space endogenous security problem and derives a set of mimicry normalization arbitration method. But currently this approach relies primarily on proxy components to perform normalization and arbitration operations, i.e., the tasks are independently undertaken by a single node, which can lead to performance bottlenecks in a scalable distributed system.
Based on the service of the distributed system, the service data is transmitted among the system components through the filtering of the message middleware, and the invasion of lawless persons in a data plane can be effectively prevented. The traditional security service based on the distributed system is also increased with a plurality of measures, such as encrypting the system service transfer message by adopting the SSL protocol, but due to the large number of components of the distributed system, the characteristics of the message transmission protocol and the vulnerability of the whole transmission process, a plurality of security holes are still difficult to clear comprehensively. At present, the simulation defense research of the distributed information processing system is less, and the simulation judgment is not enhanced by utilizing a security analysis means, so that the redundant security is formed, and the security escape risk is increased.
Disclosure of Invention
The invention aims to provide an information processing system based on a mimicry arbitration method, which simultaneously realizes a mimicry reconstruction method and an information security protection means on the basis of improving the security of a distributed system, and the cluster expansion of a message middleware is not affected, so that the efficiency and the reliability of message processing are greatly improved, and the limitation of the cluster function of the message middleware due to mimicry arbitration and normalization is avoided.
In order to achieve the above purpose, the present invention adopts the following technical scheme.
An information processing system based on a mimicry arbitration method comprises an input distribution agent component, a heterogeneous publisher pool, a message analysis transformation component, a message middleware, a mimicry arbitration component, a database and a feedback control component.
The input distribution agent component is used for receiving the request information, adding a label to the request information, and copying and distributing the request information added with the label to equivalent heterogeneous publishers in the heterogeneous publisher pool.
The heterogeneous publisher is configured to respond to the request information from the input distribution agent component and to publish a message carrying the tag to the message analysis transformation component.
The message analysis transformation component is used for receiving the publisher message, carrying out security analysis, simulating information synchronization, transforming the message and sending the message to the message middleware.
The message middleware is connected with the mimicry arbitration component, and is used for receiving the publisher message, resolving the message and selecting to insert into the queue, and the mimicry arbitration component is used for subscribing the message from the message middleware, arbitrating the normalized processing message, restoring the message, publishing the message and feeding back the arbitration result.
The database is connected with the mimicry arbitration component and the message analysis modification component for information synchronization between the mimicry arbitration component and the message analysis modification component. The mimicry arbitration component updates message middleware queue information, node IP, queue status, etc. to the database. The message analysis transformation component queries information such as message middleware nodes, mimicry queue states and the like from a database, determines the message middleware nodes and mimicry message queues sent by the message analysis transformation component according to the information in combination with a load balancing algorithm, ensures that the same-tag messages are distributed to the same message middleware nodes, and avoids mimicry resolution failure caused by message dispersion.
The feedback control component is connected with the mimicry arbitration component and is used for receiving mimicry arbitration abnormal feedback information, analyzing and processing the abnormal information, launching state scheduling control information to the heterogeneous publisher pool, and carrying out heterogeneous publisher restarting rotation on the heterogeneous publisher pool if necessary.
Further, the message analysis transformation component performs security analysis of the tagged publisher message, including integrity checking and semantic security analysis of the message body.
Further, the simulation information synchronization performed by the message analysis and transformation component comprises the steps of acquiring the state and queue information of the message middleware from the database and updating the corresponding information stored locally.
Further, the message analysis transformation component transforms the tagged publisher message, including the destination message middleware node and the queue calculated according to the synchronized mimicry information, transforms the published message header, and adds the security analysis result to the published message body as a parameter for multidimensional mimicry arbitration.
Further, the message analysis and transformation component does not perform security analysis and message transformation on the unlabeled publisher message, and directly selects a load balancing algorithm to forward the message.
Further, the mimicry arbitration component performs arbitration normalization processing on the subscription message, including multidimensional mimicry arbitration on the message group with the same label, and a message is selected as a message to be issued by adopting a normalization algorithm according to the mimicry arbitration result.
Further, the mimicry arbitration component restores the message, including restoring the header information of the message to be published, i.e., restoring the header information of the original publisher, and restoring the message body, i.e., removing the security analysis result and the tag information.
Further, the message analysis transformation component is connected with the database to acquire the cluster information of the message middleware, the same-tag messages are distributed to the same queue of the same message middleware node, and the mimicry arbitration component on the node subscribes to the queue to acquire a group of same-tag messages and arbitrates.
Further, the message analysis and transformation assembly comprises a receiving unit, a tag identification unit, a data buffer unit, a security analysis unit, a load balancing message transformation unit, a mimicry information unit, a load balancing unit and a sending unit.
The receiving unit is used for receiving the information issued by the heterogeneous issuers.
The tag identification unit is used for identifying whether the message carries a mimicry tag.
The data caching unit is used for caching the messages which are not received completely, and transmitting the messages to the security analysis unit for security analysis after the messages are received completely.
The security analysis unit is used for carrying out semantic security analysis processing on the message and rapidly identifying and coping with potential security threats in the message.
The mimicry information unit is used for accessing the database, obtaining the cluster information of the message middleware and updating the cluster information to the local cache.
The load balancing message transformation unit is used for confirming the destination IP and the message middleware mimicry queue of the transformation message release according to the message middleware cluster information and the mimicry label through a label hash method and realizing the transformation of the message header.
The load balancing unit is used for carrying out load balancing processing on the message without the mimicry tag, and the optional load balancing method comprises a polling method, a weighted round robin method, a random method and a weighted random method.
The sending unit is used for publishing the message according to the destination IP.
Further, the security analysis unit analyzes and checks the message integrity and semantic security to obtain whether an abnormal Boolean value is obtained, and the abnormal Boolean value is stored in a message redundancy field or a custom field.
In particular, semantic security analysis can analyze the issued message by adopting various means such as lexical analysis, grammar analysis, semantic analysis, threat model matching and the like, so as to identify the attack behavior.
Further, the mimicry information unit acquires the message middleware cluster information from the database, wherein the message middleware cluster information comprises a node IP where the message middleware is located, a mimicry queue name and a mimicry processing state, and updates the locally cached message middleware cluster information.
Further, the load balancing message transformation unit adopts a tag hash method to confirm the IP and the mimicry queue of the sending destination from the cluster information of the message middleware, transforms the message header, enables the message to be finally inserted into the mimicry queue confirmed by the load balancing message transformation unit, and stores the information of the original message sending queue in a message redundancy field or a custom field.
In particular, the tag hash method calculates a numerical value through a hash function through the acquired message tag, and performs modulo operation on the size of the node list of the effective message middleware by using the numerical value to obtain the node serial number of the message to be sent to the message middleware.
In particular, when the message header is reformed, according to the node information of the message middleware which is determined to be distributed, the mimicry queue information on the node is obtained, the Routing Key value of the message header is changed into the mimicry queue name, and meanwhile, the original Routing Key value and the publisher information are stored in a redundant field or a custom field.
Further, the mimicry arbitration component comprises a subscription unit, a storage unit, an arbitration unit, a message reconstruction unit, a release unit and an exception reporting unit.
The subscription unit is used for subscribing the messages inserted in the mimicry queues appointed in the message middleware. After the subscription unit establishes connection with the message middleware, the subscription unit requests to create a mimicry message queue and subscribe, and meanwhile, the message middleware node information is updated to the database.
The storage unit is used for carrying out grouping cache on the message according to the mimicry tag and checking whether the data of the same mimicry tag are received completely to meet the judging condition.
The judging unit is used for selecting a corresponding judging algorithm according to the message security analysis result and the length characteristic, and judging the message group meeting the judging condition.
The message reconstruction unit is used for randomly selecting one message in the group in the message group passing through the arbitration, analyzing the appointed queue information in the message redundancy field or the custom field, and modifying the message into the message which can be issued to the service message queue.
The publishing unit is used for publishing the message to a service message queue of the designated message middleware node.
The exception reporting unit is used for reporting the arbitrated exception information to the feedback processing component in a specified format.
Furthermore, the judging unit flexibly judges according to the message semantic security analysis result and the length characteristic by selecting a corresponding judging algorithm.
Further, the message reconstruction unit selects the message to be released after normalization according to the result of the arbitration, replaces the existing message header Routing Key with the original Routing Key value reserved in the redundant field or the custom field, and removes the original Routing Key value, the label and the semantic analysis Boolean value of the redundant field or the custom field.
Further, the exception reporting unit reports the exception message and the publisher information related to the exception message to the feedback processing component in a contracted format according to the result of the exception judgment.
After the technical scheme is adopted, the invention has the following beneficial effects:
1. The invention solves the problem that the same label information is randomly distributed to different information middleware cluster nodes through the information analysis and transformation assembly. Conventionally, the on-label message may be distributed to the mimicry queues of different nodes, resulting in an inability to make efficient mimicry decisions. The invention adopts the tag hash method to accurately determine the target message middleware IP and the mimicry queue of the tag message, and ensures that the same tag message is intensively issued to the mimicry queue of the same node for processing. The improvement not only ensures the accuracy of the mimicry arbitration, but also avoids the limitation of the multi-node cluster expansion function of the message middleware caused by the mimicry arbitration and normalization processing, meets the requirement of high concurrent processing, and obviously improves the message processing efficiency and the reliability of the system.
2. The invention carries out semantic security analysis on the tag message through the message analysis and transformation component, deeply analyzes the message content and detects potential threat. In the mimicry arbitration component, semantic security analysis results are combined with mimicry arbitration algorithms to arbitrate from multiple dimensions. The multi-dimensional security policy realizes redundant design, and effectively avoids the problems of loopholes and misjudgment of a single mechanism. Through the deep fusion of semantic analysis and algorithm, the system can accurately identify complex threats, and the accuracy and reliability of arbitration are obviously improved. The innovative mechanism greatly enhances the overall security of the system
Drawings
Fig. 1 is a system schematic block diagram of the present invention.
Fig. 2 is a schematic flow chart of the method of the present invention.
Fig. 3 is a schematic diagram of the structure of the message analysis retrofit assembly of the present invention.
FIG. 4 is a flow chart of a method of message analysis retrofit assembly of the present invention.
FIG. 5 is a schematic diagram of the architecture of the mimetic arbitration component of the present invention.
FIG. 6 is a flow chart of a method of mimicking an arbitration component in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following describes in further detail the features and performances of an information processing system based on a mimetic solution according to the present invention with reference to the accompanying drawings and embodiments.
Referring to fig. 1-2, an information processing system based on a mimetic arbitration method includes an input distribution agent component, a heterogeneous publisher pool, a message analysis transformation component, a message middleware, a mimetic arbitration component, a database and a feedback control component.
The input distribution agent component is used for receiving user request information, randomly generating 64-byte character strings for the request information with the same content, inserting the 64-byte character strings into the user request information as mimicry labels, and copying and distributing the request information added with the mimicry labels to equivalent heterogeneous publishers in the heterogeneous publisher pool.
The heterogeneous publisher is used for receiving user request information with a mimicry tag forwarded by the input distribution agency component, extracting the mimicry tag in the user request information, adding the tag into a packet body of a message to be published, and distributing the message carrying the tag to the message analysis and transformation component.
The message analysis transformation component is used for receiving the publisher message, carrying out security analysis, simulating information synchronization, transforming the message and sending the message to the message middleware.
Specifically, the message analysis transformation component, after receiving the publisher message, checks the extracted tag and proceeds as follows depending on whether the tag is present.
And for the information without the label, security analysis and information transformation are not carried out, and transmission forwarding is carried out through a common load balancing algorithm.
For the message containing the label, the message analysis transformation component performs security analysis on the message, including integrity check and semantic security analysis on the message body, and stores the semantic analysis Boolean result in the message custom field. And acquiring the state and queue information of the message middleware from the database, and updating the corresponding information stored locally. And obtaining the message middleware nodes and queues to be sent by adopting a tag hash algorithm according to the obtained message middleware cluster information. And saving the original Routing Key of the message header to a message custom field, changing the queue name obtained by the hash calculation of the tag into a Routing Key value, and sending the Routing Key value to the message middleware of the designated node.
The message middleware is connected with the mimicry arbitration component, and is used for receiving the publisher message, resolving the message and selecting to insert into the queue, and the mimicry arbitration component is used for subscribing the message from the message middleware, arbitrating the normalized processing message, restoring the message, publishing the message and feeding back the arbitration result.
Specifically, the message middleware receives the issued message and analyzes the message header, and adds the message into a mimicry queue designated by the Routing Key according to the header Routing Key value.
The mimetic arbitration component subscribes to receive messages specifying the mimetic queues and updates the local node message middleware information to the database. The received messages are grouped according to the labels, whether the judgment is met or not is judged, and the simulated judgment is carried out on the message group meeting the judgment and the message semantic analysis result. And after the judgment is passed, randomly selecting a message according to a normalization processing method, changing the message header RoutingKey value into an initial Routing Key value stored in a custom field, and then issuing the modified message to a local message middleware node.
The message middleware analyzes and processes the simulated, arbitrated and normalized message, inserts the analyzed and processed message into a service message queue, and finally obtains the message from a subscriber.
The database is connected with the mimicry arbitration component and the message analysis modification component for information synchronization between the mimicry arbitration component and the message analysis modification component. The mimicry arbitration component updates information such as message middleware node IP, mimicry queue name, mimicry processing state, etc. to the database. The message analysis and transformation component inquires the information from the database, and determines the message middleware node and the mimicry message queue which are sent by the message analysis and transformation component according to the information and a load balancing algorithm.
Specifically, under the condition of message middleware cluster deployment, each deployed message middleware node is provided with a mimicry component, and the mimicry component acquires the information of the local message middleware node and updates the information to a database after finishing the information format. The message analysis transformation component is connected with the database to acquire message middleware cluster information, and distributes the same-tag messages to the same queue of the same message middleware node, and the mimicry arbitration component on the node subscribes the queue to acquire a group of same-tag messages and arbitrates.
The feedback control component is connected with the mimicry arbitration component and is used for receiving mimicry arbitration abnormal feedback information, analyzing and processing the abnormal information, launching state scheduling control information to the heterogeneous publisher pool, and carrying out heterogeneous publisher restarting rotation on the heterogeneous publisher pool if necessary.
Referring to fig. 3 to 4, the message analysis and transformation assembly includes a receiving unit, a tag identification unit, a data buffer unit, a security analysis unit, a load balancing message transformation unit, a mimetic information unit, a load balancing unit, and a sending unit.
The receiving unit is used for receiving the information issued by the heterogeneous issuers.
The tag identification unit is used for identifying whether the message carries a mimicry tag. Judging whether the message carries a label according to the agreed protocol format, and extracting the label if the message carries the label.
The data caching unit is used for judging whether the message is complete according to the agreed protocol format, caching the incomplete message if the message is incomplete, waiting for receiving the subsequent message content and judging whether the message is complete, and delivering the complete message received by the data to the security analysis unit for processing.
The security analysis unit is used for carrying out traditional security semantic analysis and check on the message to obtain whether the semantic analysis is abnormal Boolean value, and storing the abnormal Boolean value in a message redundant field or a custom field.
The mimicry information unit is used for accessing the database, acquiring cluster dynamic information of the message middleware from the database, including the node IP where the message middleware is located, mimicry queue names, mimicry processing states and the like, and updating the cluster information of the message middleware in the local cache.
The load balancing message transformation unit is used for confirming the destination IP and the message middleware mimicry queue of the transformation message release according to the message middleware cluster information and the mimicry label through a label hash method and realizing the transformation of the message header.
Specifically, the load balancing message transformation unit adopts a tag hash method to confirm the IP and the mimicry queue of the sending destination from the cluster information of the message middleware, transforms the message header, enables the message to be finally inserted into the mimicry queue confirmed by the load balancing message transformation unit, and stores the information of the original message sending queue in a message redundancy field or a custom field.
The label hash method obtains a numerical value through the obtained message label and the hash function calculation, and performs modular operation on the size of the effective message middleware node list by using the numerical value to obtain the node serial number of the message to be sent to the message middleware.
When the message header is reformed, according to the node information of the message middleware which is determined to be distributed, the mimicry queue information on the node is obtained, the Routing Key value of the message header is changed into the mimicry queue name, and meanwhile, the original Routing Key value and the publisher information are stored in a redundant field or a custom field.
For the message without the mimicry tag, the load balancing unit performs load balancing processing on the message, and optional load balancing methods comprise a polling method, a weighted round robin method, a random method and a weighted random method.
The sending unit is used for publishing the message to the message middleware according to the destination IP.
Referring to fig. 5 to 6, the mimicry arbitration component includes a subscription unit, a storage unit, an arbitration unit, a message reconstruction unit, a publishing unit, and an exception reporting unit, and the implementation steps are as follows.
The subscription unit is used for subscribing the messages inserted in the mimicry queues appointed in the message middleware. After the subscription unit establishes connection with the message middleware, the subscription unit requests to create a mimicry message queue and subscribe, and meanwhile, the message middleware node information is updated to the database.
The storage unit is used for carrying out grouping cache on the information according to the mimicry tag, converging the same tag data into a group, checking whether the data of the same mimicry tag completely meet the judging condition or not, and if the data of the same mimicry tag completely meet the judging condition, processing the data by the judging unit.
The judging unit is used for selecting a corresponding judging algorithm according to the semantic analysis result and the length characteristic of the message and judging the message group meeting the judging condition.
Specifically, if the semantic security analysis result is abnormal, the arbitration unit adopts a strict arbitration algorithm to process, such as high-number voting, mask voting and the like based on history information. If the semantic security analysis result is normal, processing by a higher-efficiency arbitration algorithm, such as fast voting, monitoring voting and the like.
The message reconstruction unit is used for randomly selecting one message in the group in the message group passing through the arbitration, analyzing the appointed queue information in the message redundancy field or the custom field, and modifying the message into the message which can be issued to the service message queue.
Specifically, the message reconstruction unit selects the message to be issued after normalization according to the result of the arbitration, replaces the Routing Key of the existing message header with the original Routing Key value reserved in the redundant field or the custom field, and removes the original Routing Key value, the label, the semantic analysis boolean value and the publisher information of the redundant field or the custom field.
The publishing unit is used for publishing the message to a service message queue of the designated message middleware node.
The exception reporting unit is used for reporting the exception message and the publisher information related to the exception message to the feedback processing component in a contract format according to the result of the exception judgment.
It should be noted that, in the present embodiment, the parts not described in detail are all prior art, and the above embodiments are only for illustrating the present invention, but the present invention is not limited to the above embodiments, and any simple modification, equivalent variation and modification made to the above embodiments according to the technical substance of the present invention falls within the protection scope of the present invention.

Claims (14)

1. An information processing system based on a mimicry arbitration method is characterized by comprising an input distribution agent component, a heterogeneous publisher pool, a message analysis transformation component, a message middleware, a mimicry arbitration component, a database and a feedback control component, wherein,
The input distribution agent component is used for receiving the request information, adding a label to the request information, copying and distributing the request information added with the label to equivalent heterogeneous publishers in the heterogeneous publisher pool,
The heterogeneous publisher is used for responding to the request information from the input distribution agent component and distributing the message carrying the label to the message analysis modification component,
The message analysis transformation component is used for carrying out security analysis, mimicry information synchronization and transformation on the received publisher message and sending the message to the message middleware, the message analysis transformation component carries out security analysis on the tagged publisher message, including carrying out integrity check and semantic security analysis on the message body,
The message middleware is connected with a mimicry arbitration component, the message middleware is used for receiving the publisher message, resolving the message and selecting to insert into a queue, the mimicry arbitration component is used for subscribing the message from the message middleware, arbitrating the normalized processing message, restoring the message, publishing the message and feeding back the arbitration result,
The database is connected with the mimicry arbitration component and the message analysis modification component for information synchronization between the mimicry arbitration component and the message analysis modification component, the message analysis modification component is connected with the database to acquire message middleware cluster information, the same-tag messages are distributed into the same queue of the same message middleware node, the mimicry arbitration component on the node subscribes the queue to acquire a group of same-tag messages and arbitrates,
The feedback control component is connected with the mimicry arbitration component and is used for receiving mimicry arbitration abnormal feedback information and starting the mimicry scheduling control information to the heterogeneous publisher pool so as to realize the rotation of equivalent heterogeneous publishers.
2. The information processing system based on the mimetic method of claim 1, wherein the mimetic information synchronization by the message analysis transformation component includes obtaining the status and queue information of the message middleware from the database and updating the locally stored corresponding information.
3. An information processing system based on a mimetic solution as set forth in claim 2 wherein the message analysis reformulation component reforms the tagged publisher message by,
The head of the release message is modified according to the destination message middleware node and the queue obtained by the synchronous mimicry information calculation,
And adding the security analysis result into the published message body as a parameter of multi-dimensional mimicry arbitration.
4. The information processing system based on the mimicry arbitration method of claim 1, wherein the message analysis transformation component directly selects a load balancing algorithm to forward the message without performing security analysis and message transformation on the untagged publisher message.
5. The information processing system based on the mimetic arbitration method as set forth in claim 1, wherein the mimetic arbitration component performs arbitration normalization processing on the subscription message, includes performing multidimensional mimetic arbitration on the message group with the same label, and selecting a message as a message to be issued by adopting a normalization algorithm according to the mimetic arbitration result.
6. An information processing system based on a mimetic arbitration method as set forth in claim 3 wherein the mimetic arbitration component restores the message including restoring header information of the message to be published, i.e., restoring header information of the original publisher, and restoring the message body, i.e., removing security analysis results and tag information.
7. The information processing system based on the mimicry arbitration method of claim 1, wherein the message analysis transformation component comprises a receiving unit, a tag identification unit, a data caching unit, a security analysis unit, a load balancing message transformation unit, a mimicry information unit, a load balancing unit and a sending unit,
The receiving unit is configured to receive a message published by a heterogeneous publisher,
The tag identification unit is used for identifying whether the message carries a mimicry tag,
The data buffer unit is used for buffering the message which is not received completely, and transmitting the message to the security analysis unit for security analysis after the message is received completely,
The security analysis unit is used for carrying out semantic security analysis processing on the message, rapidly identifying and coping with potential security threats in the message,
The mimicry information unit is used for accessing the database, obtaining the cluster information of the message middleware and updating the cluster information to the local cache,
The load balancing message transformation unit is used for confirming the destination IP and the message middleware mimicry queue of the transformation message release through a tag hash method according to the message middleware cluster information and mimicry tag, and realizing the transformation of the message header,
The load balancing unit is used for carrying out load balancing processing on the message without the mimicry tag, and the optional load balancing method comprises a polling method, a weighted round robin method, a random method and a weighted random method,
The sending unit is used for publishing the message according to the destination IP.
8. The information processing system based on the mimicry arbitration method of claim 7, wherein the security analysis unit performs analysis and inspection on message integrity and semantic security to obtain an abnormal Boolean value, and stores the abnormal Boolean value in a message redundancy field or a custom field.
9. The information processing system based on the mimetic method of claim 7, wherein the mimetic information unit obtains the message middleware cluster information from the database and updates the locally cached message middleware cluster information.
10. The information processing system based on the mimetic decision method as set forth in claim 7, wherein the load balancing message modification unit uses a tag hash method to confirm the transmission destination IP and the mimetic queue from the message middleware cluster information, modifies the message header so that the message is finally inserted into the mimetic queue confirmed by the load balancing message modification unit, and stores the information of the original message transmission queue in the message redundancy field or the custom field.
11. The information processing system based on the mimetic arbitration method as recited in claim 1, wherein the mimetic arbitration component includes a subscription unit, a storage unit, an arbitration unit, a message reconstruction unit, a publication unit, and an exception reporting unit, wherein,
The subscription unit is used for subscribing the messages inserted in the mimicry queue specified in the message middleware,
The storage unit is used for carrying out grouping cache on the message according to the mimicry tag and checking whether the data of the same mimicry tag is received completely to meet the judging condition,
The judging unit is used for selecting a corresponding judging algorithm according to the message safety analysis result and the length characteristic to judge the message group meeting the judging condition,
The message reconstruction unit is used for randomly selecting one message in the group in the message group passing through the arbitration, analyzing the appointed queue information in the message redundancy field or the custom field, modifying the message into the message capable of being issued to the service message queue,
The publishing unit is for publishing the message to a service message queue of the designated message middleware node,
The exception reporting unit is used for reporting the arbitrated exception information to the feedback processing component in a specified format.
12. The information processing system based on the mimicry arbitration method of claim 11, wherein the arbitration unit flexibly selects a corresponding arbitration algorithm for arbitration according to the message semantic security analysis result and the length characteristic.
13. The information processing system based on the mimicry arbitration method of claim 11, wherein the message reconstruction unit selects the message to be published after normalization according to the arbitration result, replaces the existing message header Routing Key with the original Routing Key value reserved in the redundant field or the custom field, and removes the original Routing Key value, the tag and the semantic analysis Boolean value of the redundant field or the custom field.
14. The information processing system based on the mimicry arbitration method of claim 11, wherein the exception reporting unit reports the exception message and the publisher information associated with the exception message to the feedback processing component in a contracted format based on the arbitration exception result.
CN202510135179.XA 2025-02-07 2025-02-07 An information processing system based on mimicry decision method Active CN119629179B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510135179.XA CN119629179B (en) 2025-02-07 2025-02-07 An information processing system based on mimicry decision method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510135179.XA CN119629179B (en) 2025-02-07 2025-02-07 An information processing system based on mimicry decision method

Publications (2)

Publication Number Publication Date
CN119629179A CN119629179A (en) 2025-03-14
CN119629179B true CN119629179B (en) 2025-05-27

Family

ID=94900470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510135179.XA Active CN119629179B (en) 2025-02-07 2025-02-07 An information processing system based on mimicry decision method

Country Status (1)

Country Link
CN (1) CN119629179B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628978A (en) * 2020-05-21 2020-09-04 河南信大网御科技有限公司 Mimicry normalization decision making system, method and readable storage medium
CN113094757A (en) * 2021-06-07 2021-07-09 之江实验室 File fragment system for mimicry storage system
CN116471117A (en) * 2023-05-15 2023-07-21 嵩山实验室 Information processing method and system for mimicking reconstruction message part and message middleware

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110378811B (en) * 2019-06-17 2024-03-22 平安科技(深圳)有限公司 Arbitration information processing method, apparatus, computer device and storage medium
CN111885124B (en) * 2020-07-07 2023-01-17 河南信大网御科技有限公司 Mimicry distributed storage system, data reading and writing method and readable storage medium
CN112118128B (en) * 2020-08-18 2022-09-06 河南信大网御科技有限公司 Rapid identification method and recovery method for online executive fault
CN115277163A (en) * 2022-07-22 2022-11-01 杭州安司源科技有限公司 Mimicry transformation method based on label
CN117914517A (en) * 2023-11-29 2024-04-19 华东计算技术研究所(中国电子科技集团公司第三十二研究所) A graph data mimicry decision method based on differential hashing algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628978A (en) * 2020-05-21 2020-09-04 河南信大网御科技有限公司 Mimicry normalization decision making system, method and readable storage medium
CN113094757A (en) * 2021-06-07 2021-07-09 之江实验室 File fragment system for mimicry storage system
CN116471117A (en) * 2023-05-15 2023-07-21 嵩山实验室 Information processing method and system for mimicking reconstruction message part and message middleware

Also Published As

Publication number Publication date
CN119629179A (en) 2025-03-14

Similar Documents

Publication Publication Date Title
US11151660B1 (en) Intelligent routing control
US7630379B2 (en) Systems and methods for improved network based content inspection
CN101719842B (en) A Distributed Network Security Early Warning Method Based on Cloud Computing Environment
CN111698126B (en) Information monitoring method, system and computer readable storage medium
CN110460658A (en) A kind of distributed storage construction method based on mimicry construction
US20070260714A1 (en) Asynchronous interconnect protocol for a clustered dbms
CN113347164A (en) Block chain-based distributed consensus system, method, device and storage medium
CN108683668B (en) Resource checking method, device, storage medium and equipment in content distribution network
CN103581363A (en) Method and device for controlling baleful domain name and illegal access
CN103733590A (en) Compiler for regular expressions
CN111478970A (en) A Grid Web Application Mimic Defense System
CN110995678A (en) An efficient intrusion detection system for industrial control network
CN112235269B (en) Device and method for implementing mimic brackets in distributed mode
CN113660250B (en) Defense method, device, system and electronic device based on WEB application firewall
US9122546B1 (en) Rapid processing of event notifications
Ding et al. A data-driven based security situational awareness framework for power systems
Las-Casas et al. A big data architecture for security data and its application to phishing characterization
CN119629179B (en) An information processing system based on mimicry decision method
RU2647616C1 (en) Method of detecting brute force attack on web service
CN110445580A (en) Data transmission method for uplink and device, storage medium, electronic device
EP3408989B1 (en) Detecting malware on spdy connections
CN112511317A (en) Input distribution method, input agent and mimicry distributed storage system
CN112118319B (en) Network URL resource processing method and system
CN109327437A (en) Concurrent websocket business information processing method and server-side
CN116521383A (en) Method, device, equipment and storage medium for detecting multimedia data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20250610

Address after: 450018 Henan Province, Zhengzhou City, Zhongshan New District, Longzi Lake Natural Resources Building C building

Patentee after: Songshan Laboratory

Country or region after: China

Address before: 471000 Henan Province Luoyang City Yibin District Innovation Building 1st floor 103 room

Patentee before: Henan Songshan Laboratory Industry Research Institute Co.,Ltd. Luoyang Branch

Country or region before: China

TR01 Transfer of patent right