CN115766828A - Cloud security monitoring task information interaction method and system - Google Patents

Abstract

The invention provides a cloud security monitoring task information interaction method and system, which realize remote real-time management of monitoring equipment through an interaction form, facilitate management of the monitoring equipment by users and operation and maintenance personnel, simultaneously provide reliable network service for the monitoring equipment in low-bandwidth and unstable network environments by adopting a mode of supporting lightweight publish/subscribe message transmission, provide stable monitoring equipment access service with mass connection, high concurrency and low time delay, support data encryption, provide a high-security monitoring equipment data transmission channel, screen and forward monitoring equipment messages and asynchronously execute by sending messages to improve the response speed of the system, support a monitoring cloud platform to issue monitoring equipment commands, and acquire state information of the monitoring equipment according to different commands.

Description

A cloud security monitoring task information interaction method and system

technical field

The invention relates to the technical field of instant messaging, in particular to a cloud security monitoring task information interaction method and system.

Background technique

With the rapid development of information network technology, cloud-based wireless networks have also been popularized in various households and public places in China, and people have begun to enjoy the convenience brought by wireless networks to work and life. But this convenience also brings opportunities for lawbreakers, and more and more illegal activities on the Internet have begun to be carried out through wireless networks in public places.

Monitoring equipment is responsible for the monitoring and analysis of network traffic data, which plays an important role in network behavior management. However, due to the many application scenarios of monitoring equipment and the complex network environment of the installation site, the status of the connected monitoring equipment is not stable. The traditional monitoring equipment management system is only responsible for accepting the reporting of monitoring data, and the reporting of monitoring data in many places occurs. The interruption cannot be detected in time, and the operation and maintenance personnel cannot locate the cause of the interruption and restore it in time after discovering the interruption reported by the monitoring data, which makes the operation and maintenance management of the monitoring equipment very difficult.

Contents of the invention

Based on the above problems, the present invention proposes a cloud security monitoring task information interaction method and system, which realizes remote real-time management of monitoring equipment through interactive forms, and facilitates management of monitoring equipment by users and operation and maintenance personnel.

In view of this, the first aspect of the present invention proposes a cloud security monitoring task information interaction method, including:

Receive a monitoring interaction request message sent by a cloud security monitoring device, where the interaction request message includes preconfigured identity information of the monitoring device, address information of the message service module, subscription topic information, and monitoring interaction information;

Establishing a communication connection between the monitoring device and the message service module according to the address information;

inputting the monitoring interaction information into a monitoring device associated with the subscription topic information;

The monitoring device verifies the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information;

If it is judged to be yes, then write the monitoring interaction information into the memory queue and wait for the asynchronous thread pool module to perform persistent operations on it;

judging according to the identity information of the monitoring device whether there is task information that needs to be delivered to the monitoring device in the memory queue;

If it is judged to be yes, then the task information is encapsulated and encrypted and sent to the monitoring device through the message service module.

Optionally, also include:

receiving a registration request of the monitoring device;

Receive a heartbeat message periodically sent by the monitoring device in an on state, where the heartbeat message includes physical address information of the monitoring device, monitoring on state information and/or authentication on state information.

Optionally, also include:

Receive the heartbeat information sent by the monitoring device after it is turned on or after performing any task, the heartbeat information includes the physical address information of the monitoring device and the International Mobile Equipment Identity code IMEI information;

Query the IMEI of the monitoring device in the database according to the physical address information of the monitoring device;

When the IMEI of the monitoring device queried from the database is the same as the IMEI carried in the heartbeat information, return information that there is currently no monitoring task to the monitoring device;

Otherwise, send the monitoring task corresponding to the IMEI queried from the database to the monitoring device;

Configured IMEI update information or IMEI rollback information for the monitoring device;

Write the IMEI corresponding to the IMEI update information or the IMEI rollback information into the database;

Push the IMEI corresponding to the IMEI update information or the IMEI rollback information to the monitoring device so that the monitoring device updates the IMEI, and add 1 to the updated or rolled back parameter in the status column of the monitoring device.

Optionally, also include:

receiving monitoring enabled status information and/or authentication enabled status information for the monitoring device configured by the user in the background, the monitoring enabled status information is configuring the monitoring status of the monitoring device as an enabled state or an disabled state, and the authentication The open state information is to configure the authentication state of the monitoring device as an open state or a closed state;

Writing the monitoring enabled status information and/or authentication enabled status information into a database;

receiving heartbeat information sent by the monitoring device;

When the monitoring enabled status information and/or authentication enabled status information of the monitoring device carried in the heartbeat information is inconsistent with the monitoring enabled status information and/or authentication enabled status information of the monitoring device configured in the database, the The above-mentioned monitoring equipment issues corresponding monitoring switch tasks and/or authentication switch tasks;

receiving an execution result of the monitoring switching task and/or authentication switching task returned by the monitoring device;

When the execution result of the monitoring switching task and/or the authentication switching task is a failure, the monitoring switching task and/or the authentication switching task are sent to the monitoring device again until the monitoring device returns information that the execution result is successful .

Optionally, also include:

Perform AI abnormal warning operation on the monitoring equipment.

Optionally, performing an AI abnormal early warning operation on the monitoring device, including:

Obtaining N heartbeat messages sent by the monitoring device in N time periods, where N is greater than 1;

The N heartbeat information is set as a time series group, the time series group includes an N-dimensional time series, and each time series is provided with a key-value pair key-value, and the key-value pair is one-to-one with the content of the heartbeat packet correspond;

Inputting the N-dimensional time series into M*N anomaly predictors respectively, wherein one time series corresponds to M anomaly predictors, and M is a positive integer less than N;

The key-value pairs of N time series are input into the symmetric residual network, and the first feature of the key-value pair is extracted through the symmetric residual network;

performing weight quantization on the first feature pair through an attention mechanism to obtain a quantized second feature;

Inputting the quantized second feature into the two-way long-short-term memory network to obtain the predicted key-value pair of the N+1th cycle;

An early warning judgment is performed on the key-value pair of the N+1th cycle, and if the key-value pair of the N+1th cycle exceeds a preset threshold range, it is determined that the monitoring device is abnormal.

Optionally, the interaction request message is encrypted by the monitoring device using a public key provided by the server, and the steps of decrypting and decoding the interaction request message specifically include:

Using the private key corresponding to the public key to decrypt the interaction request message to obtain the identity information of the monitoring device, the address information of the message service module, subscription topic information, and a plaintext string of monitoring interaction information;

judging whether the plaintext string of the subscription topic information contains a preset first delimiter and whether the plaintext string of the monitoring interaction information contains a preset second delimiter;

judging whether the number of the first delimiters in the plaintext string of the subscription topic information is consistent with the number of the second delimiters in the plaintext string of the monitoring interaction information;

When both are judged to be yes, segment the plaintext string of the subscription topic information and the plaintext string of the monitoring interaction information based on the first delimiter and the second delimiter to generate subscription topic arrays and interaction information respectively array.

Optionally, the step of inputting the monitoring interaction information into a monitoring device associated with the subscription topic information specifically includes:

Matching each subscription topic in the subscription topic array with a list of subscription topics saved in the database;

determining a monitoring device corresponding to each subscription topic in the subscription topic array according to the matching result;

Each interaction information in the interaction information array is input to a corresponding monitoring device.

Optionally, the embodiment of the present invention also provides a cloud security monitoring task information interaction system, including:

The receiving module is used to receive the monitoring interaction request message sent by the cloud security monitoring device, and the interaction request message includes the identity information of the pre-configured monitoring device, the address information of the message service module, the subscription topic information and the monitoring interaction information;

A connection module, configured to establish a communication connection between the monitoring device and the message service module according to the address information;

An input module, configured to input the monitoring interaction information into a monitoring device associated with the subscription topic information;

A judging module, configured to check the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information; if it is judged to be yes, then write the monitoring interaction information into a memory queue and wait for an asynchronous thread pool The module performs persistent operations on it;

The judging module is further configured to judge whether there is task information that needs to be sent to the monitoring device in the memory queue according to the identity information of the monitoring device; if it is judged to be yes, the task information is encapsulated and encrypted Send it to the monitoring device through the message service module.

The third aspect of the present invention provides a computer-readable medium on which a computer program is stored, and when the computer program is executed by a processor, the cloud security monitoring task information interaction described in any one of the first aspects of the present invention is realized. method.

The invention proposes a cloud security monitoring task information interaction method and system, which realizes remote real-time management of monitoring equipment through interactive forms, facilitates management of monitoring equipment by users and operation and maintenance personnel, and adopts support for lightweight publish/subscribe message transmission , to provide reliable network services for monitoring equipment in low-bandwidth and unstable network environments, and provide stable monitoring equipment access services with massive connections, high concurrency, and low latency, support data encryption, and provide highly secure monitoring equipment data The transmission channel screens and forwards the monitoring device messages and executes them asynchronously by sending messages to improve the system response speed. It supports the monitoring cloud platform to issue commands to the monitoring devices, and obtains the status information of the monitoring devices according to different commands.

Description of drawings

Fig. 1 is a flowchart of a method for interacting with cloud security monitoring task information provided by an embodiment of the present invention;

Fig. 2 is a flowchart of a method for monitoring the state of monitoring equipment provided by an embodiment of the present invention;

Fig. 3 is a flow chart of a monitoring version management method provided by an embodiment of the present invention;

Fig. 4 is a schematic diagram of the hardware composition of the device in one embodiment of the present invention;

Fig. 5 is a schematic block diagram of a cloud security monitoring task information interaction system provided by an embodiment of the present invention.

Detailed ways

In order to understand the above-mentioned purpose, features and advantages of the present invention more clearly, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments can be combined with each other.

In the following description, many specific details are set forth in order to fully understand the present invention. However, the present invention can also be implemented in other ways than described here. Therefore, the protection scope of the present invention is not limited by the specific implementation disclosed below. Example limitations.

In the description of the present invention, the term "plurality" refers to two or more than two. Unless otherwise clearly defined, the orientation or positional relationship indicated by the terms "upper", "lower" and so on is based on the orientation shown in the accompanying drawings. Orientation or positional relationship is only for the convenience of describing the present invention and simplifying the description, but does not indicate or imply that the referred system or element must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. The terms "connection", "installation" and "fixation" should be understood in a broad sense, for example, "connection" can be fixed connection, detachable connection, or integral connection; it can be directly connected or through an intermediate The medium is indirectly connected. Those of ordinary skill in the art can understand the specific meanings of the above terms in the present invention according to specific situations. In addition, the terms "first", "second", etc. are used for descriptive purposes only, and should not be understood as indicating or implying relative importance or implicitly specifying the quantity of the indicated technical features. Thus, a feature defined as "first", "second", etc. may expressly or implicitly include one or more of that feature. In the description of the present invention, unless otherwise specified, "plurality" means two or more.

In the description of this specification, descriptions of the terms "one embodiment", "some implementations", "specific examples" and the like mean that specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in the present invention In at least one embodiment or example of . In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

A cloud security monitoring task information interaction method, system and computer-readable medium provided according to some embodiments of the present invention will be described below with reference to the accompanying drawings.

As shown in Figure 1, the first aspect of the present invention proposes a method for interacting with cloud security monitoring task information, including:

Receive a monitoring interaction request message sent by a cloud security monitoring device, where the interaction request message includes preconfigured identity information of the monitoring device, address information of the message service module, subscription topic information, and monitoring interaction information;

Establishing a communication connection between the monitoring device and the message service module according to the address information;

inputting the monitoring interaction information into a monitoring device associated with the subscription topic information;

The monitoring device verifies the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information;

If it is judged to be yes, then write the monitoring interaction information into the memory queue and wait for the asynchronous thread pool module to perform persistent operations on it;

judging according to the identity information of the monitoring device whether there is task information that needs to be delivered to the monitoring device in the memory queue;

If it is judged to be yes, then the task information is encapsulated and encrypted and sent to the monitoring device through the message service module.

The cloud security monitoring task information interaction method proposed by the present invention is applied to the monitoring cloud platform, and the monitoring cloud platform interacts with the monitoring equipment in real time through the message publishing/subscribing mechanism of the MQTT (Message Queuing Telemetry Transport) protocol. An agreed Topic (subscription topic) is used between the monitoring cloud platform and the monitoring device to perform cloud security monitoring interaction. Under the MQTT protocol, the message interaction modes of the interacting parties include Publish (publish) mode and Subscribe (subscribe) mode. The monitoring device can use the Publish mode to send the Publish message to the monitoring cloud platform to call the service interface of the corresponding subscription topic, and can also use the subscription mode to subscribe to any subscription topic on the monitoring cloud platform to receive services under the subscription topic notification. The monitoring device can obtain the application instant command through the monitoring device command topic cluster, and report the execution result. Before returning the result, the data to be changed will be sent to the thread pool, and the asynchronous thread will send the information of the changed monitoring device to the agreed topic Topic, and then send it to the monitoring device by the EMQX message service. Specifically, in the technical solutions of some embodiments of the present invention, the monitoring device encrypts the request information of the monitoring device through an encryption and encoding method agreed with the monitoring cloud platform, and uses HTTPS (HyperText Transfer Protocol over Secure Socket Layer, The secure hypertext transfer protocol channel) protocol sends the request information to a unified API (Application Programming Interface, application programming interface) gateway. The unified API gateway forwards the request to the monitoring device addressing system, and the monitoring device addressing system decrypts and decodes the request information, and calculates the EMQX message service address and Topic that the monitoring device needs to connect to according to the configuration data of the monitoring cloud platform , so as to achieve load balancing and improve fault tolerance. After the monitoring device obtains the EMQX message service address and Topic, it establishes an MQTT communication connection with the EMQX message service. After the EMQX message service receives the request information from the monitoring device, it pushes it to the monitoring device access system corresponding to the Topic, and the monitoring device access system decrypts and decodes the request information, and verifies the decoded data. Check whether the request information has changed the information corresponding to the topic on the monitoring cloud platform. If it needs to be changed, the data will be saved in the memory queue, consumed by the asynchronous thread pool, and persisted. The monitoring cloud platform judges whether there is a task to be sent to the monitoring device according to the Mac (Media Access Control, media intervention control layer, also known as the physical address) address of the monitoring device or the monitoring device ID (Identity document, ID number). If there is a task that needs to be delivered, the task will be encapsulated and encrypted, and sent to the EMQX message service, and the EMQX message service will push the data to the monitoring device.

In the technical solution of the above method, remote real-time management of monitoring equipment is realized through interactive forms, which is convenient for users and operation and maintenance personnel to manage monitoring equipment. The monitoring equipment in the network environment provides reliable network services, and provides massive connections, high concurrency, and low-latency stable monitoring equipment access services, supports data encryption, provides high-security monitoring equipment data transmission channels, and monitors equipment messages. Screening and forwarding are performed asynchronously by sending messages to improve system response speed.

As shown in Figure 2, in the above-mentioned cloud security monitoring task information interaction method, it also includes:

Receive registration requests from monitoring devices;

Receive a heartbeat message periodically sent by the monitoring device in the turned-on state, where the heartbeat message includes physical address information of the monitoring device, monitoring-on state information, and authentication-on state information.

After the monitoring device is registered and started, it sends a heartbeat message to the monitoring cloud platform every minute, carrying the local Mac address, monitoring enabled status, and authentication enabled status. The monitoring cloud platform records the real-time online status of the monitoring device according to the latest heartbeat message of the monitoring device. That is, the monitoring device is online or offline. The display module of the monitoring cloud platform displays the online status or other status information of the monitoring equipment through its front page or background page.

As shown in Figure 3, in the above-mentioned cloud security monitoring task information interaction method, it also includes:

Receiving a heartbeat message sent by the monitoring device after it is turned on or after performing any task, the heartbeat message includes physical address information of the monitoring device and International Mobile Equipment Identity (IMEI, IMEI) information;

Query the IMEI of the monitoring device in the database according to the physical address information of the monitoring device;

When the IMEI of the monitoring device queried from the database is the same as the IMEI carried in the heartbeat message, return the information that there is currently no monitoring task to the monitoring device, otherwise, issue the monitoring task corresponding to the IMEI queried from the database to said monitoring device;

receiving IMEI update information or IMEI rollback information for the monitoring device configured by the user in the background;

Write the IMEI corresponding to the IMEI update information or the IMEI rollback information into the database;

Push the IMEI corresponding to the IMEI update information or IMEI rollback information to the monitoring device so that the monitoring device updates the IMEI, and add 1 to the updated or rolled back parameter in the status column of the monitoring device, indicating Currently updated or rolled back once.

Specifically, after the monitoring device starts up or performs any task, it sends a heartbeat message carrying the Mac address of the monitoring device and the current monitoring IMEI to the monitoring cloud platform. After receiving the heartbeat message, the monitoring cloud platform queries the corresponding Monitor the IMEI saved by the device in the database and compare it with the current IMEI in the heartbeat message. If the current IMEI is the same as the IMEI stored in the database, the monitoring cloud platform returns information that there is currently no update to the monitoring device. If the current IMEI is inconsistent with the IMEI stored in the database, the monitoring cloud platform sends the monitoring task corresponding to the IMEI stored in the database to the monitoring device. After the monitoring device completes the monitoring task, it sends a heartbeat message carrying the Mac address of the monitoring device and the current IMEI to the monitoring cloud platform again, and repeats the above process until the IMEI on the monitoring device is consistent with the IMEI stored in the monitoring cloud platform database. When the user needs to update or roll back the IMEI for a certain monitoring device, after configuring the IMEI of the monitoring device in the background of the monitoring cloud platform, the monitoring cloud platform will send the IMEI to the corresponding monitoring device in real time. Furthermore, the user can perform monitoring version configuration for a certain batch of monitoring devices (such as monitoring devices of the same model or monitoring devices in the same location) in the background of the monitoring cloud platform, and batch release to corresponding monitoring devices to perform version changes.

In addition, in the embodiment of the present invention, it is also necessary to perform an AI abnormal early warning operation on the monitoring device. Specifically, obtain N heartbeat messages sent by the monitoring device in N time periods, where N is greater than 1; The N heartbeat information is set as a time series group, and the time series group includes N-dimensional time series, and each time series is provided with a key-value pair key-value, and the key-value pair corresponds to the content of the heartbeat packet one by one. Key-value is a storage form of a distributed storage system. The original meaning of key value is to get the value according to the keyword, where key is the keyword and value is the value. The key-value database is a database that stores data in key-value pairs. Each key corresponds to a unique value. Extremely high concurrent read and write performance. For example, if the heartbeat packet contains A and B information, then the corresponding key-value pair also needs to contain the same information; input the N-dimensional time series into M*N anomaly predictors respectively, and one of the time The sequence corresponds to M abnormal predictors, M is a positive integer and less than N; the key-value pairs of N time series are input into the symmetric residual network, and the first feature of the key-value pair is extracted through the symmetric residual network ; Quantify the weight of the first feature through the attention mechanism to obtain the quantized second feature; input the quantized second feature into the bidirectional long-term short-term memory network to obtain the predicted N+1 cycle A key-value pair; performing an early warning judgment on the key-value pair of the N+1th cycle, and if the key-value pair of the N+1th cycle exceeds a preset threshold range, it is determined that the monitoring device is abnormal. Wherein, the symmetric residual network includes a convolution module and a deconvolution module, the convolution module includes K residual blocks, and the deconvolution module includes K deconvolution blocks, wherein the K is greater than or An integer equal to 1; extracting the first feature of the key-value pair through the symmetric residual network, specifically including:

Convolve the local features through the K residual blocks in the convolution module to obtain intermediate features; deconvolute the intermediate features through the K deconvolution blocks in the deconvolution module A product operation is performed to obtain the first feature of the access volume; the intermediate features are deconvoluted through K deconvolution blocks in the deconvolution module to obtain the first feature of the access volume.

In the above cloud security monitoring task information interaction method, it also includes:

receiving monitoring enabled status information and/or authentication enabled status information for the monitoring device configured by the user in the background, the monitoring enabled status information is configuring the monitoring status of the monitoring device as an enabled state or an disabled state, and the authentication The open state information is to configure the authentication state of the monitoring device as an open state or a closed state;

Writing the monitoring enabled status information and/or authentication enabled status information into a database;

receiving a heartbeat message sent by the monitoring device;

When the monitoring enabled status information and/or authentication enabled status information of the monitoring device carried in the heartbeat message is inconsistent with the monitoring enabled status information and/or authentication enabled status information of the monitoring device configured in the database, the The above-mentioned monitoring equipment issues corresponding monitoring switch tasks and/or authentication switch tasks;

receiving an execution result of the monitoring switching task and/or authentication switching task returned by the monitoring device;

When the execution result of the monitoring switching task and/or the authentication switching task is a failure, the monitoring switching task and/or the authentication switching task are sent to the monitoring device again until the monitoring device returns information that the execution result is successful .

Specifically, each heartbeat of the monitoring device reports the monitoring enabled status and authentication enabled status. If any status information in the two statuses is different from the corresponding status information stored in the database of the monitoring cloud platform, the monitoring cloud platform will issue the corresponding The monitoring switch task or the authentication switch task is given to the monitoring device until the monitoring enabled status information and authentication enabled status information reported by the monitoring device are consistent with the corresponding status information stored in the monitoring cloud platform database. When the user needs to turn off or restart the monitoring status or authentication status of a monitoring device, it can be configured in the background of the monitoring cloud platform, and the monitoring cloud platform matches the status in the heartbeat message reported by the monitoring device according to the configured status Afterwards, the corresponding switch task is issued to make the monitoring device execute the task to change the corresponding state. Exemplarily, the monitoring device executes the monitoring enabling task after receiving the monitoring enabling task, and reports the execution result of the monitoring enabling task to the monitoring cloud platform after the execution is completed. If the monitoring device reports a task execution failure message, the monitoring cloud platform will send the monitoring start task to the monitoring device again until the monitoring status reported by the monitoring device in the heartbeat message is consistent with the monitoring status of the monitoring device saved in the database of the monitoring cloud platform. Same open state.

When the monitoring device needs to be restarted, according to the Mac address of the monitoring device, the monitoring cloud platform sends a restart task to the monitoring device. After receiving the task, the monitoring device executes the restart command to restart.

Further, in the above-mentioned cloud security monitoring task information interaction method, it also includes:

receiving an inspection instruction for the monitoring device configured by the user in the background, the inspection instruction including physical address information of the monitoring device;

issuing the inspection instruction to the monitoring device corresponding to the physical address information;

receiving the execution result of the inspection instruction returned by the monitoring device;

Display the execution result.

Specifically, the user enters the Mac of the monitoring device to be checked and the inspection command on the monitoring cloud platform, and the monitoring cloud platform issues the command to the designated monitoring device. After the monitoring device receives the task, it runs the designated command and reports the return value of the command to the monitoring cloud platform , the monitoring cloud platform receives the command and returns the result, and displays it to the user.

Further, in the above cloud security monitoring task information interaction method, the interaction request information is encrypted by the monitoring device using the public key provided by the server, and the interaction request information is decrypted and decoded to obtain address information and subscription information , this step specifically includes:

Using the private key corresponding to the public key to decrypt the interaction request information to obtain the identity information of the monitoring device, the address information of the message service module, subscription topic information, and a plaintext string of monitoring interaction information;

judging whether the plaintext string of the subscription topic information contains a preset first delimiter and whether the plaintext string of the monitoring interaction information contains a preset second delimiter;

judging whether the number of the first delimiters in the plaintext string of the subscription topic information is consistent with the number of the second delimiters in the plaintext string of the monitoring interaction information;

When both are judged to be yes, segment the plaintext string of the subscription topic information and the plaintext string of the monitoring interaction information based on the first delimiter and the second delimiter to generate subscription topic arrays and interaction information respectively array.

Specifically, after the monitoring cloud platform generates a key pair, it sends the public key certificate to the monitoring device, and the monitoring device uses the public key certificate obtained from the monitoring cloud platform to encrypt the monitoring interaction information, so that when it transmits to the monitoring cloud platform When monitoring interaction information, the monitoring cloud platform can decrypt it using the corresponding private key. The first delimiter and the second delimiter may be the same symbol or different symbols.

In the above cloud security monitoring task information interaction method, the method for the monitoring device to generate the interaction request information includes:

Obtain the subscription topic of the interaction request message to be generated and the corresponding monitoring interaction information;

When the number of subscription topics to be generated for an interaction request message is greater than one, the subscription topics are grouped based on the service type corresponding to the subscription topics on the monitoring cloud platform;

Using the first delimiter to splice the order of subscription topics in the same group to generate a text string of subscription topics;

Using the second delimiter to sequentially splice the interaction information corresponding to the subscription topic of the same group to generate a plaintext string of the monitoring interaction information;

The public key provided by the server is used to encrypt the plaintext string of the subscription topic and the plaintext string of the monitoring interaction information to generate the interaction request information.

Specifically, the monitoring cloud platform can run multiple different types of monitoring management service programs on the same server or multiple servers to adapt to different usage scenarios, for example, the system message processing service and business message processing service can be separated, Or separate message processing services for monitoring devices in different places to simplify business processing logic and avoid data errors caused by information coupling. Based on the different service types corresponding to the monitoring interaction messages, the monitoring device side groups and merges the monitoring interaction messages to reduce redundant data in the information previously transmitted between the device and the monitoring cloud platform and improve interaction efficiency.

In the above cloud security monitoring task information interaction method, the step of inputting the monitoring interaction information into the monitoring device associated with the subscription topic information specifically includes:

Matching each subscription topic in the subscription topic array with a list of subscription topics saved in the database;

determining a monitoring device corresponding to each subscription topic in the subscription topic array according to the matching result;

Each interaction information in the interaction information array is input to a corresponding monitoring device.

Specifically, the monitoring cloud platform stores a subscription topic list in the database and dynamically updates the subscription topic list according to the interaction with the monitoring device, and the user can use the background management interface of the monitoring cloud platform. Maintain the above subscription topic list, including adding a subscription topic, associating a subscription topic with a monitoring device, deleting a subscription topic that is not subscribed by a monitoring device, modifying a subscription topic and its monitoring interaction information, etc.

In the technical solution of the above embodiment, after decrypting and decoding the interaction request information reported from the monitoring device, one or more subscription topics in the interaction request information are related to the subscription topics in the subscription topic list. matching, so as to determine the associated monitoring device to submit the monitoring interaction information corresponding to each subscription topic, so that the monitoring device checks the monitoring interaction information to determine whether the task release information associated with the subscription topic information needs to be changed.

In the above cloud security monitoring task information interaction method, after the step of matching each subscription topic in the subscription topic array with the subscription topic list stored in the database, it also includes:

When one or more subscription topics in the subscription topic array do not match the subscription topics in the subscription topic list, change the message interaction mode of the monitoring device to a publishing mode;

Adding the unmatched subscription topic in the database;

Display the newly added subscription topic;

receiving the monitoring device information configured by the user in the background to subscribe to the subscription topic, the monitoring device information including the physical address information of the monitoring device;

Sending the monitoring interaction information of the subscribed topic to the monitoring device.

Specifically, the monitoring device adopts the subscription mode by default to subscribe to the monitoring task subscription topic published in the monitoring cloud platform. When the monitoring device needs to interact with other monitoring devices to monitor task information, it can be carried directly in the interaction information with the monitoring cloud platform For new subscription topics, the monitoring cloud platform will automatically change the interactive information submitted to these subscription topics to the publishing mode to publish these newly added subscription topics. Users can configure monitoring devices that need to subscribe to these subscription topics on the background management page, and then from The corresponding monitoring interaction information is obtained from the monitoring cloud platform.

An embodiment of the present invention provides a computer-readable medium on which a computer program is stored, and when the computer program is executed by a processor, the cloud security monitoring task information interaction method described in any one of the first aspects of the present invention is implemented.

Fig. 4 is a schematic diagram of the hardware composition of the device in an embodiment. It will be understood that Fig. 4 only shows a simplified design of the device. In practical applications, the device can also include other necessary components, including but not limited to any number of input/output systems, processors, controllers, memories, etc. devices are within the scope of protection of the present application.

Memory includes but not limited to random access memory (random access memory, RAM), read only memory (read to only memory, ROM), erasable programmable read only memory (erasable programmable readonly memory, EPROM), or portable only memory Read memory (compact disc read to only memory, CD to ROM), which is used for related instructions and data.

The input system is used to input data and/or signals, and the output system is used to output data and/or signals. The output system and the input system can be independent devices or an integrated device.

The processor may include one or more processors, such as one or more central processing units (central processing unit, CPU). In the case where the processor is a CPU, the CPU may be a single-core CPU or a multi-core CPU. CPU. The processor may also include one or more special-purpose processors, and the special-purpose processor may include GPU, FPGA, etc., for accelerated processing.

Memory is used to store program codes and data for network devices.

The processor is used to call the program codes and data in the memory to execute the steps in the above method embodiments. For details, refer to the description in the method embodiments, and details are not repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed system and method can be implemented in other ways. For example, the division of this unit is only a logical function division, and there may be other division methods in actual implementation, for example, multiple units or components can be combined or integrated into another system, or some features can be ignored, or not implement. The mutual coupling, or direct coupling, or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of systems or units may be in electrical, mechanical or other forms.

A unit described as a separate component may or may not be physically separated, and a component displayed as a unit may or may not be a physical unit, that is, it may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable system. The computer instructions may be stored in or transmitted over a computer-readable storage medium. The computer instructions can be sent from one website site, computer, server, or data center to another via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) A website site, computer, server or data center for transmission. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium can be read-only memory (read to only memory, ROM), or random access memory (random access memory, RAM), or magnetic medium, for example, floppy disk, hard disk, magnetic tape, magnetic disk, or optical medium, for example, digital A universal optical disk (digital versatile disc, DVD), or a semiconductor medium, for example, a solid state disk (solid state disk, SSD) and the like.

As shown in Figure 5, the second aspect of the present invention proposes a cloud security monitoring task information interaction system, including:

The receiving module is used to receive the monitoring interaction request message sent by the cloud security monitoring device, and the interaction request message includes the identity information of the pre-configured monitoring device, the address information of the message service module, the subscription topic information and the monitoring interaction information;

A connection module, configured to establish a communication connection between the monitoring device and the message service module according to the address information;

An input module, configured to input the monitoring interaction information into a monitoring device associated with the subscription topic information;

A judging module, configured to check the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information; if it is judged to be yes, then write the monitoring interaction information into a memory queue and wait for an asynchronous thread pool The module performs persistent operations on it;

The judging module is further configured to judge whether there is task information that needs to be sent to the monitoring device in the memory queue according to the identity information of the monitoring device; if it is judged to be yes, the task information is encapsulated and encrypted Send it to the monitoring device through the message service module.

Specifically, the cloud security monitoring task information interaction method proposed by the present invention is applied to the monitoring cloud platform, and the monitoring cloud platform interacts with the monitoring equipment in real time through the message publishing/subscribing mechanism of the MQTT (Message Queuing Telemetry Transport) protocol . An agreed Topic (subscription topic) is used between the monitoring cloud platform and the monitoring device to perform cloud security monitoring interaction. Under the MQTT protocol, the message interaction modes of the interacting parties include Publish (publish) mode and Subscribe (subscribe) mode. The monitoring device can use the Publish mode to send the Publish message to the monitoring cloud platform to call the service interface of the corresponding subscription topic, and can also use the subscription mode to subscribe to any subscription topic on the monitoring cloud platform to receive services under the subscription topic notification. The monitoring device can obtain the application instant command through the monitoring device command topic cluster, and report the execution result. Before returning the result, the data to be changed will be sent to the thread pool, and the asynchronous thread will send the information of the changed monitoring device to the agreed topic Topic, and then send it to the monitoring device by the EMQX message service. Specifically, in the technical solutions of some embodiments of the present invention, the monitoring device encrypts the request information of the monitoring device through an encryption and encoding method agreed upon with the monitoring cloud platform, and uses HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer , a secure hypertext transfer protocol channel) protocol to send the request information to a unified API (Application Programming Interface, application programming interface) gateway. The unified API gateway forwards the request to the monitoring device addressing system, and the monitoring device addressing system decrypts and decodes the request information, and calculates the EMQX message service address and Topic that the monitoring device needs to connect to according to the configuration data of the monitoring cloud platform , so as to achieve load balancing and improve fault tolerance. After the monitoring device obtains the EMQX message service address and Topic, it establishes an MQTT communication connection with the EMQX message service. After the EMQX message service receives the request information from the monitoring device, it pushes it to the monitoring device access system corresponding to the Topic, and the monitoring device access system decrypts and decodes the request information, and verifies the decoded data. Check whether the request information has changed the information corresponding to the topic on the monitoring cloud platform. If it needs to be changed, the data will be saved in the memory queue, consumed by the asynchronous thread pool, and persisted. The monitoring cloud platform judges whether there is a task to be sent to the monitoring device according to the Mac (Media Access Control, media intervention control layer, also known as the physical address) address of the monitoring device or the monitoring device ID (Identity document, ID number). If there is a task that needs to be delivered, the task will be encapsulated and encrypted, and sent to the EMQX message service, and the EMQX message service will push the data to the monitoring device.

In addition, in the embodiment of the present invention, the system is also used for:

Receive registration requests from monitoring devices;

Receive a heartbeat message periodically sent by the monitoring device in the turned-on state, where the heartbeat message includes physical address information of the monitoring device, monitoring-on state information, and authentication-on state information.

After the monitoring device is registered and started, it sends a heartbeat message to the monitoring cloud platform every minute, carrying the local Mac address, monitoring enabled status, and authentication enabled status. The monitoring cloud platform records the real-time online status of the monitoring device according to the latest heartbeat message of the monitoring device. That is, the monitoring device is online or offline. The display module of the monitoring cloud platform displays the online status or other status information of the monitoring equipment through its front page or background page.

In the above cloud security monitoring task information interaction process, it also includes:

Receiving a heartbeat message sent by the monitoring device after it is turned on or after performing any task, the heartbeat message includes physical address information of the monitoring device and International Mobile Equipment Identity (IMEI, IMEI) information;

Query the IMEI of the monitoring device in the database according to the physical address information of the monitoring device;

When the IMEI of the monitoring device queried from the database is the same as the IMEI carried in the heartbeat message, return information that there is currently no monitoring task to the monitoring device;

Otherwise, send the monitoring task corresponding to the IMEI queried from the database to the monitoring device;

receiving IMEI update information or IMEI rollback information for the monitoring device configured by the user in the background;

Write the IMEI corresponding to the IMEI update information or the IMEI rollback information into the database;

Push the IMEI corresponding to the IMEI update information or IMEI rollback information to the monitoring device so that the monitoring device updates the IMEI, and add 1 to the updated or rolled back parameter in the status column of the monitoring device, indicating Currently updated or rolled back once.

Specifically, after the monitoring device starts up or performs any task, it sends a heartbeat message carrying the Mac address of the monitoring device and the current monitoring IMEI to the monitoring cloud platform. After receiving the heartbeat message, the monitoring cloud platform queries the corresponding Monitor the IMEI saved by the device in the database and compare it with the current IMEI in the heartbeat message. If the current IMEI is the same as the IMEI stored in the database, the monitoring cloud platform returns information that there is currently no update to the monitoring device. If the current IMEI is inconsistent with the IMEI stored in the database, the monitoring cloud platform sends the monitoring task corresponding to the IMEI stored in the database to the monitoring device. After the monitoring device completes the monitoring task, it sends a heartbeat message carrying the Mac address of the monitoring device and the current IMEI to the monitoring cloud platform again, and repeats the above process until the IMEI on the monitoring device is consistent with the IMEI stored in the monitoring cloud platform database. When the user needs to update or roll back the IMEI for a certain monitoring device, after configuring the IMEI of the monitoring device in the background of the monitoring cloud platform, the monitoring cloud platform will send the IMEI to the corresponding monitoring device in real time. Furthermore, the user can perform monitoring version configuration for a certain batch of monitoring devices (such as monitoring devices of the same model or monitoring devices in the same location) in the background of the monitoring cloud platform, and batch release to corresponding monitoring devices to perform version changes.

In addition, in the embodiment of the present invention, the system is also used to perform an AI abnormal early warning operation on the monitoring device, specifically, to obtain N heartbeat messages sent by the monitoring device in N time periods, where N is greater than 1 ; The N heartbeat information is set as a time series group, the time series group includes an N-dimensional time series, each time series is provided with a key-value pair key-value, and the key-value pair is the same as the content of the heartbeat packet One to one correspondence. Key-value is a storage form of a distributed storage system. The original meaning of key value is to get the value according to the keyword, where key is the keyword and value is the value. The key-value database is a database that stores data in key-value pairs. Each key corresponds to a unique value. Extremely high concurrent read and write performance. For example, if the heartbeat packet contains A and B information, then the corresponding key-value pair also needs to contain the same information; input the N-dimensional time series into M*N anomaly predictors respectively, and one of the time The sequence corresponds to M abnormal predictors, M is a positive integer and less than N; the key-value pairs of N time series are input into the symmetric residual network, and the first feature of the key-value pair is extracted through the symmetric residual network ; Quantify the weight of the first feature through the attention mechanism to obtain the quantized second feature; input the quantized second feature into the bidirectional long-term short-term memory network to obtain the predicted N+1 cycle A key-value pair; performing an early warning judgment on the key-value pair of the N+1th cycle, and if the key-value pair of the N+1th cycle exceeds a preset threshold range, it is determined that the monitoring device is abnormal. Wherein, the symmetric residual network includes a convolution module and a deconvolution module, the convolution module includes K residual blocks, and the deconvolution module includes K deconvolution blocks, wherein the K is greater than or An integer equal to 1; extracting the first feature of the key-value pair through the symmetric residual network, specifically including:

Convolve the local features through the K residual blocks in the convolution module to obtain intermediate features; deconvolute the intermediate features through the K deconvolution blocks in the deconvolution module A product operation is performed to obtain the first feature of the access volume; the intermediate features are deconvoluted through K deconvolution blocks in the deconvolution module to obtain the first feature of the access volume.

In the above cloud security monitoring task information interaction process, it also includes:

receiving monitoring enabled status information and/or authentication enabled status information for the monitoring device configured by the user in the background, the monitoring enabled status information is configuring the monitoring status of the monitoring device as an enabled state or an disabled state, and the authentication The open state information is to configure the authentication state of the monitoring device as an open state or a closed state;

Writing the monitoring enabled status information and/or authentication enabled status information into a database;

receiving a heartbeat message sent by the monitoring device;

When the monitoring enabled status information and/or authentication enabled status information of the monitoring device carried in the heartbeat message is inconsistent with the monitoring enabled status information and/or authentication enabled status information of the monitoring device configured in the database, the The above-mentioned monitoring equipment issues corresponding monitoring switch tasks and/or authentication switch tasks;

receiving an execution result of the monitoring switching task and/or authentication switching task returned by the monitoring device;

When the execution result of the monitoring switching task and/or the authentication switching task is a failure, the monitoring switching task and/or the authentication switching task are sent to the monitoring device again until the monitoring device returns information that the execution result is successful .

Specifically, each heartbeat of the monitoring device reports the monitoring enabled status and authentication enabled status. If any status information in the two statuses is different from the corresponding status information stored in the database of the monitoring cloud platform, the monitoring cloud platform will issue the corresponding The monitoring switch task or the authentication switch task is given to the monitoring device until the monitoring enabled status information and authentication enabled status information reported by the monitoring device are consistent with the corresponding status information stored in the monitoring cloud platform database. When the user needs to turn off or restart the monitoring status or authentication status of a monitoring device, it can be configured in the background of the monitoring cloud platform, and the monitoring cloud platform matches the status in the heartbeat message reported by the monitoring device according to the configured status Afterwards, the corresponding switch task is issued to make the monitoring device execute the task to change the corresponding state. Exemplarily, the monitoring device executes the monitoring enabling task after receiving the monitoring enabling task, and reports the execution result of the monitoring enabling task to the monitoring cloud platform after the execution is completed. If the monitoring device reports a task execution failure message, the monitoring cloud platform will send the monitoring start task to the monitoring device again until the monitoring status reported by the monitoring device in the heartbeat message is consistent with the monitoring status of the monitoring device saved in the database of the monitoring cloud platform. Same open state.

When the monitoring device needs to be restarted, according to the Mac address of the monitoring device, the monitoring cloud platform sends a restart task to the monitoring device. After receiving the task, the monitoring device executes the restart command to restart.

Further, in the above-mentioned cloud security monitoring task information interaction process, it also includes:

receiving an inspection instruction for the monitoring device configured by the user in the background, the inspection instruction including physical address information of the monitoring device;

issuing the inspection instruction to the monitoring device corresponding to the physical address information;

receiving the execution result of the inspection instruction returned by the monitoring device;

Display the execution result.

Specifically, the user enters the Mac of the monitoring device to be checked and the inspection command on the monitoring cloud platform, and the monitoring cloud platform issues the command to the designated monitoring device. After the monitoring device receives the task, it runs the designated command and reports the return value of the command to the monitoring cloud platform , the monitoring cloud platform receives the command and returns the result, and displays it to the user.

Further, in the above cloud security monitoring task information interaction method, the interaction request information is encrypted by the monitoring device using the public key provided by the server, and the interaction request information is decrypted and decoded to obtain address information and subscription information , this step specifically includes:

Using the private key corresponding to the public key to decrypt the interaction request information to obtain the identity information of the monitoring device, the address information of the message service module, subscription topic information, and a plaintext string of monitoring interaction information;

judging whether the plaintext string of the subscription topic information contains a preset first delimiter and whether the plaintext string of the monitoring interaction information contains a preset second delimiter;

judging whether the number of the first delimiters in the plaintext string of the subscription topic information is consistent with the number of the second delimiters in the plaintext string of the monitoring interaction information;

When both are judged to be yes, segment the plaintext string of the subscription topic information and the plaintext string of the monitoring interaction information based on the first delimiter and the second delimiter to generate subscription topic arrays and interaction information respectively array.

Specifically, after the monitoring cloud platform generates a key pair, it sends the public key certificate to the monitoring device, and the monitoring device uses the public key certificate obtained from the monitoring cloud platform to encrypt the monitoring interaction information, so that when it transmits to the monitoring cloud platform When monitoring interaction information, the monitoring cloud platform can decrypt it using the corresponding private key. The first delimiter and the second delimiter may be the same symbol or different symbols.

In the above cloud security monitoring task information interaction method, the method for the monitoring device to generate the interaction request information includes:

Obtain the subscription topic of the interaction request message to be generated and the corresponding monitoring interaction information;

When the number of subscription topics to be generated for an interaction request message is greater than one, the subscription topics are grouped based on the service type corresponding to the subscription topics on the monitoring cloud platform;

Using the first delimiter to splice the order of subscription topics in the same group to generate a text string of subscription topics;

Using the second delimiter to sequentially splice the interaction information corresponding to the subscription topic of the same group to generate a plaintext string of the monitoring interaction information;

The public key provided by the server is used to encrypt the plaintext string of the subscription topic and the plaintext string of the monitoring interaction information to generate the interaction request information.

Specifically, the monitoring cloud platform can run multiple different types of monitoring management service programs on the same server or multiple servers to adapt to different usage scenarios, for example, the system message processing service and business message processing service can be separated, Or separate message processing services for monitoring devices in different places to simplify business processing logic and avoid data errors caused by information coupling. Based on the different service types corresponding to the monitoring interaction messages, the monitoring device side groups and merges the monitoring interaction messages to reduce redundant data in the information previously transmitted between the device and the monitoring cloud platform and improve interaction efficiency.

In the above cloud security monitoring task information interaction method, the step of inputting the monitoring interaction information into the monitoring device associated with the subscription topic information specifically includes:

Matching each subscription topic in the subscription topic array with a list of subscription topics saved in the database;

determining a monitoring device corresponding to each subscription topic in the subscription topic array according to the matching result;

Each interaction information in the interaction information array is input to a corresponding monitoring device.

Specifically, the monitoring cloud platform stores a subscription topic list in the database and dynamically updates the subscription topic list according to the interaction with the monitoring device, and the user can use the background management interface of the monitoring cloud platform. Maintain the above subscription topic list, including adding a subscription topic, associating a subscription topic with a monitoring device, deleting a subscription topic that is not subscribed by a monitoring device, modifying a subscription topic and its monitoring interaction information, etc.

The present invention proposes a cloud security monitoring task information interaction method, system and computer-readable medium, which realizes remote real-time management of monitoring equipment through interactive forms, facilitates the management of monitoring equipment by users and operation and maintenance personnel, and adopts lightweight release support /Subscription-based message transmission, providing reliable network services for monitoring devices in low-bandwidth and unstable network environments, and providing stable monitoring device access services with massive connections, high concurrency, and low latency, supporting data encryption, and providing high Secure monitoring device data transmission channel, screen and forward monitoring device messages and execute them asynchronously by sending messages to improve system response speed, support monitoring cloud platform to issue monitoring device commands, and obtain status information of monitoring devices according to different commands .

It should be noted that in this article, relational terms such as first and second etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. There is no such actual relationship or order between them. Moreover, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or monitoring device comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements identified, or also include elements inherent in such a process, method, article, or monitoring device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or monitoring device comprising said element.

Embodiments according to the present invention are described above, and these embodiments do not describe all details in detail, nor do they limit the invention to only the specific embodiments described. Obviously many modifications and variations are possible in light of the above description. This description selects and specifically describes these embodiments in order to better explain the principles and practical applications of the present invention, so that those skilled in the art can make good use of the present invention and its modification on the basis of the present invention. The invention is to be limited only by the claims, along with their full scope and equivalents.

Claims (9)

1. A cloud security monitoring task information interaction method, characterized in that, comprising: Receive a monitoring interaction request message sent by a cloud security monitoring device, where the interaction request message includes preconfigured identity information of the monitoring device, address information of the message service module, subscription topic information, and monitoring interaction information; Establishing a communication connection between the monitoring device and the message service module according to the address information; inputting the monitoring interaction information into a monitoring device associated with the subscription topic information; The monitoring device verifies the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information; If it is judged to be yes, then write the monitoring interaction information into the memory queue and wait for the asynchronous thread pool module to perform persistent operations on it; judging according to the identity information of the monitoring device whether there is task information that needs to be delivered to the monitoring device in the memory queue; If it is judged to be yes, then the task information is encapsulated and encrypted and sent to the monitoring device through the message service module. 2. The cloud security monitoring task information interaction method according to claim 1, further comprising: receiving a registration request of the monitoring device; Receive a heartbeat message periodically sent by the monitoring device in an on state, where the heartbeat message includes physical address information of the monitoring device, monitoring on state information and/or authentication on state information. 3. The cloud security monitoring task information interaction method according to claim 2, further comprising: Receive the heartbeat information sent by the monitoring device after it is powered on or after performing any task, the heartbeat information includes the physical address information of the monitoring device and the International Mobile Equipment Identity code IMEI information; Query the IMEI of the monitoring device in the database according to the physical address information of the monitoring device; When the IMEI of the monitoring device queried from the database is the same as the IMEI carried in the heartbeat information, return information that there is currently no monitoring task to the monitoring device; Otherwise, send the monitoring task corresponding to the IMEI queried from the database to the monitoring device; Configured IMEI update information or IMEI rollback information for the monitoring device; Write the IMEI corresponding to the IMEI update information or the IMEI rollback information into the database; Push the IMEI corresponding to the IMEI update information or the IMEI rollback information to the monitoring device so that the monitoring device updates the IMEI, and add 1 to the updated or rolled back parameter in the status column of the monitoring device. 4. The cloud security monitoring task information interaction method according to claim 3, further comprising: receiving monitoring enabled status information and/or authentication enabled status information for the monitoring device configured by the user in the background, the monitoring enabled status information is configuring the monitoring status of the monitoring device as an enabled state or an disabled state, and the authentication The open state information is to configure the authentication state of the monitoring device as an open state or a closed state; Writing the monitoring enabled status information and/or authentication enabled status information into a database; receiving heartbeat information sent by the monitoring device; When the monitoring enabled status information and/or authentication enabled status information of the monitoring device carried in the heartbeat information is inconsistent with the monitoring enabled status information and/or authentication enabled status information of the monitoring device configured in the database, the The above-mentioned monitoring equipment issues corresponding monitoring switch tasks and/or authentication switch tasks; receiving an execution result of the monitoring switching task and/or authentication switching task returned by the monitoring device; When the execution result of the monitoring switching task and/or the authentication switching task is a failure, the monitoring switching task and/or the authentication switching task are sent to the monitoring device again until the monitoring device returns information that the execution result is successful . 5. The cloud security monitoring task information interaction method according to claim 2, further comprising: Perform AI abnormal warning operation on the monitoring equipment. 6. The cloud security monitoring task information interaction method according to claim 5, wherein performing an AI abnormal early warning operation on the monitoring device includes: Obtaining N heartbeat messages sent by the monitoring device in N time periods, where N is greater than 1; The N heartbeat information is set as a time series group, the time series group includes an N-dimensional time series, and each time series is provided with a key-value pair key-value, and the key-value pair is one-to-one with the content of the heartbeat packet correspond; Inputting the N-dimensional time series into M*N anomaly predictors respectively, wherein one time series corresponds to M anomaly predictors, and M is a positive integer less than N; The key-value pairs of N time series are input into the symmetric residual network, and the first feature of the key-value pair is extracted through the symmetric residual network; performing weight quantization on the first feature pair through an attention mechanism to obtain a quantized second feature; Inputting the quantized second feature into the two-way long-short-term memory network to obtain the predicted key-value pair of the N+1th cycle; An early warning judgment is performed on the key-value pair of the N+1th cycle, and if the key-value pair of the N+1th cycle exceeds a preset threshold range, it is determined that the monitoring device is abnormal. 7. The cloud security monitoring task information interaction method according to claim 1, wherein the interaction request message is encrypted by the monitoring device using a public key provided by the server, and the interaction request message is decrypted and decoded The specific operation steps include: Using the private key corresponding to the public key to decrypt the interaction request message to obtain the identity information of the monitoring device, the address information of the message service module, subscription topic information, and a plaintext string of monitoring interaction information; judging whether the plaintext string of the subscription topic information contains a preset first delimiter and whether the plaintext string of the monitoring interaction information contains a preset second delimiter; judging whether the number of the first delimiters in the plaintext string of the subscription topic information is consistent with the number of the second delimiters in the plaintext string of the monitoring interaction information; When both are judged to be yes, segment the plaintext string of the subscription topic information and the plaintext string of the monitoring interaction information based on the first delimiter and the second delimiter to generate subscription topic arrays and interaction information respectively array. 8. The cloud security monitoring task information interaction method according to claim 7, wherein the step of inputting the monitoring interaction information into the monitoring device associated with the subscription topic information specifically comprises: Matching each subscription topic in the subscription topic array with a list of subscription topics saved in the database; determining a monitoring device corresponding to each subscription topic in the subscription topic array according to the matching result; Each interaction information in the interaction information array is input to a corresponding monitoring device. 9. A cloud security monitoring task information interaction system, characterized in that it comprises: The receiving module is used to receive the monitoring interaction request message sent by the cloud security monitoring device, and the interaction request message includes the identity information of the pre-configured monitoring device, the address information of the message service module, the subscription topic information and the monitoring interaction information; A connection module, configured to establish a communication connection between the monitoring device and the message service module according to the address information; An input module, configured to input the monitoring interaction information into a monitoring device associated with the subscription topic information; A judging module, configured to check the monitoring interaction information to determine whether it is necessary to change the task release information associated with the subscription topic information; if it is judged to be yes, then write the monitoring interaction information into a memory queue and wait for an asynchronous thread pool The module performs persistent operations on it; The judging module is further configured to judge whether there is task information that needs to be sent to the monitoring device in the memory queue according to the identity information of the monitoring device; if it is judged to be yes, the task information is encapsulated and encrypted Send it to the monitoring device through the message service module.

Images