CN115632866A - Message desensitization method, device, equipment and medium based on FPGA - Google Patents
Message desensitization method, device, equipment and medium based on FPGA Download PDFInfo
- Publication number
- CN115632866A CN115632866A CN202211313446.0A CN202211313446A CN115632866A CN 115632866 A CN115632866 A CN 115632866A CN 202211313446 A CN202211313446 A CN 202211313446A CN 115632866 A CN115632866 A CN 115632866A
- Authority
- CN
- China
- Prior art keywords
- sensitive
- message
- fpga
- target
- desensitization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 96
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000001914 filtration Methods 0.000 claims abstract description 149
- 239000004744 fabric Substances 0.000 claims abstract description 20
- 238000012545 processing Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000006073 displacement reaction Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a message desensitization method, a message desensitization device, message desensitization equipment and a message desensitization medium based on an FPGA (field programmable gate array). The method comprises the following steps: acquiring at least one comparison byte length and a sensitive byte hash value matched with the message filtering rule set; in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and a standard comparison hash address of each bloom filter is set; inputting the received message to each cloth Long Guolv module through the FPGA, and sending the alternative position to the rule module; searching each alternative position and feeding back the searched target sensitive position to the FPGA through a rule module according to a message filtering rule set; and reading the sensitive field in the received message according to each target sensitive position through the FPGA, replacing the sensitive field with a preset desensitization field, and outputting a target desensitization message. By the technical scheme of the invention, hardware desensitization can be carried out on the message carrying sensitive information, and the timeliness requirement of message desensitization is met.
Description
Technical Field
The present invention relates to the Field of message desensitization, and in particular, to a method, an apparatus, a device, and a medium for implementing message desensitization based on an FPGA (Field Programmable Gate Array).
Background
In the network era of today, almost everyone can obtain various information through the network, and some important data can be transmitted through the network. Although the messages carrying various important data on the network are encrypted, some sensitive information can still be exposed from the messages, so that lawless persons can capture the messages through the exposed sensitive information and then analyze or decrypt the messages, and various important information can be obtained.
In the prior art, the desensitization processing of the message is mainly carried out in a software implementation mode, the calculation complexity and the time consumption are long, and the timeliness requirement of message transmission cannot be met.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for desensitizing a message based on an FPGA (field programmable gate array), and provides a method for implementing hardware desensitization of the message.
In a first aspect, an embodiment of the present invention provides a method for desensitizing a packet based on an FPGA, where the method includes:
acquiring at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length;
in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of bloom filters are set according to sensitive byte hash values;
sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative positions identified by each bloom filter module to a rule module;
accurately searching each alternative position of the received message through a rule module according to a message filtering rule set, and feeding back the searched target sensitive position to the FPGA;
and reading the sensitive fields in the received message through the FPGA according to the sensitive positions of the targets, replacing the sensitive fields with preset desensitization fields, and outputting the target desensitization message.
Optionally, the obtaining at least one comparison byte length matched with the packet filtering rule set and a sensitive byte hash value corresponding to each comparison byte length respectively includes:
acquiring filtering fields respectively corresponding to each message filtering rule, and determining the comparison byte length of each filtering field;
and generating a sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length.
The advantages of such an arrangement are: the filtering fields are classified according to the comparison byte length, and the sensitive byte hash value is calculated, so that the time consumption for calculating the filtering field hash value in the desensitization process of the message can be reduced to the greatest extent, and the working efficiency is improved.
Optionally, generating a sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length respectively, includes:
acquiring at least one target filtering field corresponding to the length of the currently processed target comparison byte;
calculating hash values respectively corresponding to each target filtering field;
and acquiring hash values of all target filtering fields to perform union processing, and taking a union operation result as a sensitive byte hash value corresponding to the target comparison byte length.
The advantages of such an arrangement are: the hash values are combined according to the comparison byte length, so that a plurality of different filtering fields are included more comprehensively, the operation is simplified in the subsequent filtering process, and the efficiency is improved.
Optionally, after sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, the received message is parallelly input to each of the Long Guolv modules, which includes:
for each of the cloth Long Guolv modules, the following are performed in parallel by the FPGA:
acquiring the current comparison byte length matched with the current cloth Long Guolv module, and determining the first character position of a received message as a first shift position;
taking the shift position as a starting point, acquiring an intercepted message of the current comparison byte length, and inputting the intercepted message to a current cloth Long Guolv module;
and after updating the shift position by adding 1, returning to execute the operation of acquiring the intercepted message with the current comparison byte length by taking the shift position as a starting point until the last character position of the received message is intercepted.
The advantages of such an arrangement are: the received messages are respectively shifted and filtered according to different comparison byte lengths, so that each character in the messages is not missed in the filtering process, and the accuracy of filtering the received messages is ensured.
Optionally, reading the sensitive fields in the received message according to the sensitive positions of the targets by the FPGA, and outputting the target desensitization message after replacing the sensitive fields with preset desensitization fields, including:
reading sensitive fields respectively corresponding to each target sensitive position in parallel in a received message through an FPGA;
and after the sensitive fields in the received message are replaced by the preset desensitization fields in parallel through the FPGA, outputting the target desensitization message.
The advantages of such an arrangement are: sensitive fields are replaced in parallel at one time through the FPGA and a target desensitization message is directly output, so that the desensitization message can be efficiently obtained, and the timeliness of message desensitization is met.
Optionally, reading, in parallel, sensitive fields corresponding to each target sensitive location in a received packet through the FPGA, including:
acquiring comparison byte lengths respectively corresponding to each target sensitive position in parallel through the FPGA;
and reading the sensitive fields respectively corresponding to the sensitive positions of the targets in parallel according to the comparison byte length respectively corresponding to the sensitive positions of the targets.
The benefit of this arrangement is: the sensitive fields corresponding to the comparison byte length and the sensitive field corresponding to each target sensitive position respectively are obtained through parallel operation, so that the processing time consumption in the desensitization process of the message is reduced, and the timeliness is improved.
Optionally, feeding back the found target sensitive location to the FPGA through a rule module, including:
feeding back the found sensitive positions of each target and the sensitive types respectively corresponding to the sensitive positions of each target to the FPGA through a rule module;
replacing all sensitive fields in the received message with preset desensitization fields in parallel through the FPGA, wherein the desensitization fields comprise:
acquiring desensitization fields corresponding to each sensitive field respectively through the FPGA according to the sensitive types corresponding to the sensitive positions of the targets respectively;
and parallelly replacing each sensitive field with a desensitization field corresponding to each sensitive field through the FPGA.
The advantages of such an arrangement are: the target sensitive position and the sensitive type are searched and fed back through the rule module, the sensitive field is replaced through the FPGA according to the sensitive type, and the desensitization process of the received message is achieved in a customized mode.
In a second aspect, an embodiment of the present invention further provides a device for desensitizing a packet based on an FPGA, where the device includes:
the sensitive word hash value determining module is used for acquiring at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length;
the bloom filter setting module is used for planning a bloom Long Guolv module corresponding to each comparison byte length in the FPGA and respectively setting a standard comparison hash address of each bloom filter according to the sensitive byte hash value;
the message transmission module is used for sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, then parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative positions identified by each bloom filter module to the rule module;
the target sensitive position searching module is used for accurately searching each alternative position of the received message according to the message filtering rule set through the rule module and feeding back the searched target sensitive position to the FPGA;
and the target desensitization message output module is used for reading the sensitive fields in the received message through the FPGA according to the target sensitive positions, replacing the sensitive fields with preset desensitization fields and then outputting the target desensitization message.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes: at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the FPGA-based implementation of the message desensitization method according to any of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are configured to, when executed by a processor, implement a method for desensitizing a packet based on an FPGA according to any embodiment of the present invention.
According to the technical scheme of the embodiment of the invention, the implementation mode of desensitization of message hardware is provided by acquiring the sensitive byte hash value of at least one comparison byte length matched with the message filtering rule set and each comparison byte length, setting a bloom filter according to the sensitive byte hash value, inputting the processed message into a bloom filtering module to determine the position of a sensitive word, accurately searching the target sensitive position through the rule module, feeding the searched target sensitive position back to an FPGA (field programmable gate array), desensitizing the message through the FPGA, and finally outputting the target desensitized message.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for desensitizing a message based on an FPGA according to an embodiment of the present invention;
fig. 2 is a flowchart of a message desensitization method implemented based on an FPGA according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for desensitizing a message based on an FPGA according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a message desensitization apparatus implemented based on an FPGA according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the message desensitization method implemented based on the FPGA according to the embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a method for desensitizing a message based on an FPGA according to an embodiment of the present invention, which is applicable to a situation of desensitizing a message based on an FPGA, and the method can be executed by a message desensitizing apparatus based on an FPGA, and the message desensitizing apparatus based on an FPGA can be implemented in a hardware and/or software manner, and the message desensitizing apparatus based on an FPGA can be configured in a terminal or a server having a data processing function, and is configured to implement a hardware desensitizing function of a message in cooperation with the FPGA and a rule module. As shown in fig. 1, the method includes:
s110, at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length are obtained.
The message filtering rule set includes a plurality of message filtering rules, and each message filtering rule includes one or more sensitive words (which may also be called filtering fields) that need to be used for message filtering. Correspondingly, the byte length occupied by the filtering field in each message filtering rule can be calculated.
Wherein the sensitive word may include: the system comprises personal information of a user, business sensitive information, special sensitive words set according to the requirements of the user side and the like.
In a specific example, if the message filtering rule 1 includes the filtering field a composed of 2 characters, the byte length occupied by the filtering field a may be determined to be 1 byte, and if the message filtering rule 2 includes the filtering field B composed of 4 characters, the byte length occupied by the filtering field B may be determined to be 2 bytes, etc.
Correspondingly, all optional byte lengths occupied by all message filtering rules can be determined by carrying out induction processing on the byte lengths occupied by the filtering fields in each message filtering rule. For example, the filter field XX and the filter field YY are different in content but each correspond to a byte length of 2 bytes because each contains 2 characters. Further, all the optional byte lengths described above may be used as the comparison byte length. That is, each comparison byte length is a set of all byte lengths occupied by each sensitive word in the message filtering rule set.
After obtaining each comparison byte length, the comparison byte length to which each filtering field in the message filtering rule set belongs can be correspondingly determined, and then, the sensitive byte hash value corresponding to each comparison byte length can be calculated according to one or more filtering fields corresponding to each comparison byte length.
The sensitive byte hash value of one comparison byte length can be understood as the hash characteristics carried by the field contents of all the filter fields corresponding to the comparison byte length.
Among them, hash operation is a method of creating a small digital "fingerprint" from any kind of data; further, the hash operation compresses the message or data into a digest, so that the amount of data becomes smaller, and the format of the data is fixed. The function mixes the data in a disorder way and recreates a fingerprint called a hash value (namely, the hash value); further, hash values are typically represented by a short string of random letters and numbers.
In an optional implementation manner of this embodiment, the obtaining at least one comparison byte length matched with the packet filtering rule set, and the sensitive byte hash value corresponding to each comparison byte length may include:
acquiring filtering fields respectively corresponding to each message filtering rule, and determining the comparison byte length of each filtering field; and generating a sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length.
Wherein the message filtering rule is included in the message filtering rule set; furthermore, different message filtering rules correspond to different filtering fields; it should be understood by those skilled in the art that different filter fields may correspond to the same byte length, and in this case, the same comparison byte length may correspond to a plurality of filter fields with different contents and similar numbers of characters. I.e. the same byte length may correspond to a plurality of different filter fields.
Further, generating the sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length may include:
acquiring at least one target filtering field corresponding to the length of the currently processed target comparison byte; calculating hash values respectively corresponding to each target filtering field; and acquiring hash values of all target filtering fields to perform union processing, and taking a union operation result as a sensitive byte hash value corresponding to the target comparison byte length.
In this optional embodiment, a calculation method of the sensitive byte hash value is taken as an example of one comparison byte length (a target comparison byte length currently processed).
The hash value with the preset length (e.g., 1Kbit or 1 Mbit) corresponding to each target filtering field may be calculated by using the existing hash operation rules. In a specific application scenario of this embodiment, 1 filtering field corresponding to one byte length (comparison byte length) in the message filtering rule set is set as a filtering field a; and 2 filtering fields corresponding to the length of two bytes are defined as a filtering field b and a filtering field c, and n filtering fields corresponding to the length of three bytes are defined as n filtering fields, wherein n is an integer greater than 2.
Correspondingly, when the target comparison byte length is one byte, the sensitive byte hash value of the target comparison byte length is the hash value of the filtering field a; and when the target comparison byte length is two bytes, the sensitive byte hash value of the target comparison byte length is the union set result of the hash values of the filtering field b and the filtering field c.
That is, after the first hash value of the filtering field b and the second hash value of the filtering field c are obtained through calculation, performing bitwise or operation on the first hash value and the second hash value to obtain a union result.
Similarly, when the target comparison byte length is three bytes, the hash value of the sensitive bytes of the target comparison byte length is the union result obtained by performing or operation on the n filter fields together bit by bit.
S120, in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of each bloom filter are set according to the sensitive byte hash values.
The FPGA belongs to a semi-custom circuit in an application-specific integrated circuit, is a programmable logic array, and can effectively solve the problem of less gate circuits of the original device. The basic structure of the FPGA comprises a programmable input/output unit, a configurable logic block, a digital clock management module, an embedded block RAM, wiring resources, an embedded special hard core and a bottom layer embedded functional unit. The FPGA has the characteristics of abundant wiring resources, high repeatable programming and integration level and low investment, and is widely applied to the field of digital circuit design.
Wherein the bloom filter comprises: a binary vector and a series of random mapping functions; further, a bloom filter may be used to retrieve whether an element is in a collection. That is, the bloom filter is used to search whether the hash value of the input content matches the standard comparison hash address written in the bloom filter in advance.
The search matching mode may be consistency matching or tendency matching. It is understood that when generating the corresponding hash value for each filtering field, it is equivalent to one or a few positions 1 in a fixed-length all-0 sequence, and further, when a bloom filter is calculated by performing a union operation on the hash values of a plurality of sensitive fields, it may be determined whether the hash value of the input content matches the standard aligned hash address by comparing the number of matched positions 1 between the hash value of the input content and the standard aligned hash address, for example, if the number of matched positions 1 is greater than or equal to 2, it is determined that the two match.
In this embodiment, a logic circuit of the bloom filter module corresponding to each comparison byte length may be first constructed, and a configuration file corresponding to the logic circuit may be generated; furthermore, when the FPGA to be used is initially configured, the configuration file is executed to plan the FPGA to obtain the modules of the cloth Long Guolv corresponding to the lengths of the comparison bytes.
Wherein, by using the sensitive byte hash value, respectively setting the standard comparison hash addresses of the bloom filters, the filtering fields that can be identified by the bloom filters can be set.
It should be emphasized that, in this embodiment, creatively providing filtering fields with different character lengths appearing in the message filtering rule set, and selecting and using bloom filtering modules with different comparison byte lengths for identification can reduce the phenomenon of mismatching that may occur in a bloom filter to the greatest extent, and further can effectively reduce the calculation amount during accurate matching of subsequent software.
Meanwhile, it is considered that too many bloom filters may increase hardware resource consumption of the FPGA. Correspondingly, in the FPGA, before planning the bloom filter modules corresponding to the comparison byte lengths, hardware characteristic parameters of the FPGA may be further selected to determine whether the comparison byte lengths need to be further combined, for example, 2 bytes are combined into 4 bytes.
S130, sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, parallelly inputting the message into each cloth Long Guolv module, and sending the alternative positions identified by each bloom filter module to the rule module.
Wherein, the received message is a message which needs desensitization processing. Furthermore, it is necessary to detect whether there is a preset filtering field in the received message through each of the modules Long Guolv set in the FPGA.
Each bloom filter module corresponds to a set comparison byte length, for example, 2 bytes, 3 bytes, or 4 bytes. Furthermore, the received message may be intercepted by using each comparison byte length bit interception unit.
That is, for the bloom filter module a with 2 bytes, every time, the content of a message with 2 bytes is intercepted from the received message and input into the bloom filter module a, and identification of each filter field matched with the 2 bytes is performed; aiming at the bloom filter module B with 3 bytes, the message content with 3 bytes is intercepted from the received message and input into the bloom filter module B every time, and the identification of each filter field matched with the 3 bytes is carried out.
Meanwhile, when identifying the filtering fields for the bloom filtering module with the same comparison byte length (for example, 2 bytes), it is necessary to sequentially input any adjacent 2-byte message content in the message into the bloom filtering module for comprehensive identification. Therefore, a shift position can be set in the received message for each bloom filter module, and after updating one shift position for the received message each time, an intercepted message with a compared byte length is obtained from the shift position and input into the corresponding bloom filter module.
Correspondingly, after the received messages are sequentially shifted and intercepted according to the comparison byte lengths through the FPGA, the received messages are input to the bloom filter modules in parallel, actually, a series-parallel combination process is adopted, the intercepted messages with different comparison byte lengths are input to different bloom Long Guolv modules in parallel, and a plurality of intercepted messages which are sequentially intercepted and correspond to the same comparison byte length are input to the same bloom filter module in series.
Wherein, the rule module may be a TCAM (ternary content addressable memory) module; further, the TCAM may be configured to read a relevant field from a message content, create a search key, return a longest match result, and the like.
Wherein, the alternative positions identified by the certain bloom filter module may be: when the bloom filter confirms that a certain intercepted message is matched with the standard comparison hash address set by the bloom filter, the intercepted message is at the offset position in the received message.
And S140, accurately searching each alternative position of the received message through the rule module according to the message filtering rule set, and feeding back the searched target sensitive position to the FPGA.
The accurate searching is to accurately match bytes at the alternative positions with a message filtering rule set according to each message filtering rule; the message filtering rules are stored in the rule module in advance and used for accurately comparing whether filtering fields in the message filtering rule set correspond to intercepted messages intercepted from alternative positions or not.
The target sensitive position is the position where the filtering field (or the sensitive word) does exist, which is judged by the rule module. In this embodiment, the rule module filters each alternative position according to the message filtering rule set, and if an intercepted message corresponding to a certain alternative position a is accurately matched by the rule module, and it is determined that a filtering field in the message filtering rule set exists, the alternative position a is used as a target sensitive position and is fed back to the FPGA again; if the intercepted message corresponding to a certain alternative position B is accurately matched through the rule module, and then the filtering field in the message filtering rule set does not exist, the alternative position B is determined to be the misrecognition position of the bloom filter, and the alternative position B can be directly discarded.
S150, reading the sensitive fields in the received message through the FPGA according to the sensitive positions of the targets, replacing the sensitive fields with preset desensitization fields, and outputting the desensitization messages of the targets.
Wherein the preset desensitization field may be: pre-set characters or meaningless text fields, etc.
In an optional implementation manner of this embodiment, reading, in parallel, the sensitive fields corresponding to each target sensitive location in the received packet through the FPGA may include:
reading sensitive fields respectively corresponding to each target sensitive position in parallel in a received message through an FPGA; and after the sensitive fields in the received message are replaced by the preset desensitization fields in parallel through the FPGA, outputting the target desensitization message.
In this embodiment, in order to fully exert the speed advantage of parallel computation of the FPGA, after the rule module feeds back all the target sensitive positions, the FPGA may read the sensitive fields corresponding to each target sensitive position in parallel at one time, and replace each sensitive field with a preset desensitization field in parallel at one time, so as to meet the requirement of desensitization timeliness of the message.
According to the technical scheme of the embodiment of the invention, the hash value of each target filtering field is calculated by obtaining the byte length of the filtering field corresponding to the message filtering rule and the comparison byte length of each field, the hash value of each target filtering field is processed and generated, the corresponding sensitive byte hash value is set according to the sensitive byte hash value, the processed message is input to a bloom filtering module for determining the position of a sensitive word and accurately searching the target sensitive position through a rule module, the searched target sensitive position is fed back to an FPGA (field programmable gate array), the desensitization is carried out on the message through the FPGA, and the target desensitization message is finally output.
Example two
Fig. 2 is a flowchart of a method for desensitizing a message based on an FPGA according to a second embodiment of the present invention, which is detailed based on the second embodiment of the present invention, and in the present embodiment, after sequentially shifting and intercepting a received message according to each comparison byte length by the FPGA, the received message is parallelly input to each cloth Long Guolv module, and the operation of sending the alternative positions identified by each bloom filter module to the rule module is embodied as follows: for each cloth Long Guolv module, the following operations are performed in parallel by the FPGA: acquiring the length of a current comparison byte matched with a current cloth Long Guolv module, and determining the position of a first character of a received message as a first shift position; taking the shift position as a starting point, acquiring an intercepted message of the current comparison byte length, and inputting the intercepted message to a current cloth Long Guolv module; and after updating the shift position by adding 1, returning to execute the operation of acquiring the intercepted message with the current comparison byte length by taking the shift position as a starting point until the last character position of the received message is intercepted.
Accordingly, as shown in fig. 2, the method comprises:
s210, at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length are obtained.
S220, in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of each bloom filter are set according to the sensitive byte hash values.
Performing, by the FPGA, S230-S260 in parallel for each of the cloth Long Guolv modules:
that is, if there are 3 modules of the canvas Long Guolv, the FPGA needs to execute the above S230-S260 3 times in parallel with 3 degrees of parallelism.
S230, obtaining the length of the current comparison byte matched with the current module Long Guolv, and determining the position of the first character of the received message as the first shift position.
As described above, each bloom filter module corresponds to one comparison byte length, and when a current bloom filter module is uniquely determined among all bloom filter modules, a current comparison byte length (for example, 2 bytes) matching the current bloom filter module Long Guolv can be uniquely determined.
In this embodiment, before performing bloom filtering on each 2-byte intercepted message in a received message in a shifting manner by using a current bloom filtering module, an initial value of a shifting position needs to be determined first, and based on the initial value, shifting interception is performed successively.
Specifically, the position of the first character of the received message may be set as the first displacement position, that is, the start position of the displacement is the first character of the message.
S240, taking the shift position as a starting point, acquiring an intercepted message of the current comparison byte length, inputting the intercepted message into a current bloom Long Guolv module, and sending the shift position identified by the current bloom filtering module to a rule module.
Exemplarily, the beginning of the message is set as a message desensitization method realized based on the FPGA, and the starting point of the shift position is the position of the word 'one'; assuming that the length of the current comparison byte is four bytes, the message intercepted by the first segment is "one".
In this embodiment, if the current bloom filter module outputs hit information for the intercepted packet obtained by the shift position, the FPGA sends the shift position to the rule module for accurate lookup.
And S250, detecting whether the intercepted message intercepts the last character position of the received message, if not, executing S260, otherwise, executing S270.
In this embodiment, it is necessary to perform bloom filtering on the intercepted messages with the currently compared byte length sequentially from the received message in a loop execution manner until the comparison processing on all the contents in the received message is completed.
S260, updating the shift position by adding 1, and then returning to S240.
Exemplarily, the message content is set as "a message desensitization method realized based on an FPGA", and if the length of the current comparison byte is four bytes, the first message obtained when displacement starts is "one"; after the shift position is updated by adding 1, returning to execute and taking the shift position as a starting point, acquiring the intercepted message with the current comparison byte length as a seed base, and repeating the operations until the intercepted message is a method by returning the first message for executing interception as a base and the like for the third time.
S270, accurately searching each alternative position of the received message through the rule module according to the message filtering rule set, and feeding back the searched target sensitive position and the sensitive type corresponding to each target sensitive position to the FPGA.
As described above, the rule module performs an accurate search according to the message filtering rule set for each received candidate location, and feeds back the target sensitive location that is actually found to the FPGA.
The filtering fields included in the message filtering rule set can be respectively collected into filtering field libraries of different types, and the different filtering field libraries correspond to different sensitive types. Furthermore, after each candidate position is accurately searched, the sensitive type corresponding to each target sensitive position can be determined according to the filtering field library to which the filtering field searched in each target sensitive position belongs.
The sensitive type may include, among others: personal information, industry domain word or related events, etc.
S280, acquiring comparison byte lengths respectively corresponding to the target sensitive positions in parallel through the FPGA, and reading sensitive fields respectively corresponding to the target sensitive positions in parallel according to the comparison byte lengths respectively corresponding to the target sensitive positions.
Illustratively, if the FPGA receives the target sensitive location sent by the rule module for the candidate sensitive location sent by the bloom filter module of 4 bytes, then, in the received message, the intercepted message of 4 bytes can be obtained as a sensitive field with the target sensitive location as a starting point.
And S290, acquiring desensitization fields respectively corresponding to each sensitive field through the FPGA according to the sensitive types respectively corresponding to the sensitive positions of the targets.
Wherein the sensitive type is a systematic or manually preset classification, and comprises the following steps: classifiable types of sensitive fields, such as: name, gender, or address, etc.; the desensitization fields corresponding to each sensitive field are preset manually or by a system, and different sensitive fields may use the same desensitization field or different desensitization fields.
S2100, parallelly replacing each sensitive field with a desensitization field corresponding to each sensitive field through the FPGA, and outputting a target desensitization message.
According to the technical scheme of the embodiment of the invention, at least one comparison byte length matched with a message filtering rule set and a sensitive byte hash value of each comparison byte length are obtained, a bloom filter is set according to the sensitive byte hash value, a message is subjected to shift interception by taking a shift position as a starting point, an intercepted message is input into a set cloth Long Guolv module, the position of a sensitive word is determined, a target sensitive position is accurately searched through a rule module, the searched target sensitive position and the type of the sensitive field are fed back to an FPGA, each sensitive field is parallelly replaced by a preset desensitization field, and the desensitization message is output.
EXAMPLE III
Fig. 3 is a flowchart of a method for desensitizing a message implemented based on an FPGA according to a third embodiment of the present invention, and as shown in fig. 3, the method includes:
s310, obtaining filtering fields corresponding to each message filtering rule respectively, and determining the comparison byte length of each filtering field.
S320, at least one target filtering field corresponding to the length of the currently processed target comparison byte is obtained, and a hash value corresponding to each target filtering field is calculated.
S330, obtaining hash values of all target filtering fields to perform union processing, and taking a union operation result as a sensitive byte hash value corresponding to the target comparison byte length.
S340, in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of each bloom filter are set according to the sensitive byte hash values.
Performing, by the FPGA, S350-S380 in parallel for each cloth Long Guolv module:
s350, obtaining the length of the current comparison byte matched with the current module Long Guolv, and determining the position of the first character of the received message as the first shift position.
S360, taking the shift position as a starting point, obtaining an intercepted message of the current comparison byte length, and inputting the intercepted message to the current module Long Guolv.
S370, detecting whether the intercepted message intercepts the last character position of the received message, if not, executing S380, otherwise, executing S390.
And S380, after updating the shift position by adding 1, returning to execute S360.
And S390, accurately searching each alternative position of the received message through the rule module according to the message filtering rule set, and feeding back the searched target sensitive position and the sensitive type corresponding to each target sensitive position to the FPGA.
S3100, acquiring comparison byte lengths respectively corresponding to the target sensitive positions in parallel through the FPGA, and reading sensitive fields respectively corresponding to the target sensitive positions in parallel according to the comparison byte lengths respectively corresponding to the target sensitive positions.
S3110, obtaining desensitization fields corresponding to each sensitive field according to the sensitive type corresponding to each target sensitive position through the FPGA.
And S3120, parallelly replacing each sensitive field with desensitization fields respectively corresponding to each sensitive field through FPGA, and outputting a target desensitization message.
According to the technical scheme of the embodiment of the invention, the hash value of each target filtering field is calculated by obtaining the filtering field corresponding to the message filtering rule and the comparison byte length of each field, the hash value of each target filtering field is generated, the union set of the filtering fields is processed to generate the corresponding sensitive byte hash value, a bloom filter is set according to the sensitive byte hash value, the message is subjected to displacement interception by taking the displacement position as a starting point, the intercepted message is input into a set cloth Long Guolv module, the position of a sensitive word is determined, the target sensitive position is accurately searched through a rule module, the searched target sensitive position and the type of the sensitive field are fed back to an FPGA, the sensitive fields are replaced by the preset desensitized fields in parallel, and the desensitized message is output.
Example four
Fig. 4 is a packet desensitization apparatus implemented based on an FPGA according to a fourth embodiment of the present invention, and as shown in fig. 4, the apparatus includes:
a sensitive word hash value determining module 410, configured to obtain at least one comparison byte length that matches the packet filtering rule set, and a sensitive byte hash value that corresponds to each comparison byte length;
a bloom filter setting module 420, configured to plan a bloom Long Guolv module corresponding to each comparison byte length in the FPGA, and set a standard comparison hash address of each bloom filter according to the sensitive byte hash value;
the message transmission module 430 is used for sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, then parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative position identified by each bloom filter module to the rule module;
the target sensitive position searching module 440 is configured to perform accurate searching at each alternative position of the received message according to the message filtering rule set through the rule module, and feed back the searched target sensitive position to the FPGA;
and a target desensitization message output module 450, configured to read the sensitive fields in the received message according to the target sensitive positions through the FPGA, and output the target desensitization message after replacing the sensitive fields with preset desensitization fields.
According to the technical scheme of the embodiment of the invention, at least one comparison byte length matched with a message filtering rule set and a sensitive byte hash value of each comparison byte length are obtained, a bloom filter is set according to the sensitive byte hash value, the processed message is input to a bloom filtering module to determine the position of a sensitive word and accurately search a target sensitive position through a rule module, the searched target sensitive position is fed back to an FPGA (field programmable gate array), desensitization is carried out on the message through the FPGA, and a target desensitization message is finally output, so that the problem of poor accuracy in the existing message desensitization technology is solved, and the beneficial effect of improving the accuracy of message desensitization is achieved.
On the basis of the foregoing embodiments, the sensitive word hash value determining module 410 is further configured to:
acquiring filtering fields respectively corresponding to each message filtering rule, and determining the comparison byte length of each filtering field;
generating a sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length;
acquiring at least one target filtering field corresponding to the length of the currently processed target comparison byte;
calculating hash values respectively corresponding to each target filtering field;
and acquiring hash values of all target filtering fields to perform union processing, and taking a union operation result as a sensitive byte hash value corresponding to the target comparison byte length.
On the basis of the foregoing embodiments, the message transmission module 430 further includes:
the shift position determining unit is used for acquiring the current comparison byte length matched with the current cloth Long Guolv module and determining the initial character position of the received message as an initial shift position;
the message intercepting unit is used for acquiring an intercepted message with the current comparison byte length by taking the shift position as a starting point and inputting the intercepted message into the current cloth Long Guolv module;
and the shifting position updating unit is used for updating the shifting position by adding 1, then returning and executing the operation of obtaining the intercepted message with the current comparison byte length by taking the shifting position as a starting point until the last character position of the received message is intercepted.
On the basis of the foregoing embodiments, the target desensitization packet output module 450 includes:
a precise lookup unit to: accurately searching each alternative position of the received message through a rule module according to a message filtering rule set;
the feedback unit is used for feeding back the found sensitive positions of the targets and the sensitive types respectively corresponding to the sensitive positions of the targets to the FPGA through the rule module;
a byte length acquisition unit to: acquiring comparison byte lengths respectively corresponding to each target sensitive position in parallel through the FPGA;
the sensitive field reading unit is used for reading the sensitive fields respectively corresponding to each target sensitive position in parallel according to the comparison byte length respectively corresponding to each target sensitive position;
and the sensitive field replacing unit is used for respectively replacing each sensitive field with a desensitization field corresponding to each sensitive field in parallel through the FPGA.
The message desensitization device based on FPGA provided by the embodiment of the invention can execute the message desensitization method based on FPGA provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
FIG. 5 illustrates a block diagram of an electronic device 410 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 410 includes at least one processor 420, and a memory communicatively coupled to the at least one processor 420, such as a Read Only Memory (ROM) 430, a Random Access Memory (RAM) 440, etc., wherein the memory stores computer programs executable by the at least one processor, and the processor 420 may perform various suitable actions and processes according to the computer programs stored in the Read Only Memory (ROM) 430 or loaded from the storage unit 490 into the Random Access Memory (RAM) 440. In the RAM440, various programs and data required for the operation of the electronic device 410 may also be stored. The processor 420, the ROM 430 and the RAM440 are connected to each other through a bus 450. An input/output (I/O) interface 460 is also connected to bus 450.
Various components in the electronic device 410 are connected to the I/O interface 460, including: an input unit 470 such as a keyboard, a mouse, etc.; an output unit 480 such as various types of displays, speakers, and the like; a storage unit 490, such as a magnetic disk, optical disk, or the like; and a communication unit 4100 such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 4100 allows the electronic device 410 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
Wherein, the method comprises the following steps:
acquiring at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length;
in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of bloom filters are set according to sensitive byte hash values;
sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative positions identified by each bloom filter module to a rule module;
accurately searching each alternative position of a received message through a rule module according to a message filtering rule set, and feeding back the searched target sensitive position to the FPGA;
and reading the sensitive fields in the received message according to the sensitive positions of the targets through the FPGA, and outputting the target desensitization message after replacing the sensitive fields with preset desensitization fields.
In some embodiments, the message desensitization method implemented based on a field programmable gate array FPGA may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 490. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 410 via the ROM 430 and/or the communication unit 4100. When loaded into RAM440 and executed by processor 420, the computer program may perform one or more of the steps of the message desensitization method described above as being implemented based on field programmable gate arrays, FPGAs. Alternatively, in other embodiments, processor 420 may be configured by any other suitable means (e.g., by way of firmware) to perform a message desensitization method implemented based on a Field Programmable Gate Array (FPGA).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A message desensitization method realized based on a Field Programmable Gate Array (FPGA) is characterized by comprising the following steps:
acquiring at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length;
in the FPGA, a bloom Long Guolv module corresponding to each comparison byte length is planned, and standard comparison hash addresses of bloom filters are set according to sensitive byte hash values;
sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative positions identified by each bloom filter module to a rule module;
accurately searching each alternative position of the received message through a rule module according to a message filtering rule set, and feeding back the searched target sensitive position to the FPGA;
and reading the sensitive fields in the received message through the FPGA according to the sensitive positions of the targets, replacing the sensitive fields with preset desensitization fields, and outputting the target desensitization message.
2. The method of claim 1, wherein obtaining at least one comparison byte length matching the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length comprises:
acquiring filtering fields corresponding to each message filtering rule respectively, and determining the comparison byte length of each filtering field;
and generating a sensitive byte hash value corresponding to each comparison byte length according to each filtering field corresponding to each comparison byte length.
3. The method of claim 2, wherein generating the sensitive byte hash value corresponding to each comparison byte length according to the filter fields corresponding to each comparison byte length comprises:
acquiring at least one target filtering field corresponding to the length of the currently processed target comparison byte;
calculating hash values respectively corresponding to each target filtering field;
and acquiring hash values of all target filtering fields to perform union processing, and taking a union operation result as a sensitive byte hash value corresponding to the target comparison byte length.
4. The method of claim 1, wherein the received message is sequentially shifted and intercepted by the FPGA according to the length of each comparison byte, and then is parallelly input to each of the modules of the fabric Long Guolv, comprising:
for each cloth Long Guolv module, the following operations are performed in parallel by the FPGA:
acquiring the length of a current comparison byte matched with a current cloth Long Guolv module, and determining the position of a first character of a received message as a first shift position;
taking the shift position as a starting point, acquiring an intercepted message of the current comparison byte length, and inputting the intercepted message into a current fabric Long Guolv module;
and after updating the shift position by adding 1, returning to execute the operation of acquiring the intercepted message with the current comparison byte length by taking the shift position as a starting point until the last character position of the received message is intercepted.
5. The method according to any one of claims 1 to 4, wherein the reading of the sensitive fields in the received message by the FPGA according to the sensitive positions of the targets and the replacement of the sensitive fields with the preset desensitization fields are followed by outputting the target desensitization message, comprising:
reading sensitive fields respectively corresponding to each target sensitive position in parallel in a received message through an FPGA;
and after the sensitive fields in the received message are replaced by the preset desensitization fields in parallel through the FPGA, outputting the target desensitization message.
6. The method of claim 5, wherein reading the sensitive fields corresponding to each sensitive target location in parallel in the received message by the FPGA comprises:
acquiring comparison byte lengths respectively corresponding to each target sensitive position in parallel through the FPGA;
and reading the sensitive fields respectively corresponding to each target sensitive position in parallel according to the comparison byte length respectively corresponding to each target sensitive position.
7. The method of claim 5, wherein the step of feeding back the searched target sensitive location to the FPGA through the rule module comprises:
feeding back the found sensitive positions of each target and the sensitive types respectively corresponding to the sensitive positions of each target to the FPGA through a rule module;
replacing all sensitive fields in the received message with preset desensitization fields in parallel through the FPGA, wherein the desensitization fields comprise:
acquiring desensitization fields corresponding to each sensitive field respectively through the FPGA according to the sensitive types corresponding to the sensitive positions of the targets respectively;
and parallelly replacing each sensitive field with a desensitization field corresponding to each sensitive field through the FPGA.
8. A message desensitization device realized based on a Field Programmable Gate Array (FPGA) is characterized by comprising the following components:
the sensitive word hash value determining module is used for acquiring at least one comparison byte length matched with the message filtering rule set and a sensitive byte hash value corresponding to each comparison byte length;
the bloom filter setting module is used for planning a bloom Long Guolv module corresponding to each comparison byte length in the FPGA and respectively setting a standard comparison hash address of each bloom filter according to the sensitive byte hash value;
the message transmission module is used for sequentially shifting and intercepting the received message according to the length of each comparison byte through the FPGA, then parallelly inputting the message into each bloom filter module Long Guolv, and sending the alternative positions identified by each bloom filter module to the rule module;
the target sensitive position searching module is used for accurately searching each alternative position of the received message according to the message filtering rule set through the rule module and feeding back the searched target sensitive position to the FPGA;
and the target desensitization message output module is used for reading the sensitive fields in the received message through the FPGA according to the target sensitive positions, replacing the sensitive fields with preset desensitization fields and then outputting the target desensitization message.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the FPGA-based implementation of the message desensitization method of any of claims 1-7.
10. A computer readable storage medium having stored thereon computer instructions for causing a processor to implement the FPGA-based implementation of the message desensitization method of any of claims 1-7 when executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211313446.0A CN115632866A (en) | 2022-10-25 | 2022-10-25 | Message desensitization method, device, equipment and medium based on FPGA |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211313446.0A CN115632866A (en) | 2022-10-25 | 2022-10-25 | Message desensitization method, device, equipment and medium based on FPGA |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115632866A true CN115632866A (en) | 2023-01-20 |
Family
ID=84907056
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211313446.0A Pending CN115632866A (en) | 2022-10-25 | 2022-10-25 | Message desensitization method, device, equipment and medium based on FPGA |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115632866A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422389A (en) * | 2022-02-24 | 2022-04-29 | 成都北中网芯科技有限公司 | High-speed real-time network data monitoring method based on Hash and hardware acceleration |
-
2022
- 2022-10-25 CN CN202211313446.0A patent/CN115632866A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422389A (en) * | 2022-02-24 | 2022-04-29 | 成都北中网芯科技有限公司 | High-speed real-time network data monitoring method based on Hash and hardware acceleration |
CN114422389B (en) * | 2022-02-24 | 2023-09-12 | 成都北中网芯科技有限公司 | High-speed real-time network data monitoring method based on hash and hardware acceleration |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111443899B (en) | Element processing method and device, electronic equipment and storage medium | |
CN111259107A (en) | Storage method and device of determinant text and electronic equipment | |
CN110018845B (en) | Metadata version comparison method and device | |
CN112860811B (en) | Method and device for determining data blood relationship, electronic equipment and storage medium | |
CN115632866A (en) | Message desensitization method, device, equipment and medium based on FPGA | |
CN115099175A (en) | Method and device for acquiring time sequence netlist, electronic equipment and storage medium | |
US10262081B2 (en) | Method and apparatus for improved database searching | |
CN114817651A (en) | Data storage method, data query method, device and equipment | |
CN116796085A (en) | File processing method and device, electronic equipment and storage medium | |
CN115328898A (en) | Data processing method and device, electronic equipment and medium | |
CN115454971A (en) | Data migration method and device, electronic equipment and storage medium | |
CN115525659A (en) | Data query method and device, electronic equipment and storage medium | |
CN114579580A (en) | Data storage method and data query method and device | |
CN111143456B (en) | Spark-based Cassandra data import method, device, equipment and medium | |
CN115270689A (en) | Schematic diagram difference position identification method, device, equipment and storage medium | |
CN114611155B (en) | Data management node verification method, device, equipment and medium | |
CN113656731A (en) | Advertisement page processing method and device, electronic equipment and storage medium | |
CN113326416B (en) | Method for searching data, method and device for sending search data to client | |
CN117271840B (en) | Data query method and device of graph database and electronic equipment | |
CN118509485B (en) | Method, device, equipment, medium and product for processing transmission data | |
CN117539840B (en) | Log acquisition method, device, equipment and medium | |
CN112948246B (en) | AB test control method, device and equipment of data platform and storage medium | |
CN116841549A (en) | Layer processing method and device, electronic equipment and storage medium | |
CN117290306A (en) | Log data display method, device, equipment and storage medium | |
CN115759233A (en) | Model training method, graph data processing method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |