A software development information security management method based on distributed backup

By acquiring data on node online duration and process participation, a sensitive data feature library is constructed and deep packet inspection is performed. Combined with quantitative analysis and historical trend assessment, the problems of node control and risk assessment in distributed backup scenarios are solved. This enables accurate identification of active nodes and timely and proactive risk management, improving the efficiency and reliability of information security management in software development.

CN122160152APending Publication Date: 2026-06-05FUZHOU YOULING NETWORK TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
FUZHOU YOULING NETWORK TECHNOLOGY CO LTD
Filing Date
2026-03-24
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing technologies in software development information security management under distributed backup scenarios suffer from problems such as imprecise node control, poor adaptability to sensitive data identification, lack of specificity in transmission risk assessment, and lag in risk control, resulting in low security management efficiency and insufficient risk response.

Method used

By acquiring data on node online duration and process participation, a sensitive data feature library is constructed. Deep packet inspection technology is used to identify sensitive data of active nodes. Transmission risks are assessed through quantitative deviation analysis and historical traffic trend analysis. The risk coefficient of active nodes is calculated by combining the analytic hierarchy process (AHP) and targeted measures are taken for control.

Benefits of technology

It enables accurate identification and risk assessment of active nodes, reduces unnecessary workload, improves the timeliness and foresight of risk response, and ensures the security and reliability of sensitive data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160152A_ABST
    Figure CN122160152A_ABST
Patent Text Reader

Abstract

The application belongs to the technical field of information security, and provides a software development information security management method based on distributed backup, which comprises the following steps: obtaining online duration of nodes participating in distributed backup, process participation degree data, and analyzing and processing to identify active nodes in software development information; based on sensitive data types of software development scenes, a sensitive data feature library is constructed, a deep packet detection technology is used to match the sensitive data feature library, and sensitive data of active nodes are identified; transmission flow of sensitive data in active nodes is obtained, quantitative deviation analysis is performed on sensitive data transmission flow of active nodes, and transmission exposure risk of active nodes is evaluated; and the application provides multi-level and full-cycle reliable support for sensitive data security of distributed backup software development scenes.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, specifically a software development information security management method based on distributed backup. Background Technology

[0002] In the software development process, distributed backup technology is widely used to store key information such as core algorithm source code, test data, and configuration credentials due to its advantages such as high reliability and high scalability. However, its distributed node collaborative working characteristics have also brought new information security risks, and the risk of sensitive data leakage has increased significantly. Therefore, there is an urgent need for information security management in software development under distributed backup scenarios.

[0003] Existing technologies have several shortcomings and deficiencies in security management in this scenario: First, node control lacks precision, often relying on single indicators to judge node status or applying indiscriminate control to all participating nodes, failing to effectively distinguish between active and inactive nodes. This results in a broad control scope, a large amount of ineffective work, and reduced security management efficiency. Second, sensitive data identification has poor adaptability, lacking a dedicated sensitive data feature system for software development scenarios. General data identification schemes are often used, making it difficult to comprehensively cover scenario-specific sensitive data types such as core algorithm source code, user privacy test data, and database keys. Furthermore, the features are not standardized, leading to omissions in identification. The problems of misjudgment or misjudgment cannot provide a reliable basis for risk management; third, the transmission risk assessment and response lacks specificity, the quantification of sensitive data transmission traffic is crude, it cannot accurately distinguish the risk differences of different abnormal data, it is difficult to quickly locate high-risk nodes, and no effective traffic optimization and risk prevention measures are adopted for high-risk nodes, resulting in insufficient timeliness and effectiveness of risk response; fourth, risk management is lagging behind, focusing only on real-time risk status, lacking historical trend analysis of low-risk nodes, and unable to predict potential risk escalation trends in advance, often only taking remedial action after risks accumulate and evolve into high-level security incidents, making it difficult to achieve proactive management.

[0004] Therefore, this invention provides a software development information security management method based on distributed backup. Summary of the Invention

[0005] In order to overcome the shortcomings of the prior art, at least one technical problem raised in the background art is solved.

[0006] The technical solution adopted by this invention to solve its technical problem is: Acquire data on the online duration and process participation of nodes participating in distributed backup, and analyze and process the data to identify active nodes in the software development information; Based on the sensitive data types in software development scenarios, a sensitive data feature library is constructed. Deep packet inspection technology is used to match the sensitive data feature library and identify sensitive data of active nodes. Acquire the transmission traffic of sensitive data in active nodes, and assess the transmission exposure risk of active nodes by performing quantitative deviation analysis on the transmission traffic of sensitive data in active nodes; Based on the low transmission exposure risk of abnormally active nodes, historical transmission traffic of sensitive data of low-risk active nodes in historical periods is collected and risk trend analysis is performed. If the transmission exposure risk of sensitive data of abnormally active nodes shows an increasing trend in historical periods, the sensitive data transmission permissions of the corresponding abnormally active nodes are suspended.

[0007] As a further aspect of the present invention: the process of identifying active nodes in software development information is as follows: Process participation data includes the number of tasks that should have been completed and the number of tasks that were actually completed. By processing the online time and process participation data of nodes participating in distributed backup, we can obtain the online time ratio and task completion rate of the nodes. Using the analytic hierarchy process (AHP), weight coefficients are set for the online time percentage and task completion rate of nodes. The online time percentage and task completion rate of nodes are weighted and summed to obtain the activity representation value of nodes. If the active representation value of a node is greater than or equal to the active representation value threshold of the node, then the corresponding node is recorded as an active node.

[0008] As a further aspect of the present invention: the process for obtaining the online time percentage of the node is as follows: A preset monitoring period is set. Based on any node, the online duration of the node within the monitoring period is obtained through the node's built-in heartbeat reporting mechanism, and the percentage of online duration of the node is calculated.

[0009] As a further aspect of the present invention: the process for obtaining the task completion rate of the node is as follows: By backing up task logs, the number of tasks that a node should participate in and the number of tasks that it actually completes during the monitoring period are statistically analyzed. The ratio of the number of tasks that should be participated in to the number of tasks that are actually completed is calculated to obtain the task completion rate of the node.

[0010] As a further aspect of the present invention: the process of constructing the sensitive data feature library is as follows: Sensitive data includes sensitive data such as core algorithm source code, sensitive data such as test data of user privacy information, and sensitive data such as database connection credentials and API keys; For sensitive data such as core algorithm source code, extract file morphology features, content semantic features, and storage path features; for sensitive data such as test data containing user privacy information, extract data format features, data field features, and data format features; for sensitive data such as database connection credentials and API keys, extract keyword features and data structure features: keyword features. Add associated attribute labels to each type of feature, and organize the standardized features with associated attributes according to the hierarchical structure of sensitive data type, feature type, and associated labels to form a standardized feature set. The standardized feature set is the direct content to be added to the feature library. The standardized feature set is stored in the feature library storage carrier according to the preset data structure, thus completing the construction of the sensitive data feature library.

[0011] As a further aspect of the present invention: the process of identifying sensitive data of active nodes is as follows: By using deep packet inspection technology, the content of synchronization data packets is parsed, matched against a sensitive data feature library, and sensitive data of active nodes is identified.

[0012] As a further aspect of the present invention: the process of assessing the transmission exposure risk of active nodes is as follows: By performing quantitative deviation analysis on the sensitive data transmission traffic of active nodes, the abnormal risk coefficient of active nodes is obtained. If the abnormal risk coefficient is greater than or equal to the abnormal risk coefficient threshold, it indicates that the transmission exposure risk of the abnormally active node is high; otherwise, it indicates that the transmission exposure risk of the abnormally active node is low.

[0013] As a further aspect of the present invention: the process for obtaining the anomaly risk coefficient of the active node is as follows: The backup client uses block-level transmission statistics to divide sensitive data into fixed-size data blocks. Each time a data block is transmitted, the size of that data block is immediately added to the sensitive data transmission traffic statistics pool. Based on any sensitive data, the transmission traffic of the sensitive data is subtracted from the transmission traffic limit to obtain the transmission traffic deviation of the sensitive data. If the transmission traffic deviation is greater than 0, the corresponding sensitive data will be recorded as abnormal traffic data. The transmission traffic deviation of abnormal traffic data of active nodes is extracted. The analytic hierarchy process (AHP) is used to set weight coefficients for abnormal traffic data. The transmission traffic deviation of abnormal traffic data is multiplied by the set weight coefficients to obtain the risk contribution value of abnormal traffic data. The risk contribution values ​​of all abnormal traffic data are summed and averaged to obtain the abnormal risk coefficient of active nodes.

[0014] As a further aspect of the present invention: the process of collecting historical transmission traffic of sensitive data from low-risk active nodes during historical periods and performing risk trend analysis is as follows: Based on the low transmission exposure risk of abnormally active nodes, historical periods are divided into several historical time points with equal time intervals. The time period between two adjacent historical time points is recorded as a historical sub-period. The transmission traffic of sensitive data of abnormally active nodes within a historical sub-period is counted and recorded as the unit transmission traffic of the historical sub-period. The unit transmission traffic of all historical sub-periods is integrated into a unit transmission traffic sequence in chronological order. The unit transmission traffic of two adjacent historical sub-periods in the unit transmission sequence is used as an analysis window. By processing the unit transmission traffic of historical sub-periods within the analysis window, the growth quantity value and growth degree value are obtained. The growth quantity value and growth degree value are multiplied to obtain the trend risk coefficient. If the trend risk coefficient is greater than or equal to the trend risk coefficient threshold, it indicates that the risk of sensitive data transmission exposure of abnormally active nodes in the historical period shows an increasing trend; otherwise, it indicates that the risk of sensitive data transmission exposure of abnormally active nodes in the historical period shows a non-increasing trend.

[0015] As a further aspect of the present invention: the process for determining the growth quantity value and the growth degree value is as follows: Based on any analysis window, the difference between the unit transmission traffic of the previous historical sub-period and the unit transmission traffic of the next historical sub-period within the analysis window is processed, and then the ratio is processed with the unit transmission traffic of the previous historical sub-period to obtain the traffic change rate of the analysis window. If the rate of change of flow in the analysis window is greater than 0, then the corresponding analysis window is recorded as the flow growth window; Calculate the percentage of traffic growth windows and record it as the growth value; The difference between the flow change rate of the flow growth window and the standard value of the flow change rate is used to obtain the flow change deviation value. The flow change deviation values ​​of all flow growth windows are summed and averaged. Then, the average value is calculated and compared with the standard value of the flow change rate to obtain the growth degree value.

[0016] The beneficial effects of this invention are as follows: 1. By integrating online time percentage and task completion rate as dual indicators, and using the analytic hierarchy process to set scientific weights to calculate activity representation values, active and inactive nodes are accurately divided, effectively eliminating interference from inactive nodes, achieving precise focus on the scope of control, reducing ineffective workload and improving overall efficiency for subsequent sensitive data identification and risk assessment; 2. A dedicated feature library is built for core sensitive data types in software development scenarios. Multiple features are extracted by category and standardized and supplemented with attribute tags. The feature coverage is comprehensive and adaptable to scenario requirements. Combined with deep packet inspection technology, it can achieve efficient and accurate matching of sensitive data, which can effectively avoid the omission of key sensitive data such as core algorithm source code, user privacy, and key credentials, laying a solid foundation for risk management. 3. By using block-level transmission traffic statistics, the transmission traffic of sensitive data can be accurately quantified. Combined with the analytic hierarchy process (AHP) to calculate the anomaly risk coefficient, the risk differences of different traffic anomaly data can be accurately distinguished, and high-risk nodes can be quickly located. Furthermore, the Rsync3.2+ block-level incremental synchronization algorithm is used for high-risk nodes, which can effectively reduce transmission traffic and leakage risks and improve the timeliness and targeting of risk response. 4. Historical transmission traffic trend analysis is conducted for low-risk active nodes. By integrating growth frequency and growth rate to calculate trend risk coefficient, the lag in real-time risk assessment is compensated for. This enables early identification of potential risk escalation trends in low-risk states. By suspending transmission permissions, proactive control is achieved, effectively preventing small-scale risks from accumulating and evolving into high-level security events. This provides multi-layered, full-cycle reliable support for sensitive data security in distributed backup software development scenarios. Attached Figure Description

[0017] The invention will now be further described with reference to the accompanying drawings.

[0018] Figure 1 This is a flowchart illustrating the steps of a software development information security management method based on distributed backup, according to an embodiment of the present invention. Figure 2 This is a system block diagram of a software development information security management system based on distributed backup, according to an embodiment of the present invention. Detailed Implementation

[0019] To make the technical means, creative features, objectives and effects of this invention easier to understand, the invention will be further described below in conjunction with specific embodiments.

[0020] Example 1 Please see Figure 1 As shown in the embodiment of the present invention, a software development information security management method based on distributed backup includes the following steps: Step 1: Obtain online duration and process participation data of nodes participating in distributed backup, and analyze and process them to identify active nodes in the software development information; The process participation data includes the number of tasks that should have been participated in and the number of tasks that were actually completed. Preset monitoring period, based on any node, obtain the online time of the node within the monitoring period through the node's built-in heartbeat reporting mechanism, and calculate the percentage of the node's online time; By backing up task logs, the number of tasks that a node should participate in and the number of tasks that it actually completes during the monitoring period are statistically analyzed. The ratio of the number of tasks that should be participated in to the number of tasks that are actually completed is calculated to obtain the task completion rate of the node. Using the analytic hierarchy process (AHP), weight coefficients are set for the online time percentage and task completion rate of nodes. The online time percentage and task completion rate of nodes are weighted and summed to obtain the activity representation value of nodes. In some embodiments, the node's activity representation value is compared with a threshold value for the node's activity representation value. Specifically: If the activity representation value of a node is greater than or equal to the activity representation value threshold of the node, then the corresponding node is recorded as an active node. If the activity representation value of a node is less than the activity representation value threshold of the node, then the corresponding node is recorded as an inactive node. Step 2: Based on the sensitive data types in the software development scenario, construct a sensitive data feature library, and use deep packet inspection technology to match the sensitive data feature library to identify sensitive data in active nodes; Sensitive data includes sensitive data such as core algorithm source code, sensitive data such as test data of user privacy information, and sensitive data such as database connection credentials and API keys; For sensitive data such as core algorithm source code, file morphological features, content semantic features, and storage path features are extracted. File morphological features are the unique suffixes corresponding to the source code files, including common programming language suffixes such as .java, .cpp, .py, .go, and .js, as well as custom source code suffixes. Content semantic features include unique function names of core modules, corporate copyright statement text, and non-open source marker strings. Storage path features are the unique keywords of the sensitive source code storage directory, including path fragments such as "core / ", "algorithm / ", "keyModule / ", and "confidential / ". For sensitive test data containing user privacy information, data format features and data field features are extracted. Data format features are based on the inherent encoding rules of privacy information, including mobile phone number format, ID card number format, bank card number format conforming to Luhn algorithm verification rules, and email format. Data field features are the field names in the data file that represent privacy information, including Chinese and English field names such as "phone", "idCard", "bankNo", "email", and "userName". For sensitive data such as database connection credentials and API keys, extract keyword features and data structure features: Keyword features include sensitive keywords such as "password", "secretKey", "accessKey", "jdbc:mysql:", "jdbc:oracle:", "redis: / / " and protocol prefixes; Data structure features include key-value pair format of "username:password", fixed-length short strings encrypted with Base64, and random string key format composed of letters, numbers and special symbols. The extracted text features (such as keywords, field names, and path fragments) are normalized for case; format features (such as mobile phone numbers and ID card numbers) are converted using regular expressions to generate standardized regular expression matching rules; and variable-length features (such as key strings) are set with length threshold ranges to generate auxiliary matching conditions of "length ≥ 16 bits and ≤ 64 bits". For each type of feature, add associated attribute labels. The label information includes: sensitive data type label, sensitivity level label (high / low, for example, the core algorithm source code is marked as "high" and ordinary configuration fields are marked as "low"); matching priority label (high / low, for example, the matching priority of format features is higher than that of text features). Standardized features with associated attributes are organized into a hierarchical structure of sensitive data type, feature type, and associated label to form a standardized feature set. The standardized feature set is the direct content to be added to the feature library. Standardized feature sets are stored in a feature library storage medium (such as an enterprise private cloud database) according to a preset data structure (such as a relational database table structure: feature ID, sensitive data type, feature content, feature format, association label, validity identifier), thus completing the construction of the sensitive data feature library; By using deep packet inspection technology, the content of synchronization data packets is parsed, matched against a sensitive data feature library, and sensitive data of active nodes is identified. Step 3: Obtain the transmission traffic of sensitive data in active nodes, and conduct quantitative deviation analysis on the transmission traffic of sensitive data in active nodes to assess the transmission exposure risk of active nodes; The backup client uses block-level transmission statistics to divide sensitive data into fixed-size data blocks. Each time a data block is transmitted, the size of that data block is immediately added to the sensitive data transmission traffic statistics pool. Based on any sensitive data, the transmission traffic of the sensitive data is subtracted from the transmission traffic limit to obtain the transmission traffic deviation of the sensitive data. It is understandable that the transmission traffic limit is set by those skilled in the art based on the characteristics of data packets and historical experience; If the transmission traffic deviation is greater than 0, the corresponding sensitive data will be recorded as abnormal traffic data. If the transmission traffic deviation is less than or equal to 0, the corresponding sensitive data will be recorded as normal traffic data. The transmission traffic deviation of abnormal traffic data of active nodes is extracted. The analytic hierarchy process is used to set the weight coefficient of abnormal traffic data. The transmission traffic deviation of abnormal traffic data is multiplied by the set weight coefficient to obtain the risk contribution value of abnormal traffic data. The risk contribution values ​​of all abnormal traffic data are summed and averaged to obtain the abnormal risk coefficient of active nodes. It should be noted that by setting weight coefficients for different traffic anomaly data using the analytic hierarchy process (AHP), and then calculating the risk contribution value and taking the average of the sums to obtain the anomaly risk coefficient, the risk differences of traffic anomaly data with different sensitivity levels and different degrees of deviation can be accurately distinguished. At the same time, by focusing on real-time transmission traffic deviation, the transmission exposure risk level of the currently active node can be quickly located, providing an accurate basis for immediate risk response measures and effectively reducing the risk of real-time data leakage. In some embodiments, the anomaly risk coefficient is compared with an anomaly risk coefficient threshold, specifically: If the abnormal risk coefficient is greater than or equal to the abnormal risk coefficient threshold, it indicates that the transmission exposure risk of abnormally active nodes is high. If the abnormal risk coefficient is less than the abnormal risk coefficient threshold, it means that the transmission exposure risk of abnormally active nodes is low. Given the high risk of transmission exposure due to abnormally active nodes, the Rsync3.2+ block-level incremental synchronization algorithm is adopted to transmit only the data blocks that differ from the previous version, thereby reducing transmission traffic and thus reducing the transmission exposure risk of active nodes. Step 4: Based on the low transmission exposure risk of abnormally active nodes, collect the historical transmission traffic of sensitive data of low-risk active nodes in historical periods, and conduct risk trend analysis. If the transmission exposure risk of sensitive data of abnormally active nodes shows an increasing trend in historical periods, suspend the sensitive data transmission permissions of the corresponding abnormally active nodes. It should be noted that the historical period includes, but is not limited to, 10 days, 20 days, and 30 days; The historical period is divided into several historical time points according to the same time interval. The time period between two adjacent historical time points is recorded as a historical sub-period. The transmission traffic of sensitive data of abnormally active nodes within the historical sub-period is counted and recorded as the unit transmission traffic of the historical sub-period. The unit transmission traffic of all historical sub-periods is integrated into a unit transmission traffic sequence according to time order. The unit transmission traffic of two adjacent historical sub-periods in the unit transmission sequence is used as an analysis window. Based on any analysis window, the difference between the unit transmission traffic of the previous historical sub-period and the unit transmission traffic of the next historical sub-period within the analysis window is processed, and then the ratio is processed with the unit transmission traffic of the previous historical sub-period to obtain the traffic change rate of the analysis window. If the rate of change of flow in the analysis window is greater than 0, then the corresponding analysis window is recorded as the flow growth window; If the rate of change of flow in the analysis window is less than or equal to 0, then the corresponding analysis window is recorded as a non-flow growth window; Calculate the percentage of traffic growth windows and record it as the growth value; The difference between the flow change rate of the flow growth window and the standard value of the flow change rate is used to obtain the flow change deviation value. The flow change deviation values ​​of all flow growth windows are summed and averaged. Then, the average value is calculated and compared with the standard value of the flow change rate to obtain the growth degree value. It should be noted that the standard value for the rate of change of flow was set by those skilled in the art based on historical experience; The trend risk coefficient is obtained by multiplying the growth quantity value and the growth degree value. It should be noted that by calculating the trend risk coefficient, the growth pattern of risks over a historical period can be quantified, covering both the frequency and magnitude of growth, and identifying risks of significant growth. This compensates for the lag in real-time risk assessment, enabling the prediction of potential risk escalation trends under low-risk conditions, providing support for proactive management, and preventing small-scale risks from accumulating and evolving into high-level security incidents. If the trend risk coefficient is greater than or equal to the trend risk coefficient threshold, it indicates that the risk of sensitive data transmission exposure of abnormally active nodes in the historical period is showing an increasing trend, and the sensitive data transmission permission of the corresponding abnormally active nodes is suspended. If the trend risk coefficient is less than the trend risk coefficient threshold, it means that the risk of sensitive data transmission exposure of abnormally active nodes in the historical period shows a non-increasing trend, and no action is taken. The technical solution of this invention is as follows: First, acquire and analyze the online duration and process participation data of nodes participating in distributed backup to identify active nodes in software development information. Second, construct a sensitive data feature library based on sensitive data types in the software development scenario, and use deep packet inspection technology to match the sensitive data feature library to identify sensitive data of active nodes. Third, acquire the transmission traffic of sensitive data in active nodes, and assess the transmission exposure risk of active nodes by performing quantitative deviation analysis on the sensitive data transmission traffic of active nodes. Fourth, based on the low transmission exposure risk of abnormally active nodes, collect historical transmission traffic of sensitive data of low-risk active nodes in historical periods, and perform risk trend analysis. If the transmission exposure risk of sensitive data of abnormally active nodes shows an increasing trend in historical periods, suspend the sensitive data transmission permissions of the corresponding abnormally active nodes. This invention integrates the online duration ratio and task completion rate as dual indicators, and uses the analytic hierarchy process (AHP) to set scientific weights to calculate the activity characterization value, accurately classifying active and inactive nodes, effectively eliminating interference from inactive nodes, and achieving precise focus of the control scope. This reduces ineffective workload and improves overall efficiency for subsequent sensitive data identification and risk assessment. This invention targets core sensitive data in the software development scenario. A dedicated feature library is built for each type, extracting diverse features and performing standardized processing and attribute labeling to ensure comprehensive feature coverage and adaptability to various scenarios. Combined with deep packet inspection technology, it achieves efficient and accurate matching of sensitive data, effectively avoiding the omission of key sensitive data such as core algorithm source code, user privacy, and key credentials, laying a solid foundation for risk management. Block-level transmission traffic statistics enable precise quantification of sensitive data transmission traffic. Combined with the analytic hierarchy process (AHP) to calculate anomaly risk coefficients, it can accurately distinguish the risk differences of different traffic anomalies, quickly locating high-risk nodes. For high-risk nodes, the Rsync3.2+ block-level incremental synchronization algorithm effectively reduces transmission traffic and leakage risks, improving the timeliness and targeting of risk response. Historical transmission traffic trend analysis is conducted for low-risk active nodes. By integrating growth frequency and growth rate to calculate trend risk coefficients, it compensates for the lag in real-time risk assessment, enabling early identification of potential risk escalation trends in low-risk states. By suspending transmission permissions, it achieves proactive control, effectively preventing small-scale risks from accumulating into high-level security events, providing multi-layered, full-cycle reliable support for sensitive data security in distributed backup software development scenarios.

[0021] Example 2 Based on the same inventive concept as the software development information security management method based on distributed backup in the foregoing embodiments, such as... Figure 2 As shown, this application provides a software development information security management system based on distributed backup, wherein the system specifically includes: Node activity analysis module: Acquires and analyzes data on the online duration and process participation of nodes participating in distributed backup, and identifies active nodes in the software development information; Sensitive data identification module: Based on the sensitive data types in software development scenarios, a sensitive data feature library is constructed. Deep packet inspection technology is used to match the sensitive data feature library and identify sensitive data of active nodes. Transmission Exposure Risk Assessment Module: Acquires the transmission traffic of sensitive data in active nodes, and assesses the transmission exposure risk of active nodes by performing quantitative deviation analysis on the transmission traffic of sensitive data in active nodes; Growth Trend Determination Module: Based on the low transmission exposure risk of abnormally active nodes, the module collects historical transmission traffic of sensitive data from low-risk active nodes during historical periods and performs risk trend analysis. If the transmission exposure risk of sensitive data from abnormally active nodes shows an increasing trend during historical periods, the module suspends the sensitive data transmission permissions of the corresponding abnormally active nodes.

[0022] The foregoing has shown and described the basic principles, main features, and advantages of the present invention. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely illustrative of the principles of the invention. Various changes and modifications can be made to the invention without departing from its spirit and scope, and all such changes and modifications fall within the scope of the present invention as claimed. The scope of protection of the present invention is defined by the appended claims and their equivalents.

Claims

1. A software development information security management method based on distributed backup, characterized in that: include: Acquire data on the online duration and process participation of nodes participating in distributed backup, and analyze and process the data to identify active nodes in the software development information; Based on the sensitive data types in software development scenarios, a sensitive data feature library is constructed. Deep packet inspection technology is used to match the sensitive data feature library and identify sensitive data of active nodes. Acquire the transmission traffic of sensitive data in active nodes, and assess the transmission exposure risk of active nodes by performing quantitative deviation analysis on the transmission traffic of sensitive data in active nodes; Based on the low transmission exposure risk of abnormally active nodes, historical transmission traffic of sensitive data of low-risk active nodes in historical periods is collected and risk trend analysis is performed. If the transmission exposure risk of sensitive data of abnormally active nodes shows an increasing trend in historical periods, the sensitive data transmission permissions of the corresponding abnormally active nodes are suspended.

2. The software development information security management method based on distributed backup according to claim 1, characterized in that: The process of identifying active nodes in software development information is as follows: Process participation data includes the number of tasks that should have been completed and the number of tasks that were actually completed. By processing the online time and process participation data of nodes participating in distributed backup, we can obtain the online time ratio and task completion rate of the nodes. Using the analytic hierarchy process (AHP), weight coefficients are set for the online time percentage and task completion rate of nodes. The online time percentage and task completion rate of nodes are weighted and summed to obtain the activity representation value of nodes. If the active representation value of a node is greater than or equal to the active representation value threshold of the node, then the corresponding node is recorded as an active node.

3. The software development information security management method based on distributed backup according to claim 2, characterized in that: The process for obtaining the online time percentage of the node is as follows: A preset monitoring period is set. Based on any node, the online duration of the node within the monitoring period is obtained through the node's built-in heartbeat reporting mechanism, and the percentage of online duration of the node is calculated.

4. The software development information security management method based on distributed backup according to claim 2, characterized in that: The process for obtaining the task completion rate of the node is as follows: By backing up task logs, the number of tasks that a node should participate in and the number of tasks that it actually completes during the monitoring period are statistically analyzed. The ratio of the number of tasks that should be participated in to the number of tasks that are actually completed is calculated to obtain the task completion rate of the node.

5. The software development information security management method based on distributed backup according to claim 2, characterized in that: The process of constructing the sensitive data feature library is as follows: Sensitive data includes sensitive data such as core algorithm source code, sensitive data such as test data of user privacy information, and sensitive data such as database connection credentials and API keys; For sensitive data such as core algorithm source code, extract file morphological features, content semantic features, and storage path features; For sensitive data such as test data containing user privacy information, extract data format features, data field features, and data format features. For sensitive data such as database connection credentials and API keys, extract keyword features and data structure features: Keyword features; Add associated attribute labels to each type of feature, and organize the standardized features with associated attributes according to the hierarchical structure of sensitive data type, feature type, and associated labels to form a standardized feature set. The standardized feature set is the direct content to be added to the feature library. The standardized feature set is stored in the feature library storage carrier according to the preset data structure, thus completing the construction of the sensitive data feature library.

6. The software development information security management method based on distributed backup according to claim 5, characterized in that: The process of identifying sensitive data of active nodes is as follows: By using deep packet inspection technology, the content of synchronization data packets is parsed, matched against a sensitive data feature library, and sensitive data of active nodes is identified.

7. The software development information security management method based on distributed backup according to claim 6, characterized in that: The process for assessing the transmission exposure risk of active nodes is as follows: By performing quantitative deviation analysis on the sensitive data transmission traffic of active nodes, the abnormal risk coefficient of active nodes is obtained. If the abnormal risk coefficient is greater than or equal to the abnormal risk coefficient threshold, it indicates that the transmission exposure risk of abnormally active nodes is high. Otherwise, it indicates that the transmission exposure risk of abnormally active nodes is low.

8. The software development information security management method based on distributed backup according to claim 7, characterized in that: The process for obtaining the anomaly risk coefficient of the active node is as follows: The backup client uses block-level transmission statistics to divide sensitive data into fixed-size data blocks. Each time a data block is transmitted, the size of that data block is immediately added to the sensitive data transmission traffic statistics pool. Based on any sensitive data, the transmission traffic of the sensitive data is subtracted from the transmission traffic limit to obtain the transmission traffic deviation of the sensitive data. If the transmission traffic deviation is greater than 0, the corresponding sensitive data will be recorded as abnormal traffic data. The transmission traffic deviation of abnormal traffic data of active nodes is extracted. The analytic hierarchy process (AHP) is used to set weight coefficients for abnormal traffic data. The transmission traffic deviation of abnormal traffic data is multiplied by the set weight coefficients to obtain the risk contribution value of abnormal traffic data. The risk contribution values ​​of all abnormal traffic data are summed and averaged to obtain the abnormal risk coefficient of active nodes.

9. A software development information security management method based on distributed backup according to claim 7, characterized in that: The process of collecting historical transmission traffic of sensitive data from low-risk active nodes during historical periods and performing risk trend analysis is as follows: Based on the low transmission exposure risk of abnormally active nodes, the historical period is divided into several historical time points according to the same time interval. The time period between two adjacent historical time points is recorded as a historical sub-period. The transmission traffic of sensitive data of abnormally active nodes within the historical sub-period is counted and recorded as the unit transmission traffic of the historical sub-period. The unit transmission traffic of all historical sub-periods is integrated into a unit transmission traffic sequence according to time order. The unit transmission traffic of two adjacent historical sub-periods in the unit transmission sequence is used as an analysis window. By processing the unit transmission traffic of the historical sub-periods within the analysis window, the growth quantity value and growth degree value are obtained. The trend risk coefficient is obtained by multiplying the growth quantity value and the growth degree value. If the trend risk coefficient is greater than or equal to the trend risk coefficient threshold, it indicates that the risk of sensitive data transmission exposure from abnormally active nodes in the historical period is showing an increasing trend. Otherwise, it indicates that the risk of sensitive data transmission exposure from abnormally active nodes during the historical period shows a non-increasing trend.

10. A software development information security management method based on distributed backup according to claim 9, characterized in that: The process for determining the growth quantity and growth degree values ​​is as follows: Based on any analysis window, the difference between the unit transmission traffic of the previous historical sub-period and the unit transmission traffic of the next historical sub-period within the analysis window is processed, and then the ratio is processed with the unit transmission traffic of the previous historical sub-period to obtain the traffic change rate of the analysis window. If the rate of change of flow in the analysis window is greater than 0, then the corresponding analysis window is recorded as the flow growth window; Calculate the percentage of traffic growth windows and record it as the growth value; The difference between the flow change rate of the flow growth window and the standard value of the flow change rate is used to obtain the flow change deviation value. The flow change deviation values ​​of all flow growth windows are summed and averaged. Then, the average value is calculated and compared with the standard value of the flow change rate to obtain the growth degree value.