A computing power optimization method and system for cloud computing data center transmission
By implementing layered deployment and resource isolation in cloud computing data centers, combining multi-dimensional criteria to quantify priorities and real-time anomaly detection, and utilizing machine learning for resource prediction and SDN network control, the challenges of load balancing and secure transmission in cloud computing data centers are solved. This achieves improved real-time performance and resource utilization for high-security tasks, ensuring the stability and reliability of data centers.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- NANJING XIAOWA TOURISM TECHNOLOGY CO LTD
- Filing Date
- 2026-03-16
- Publication Date
- 2026-06-05
AI Technical Summary
In cloud computing data centers, how to find a reasonable balance between dynamic allocation of computing node resources and transmission security, optimize load balancing strategies, ensure the real-time performance of high-security tasks and efficient utilization of resources, and especially achieve rapid and effective transmission status monitoring and anomaly identification when node resource usage is complex and ever-changing.
By employing layered deployment and resource isolation, multi-dimensional criteria for prioritization, real-time anomaly detection and response, machine learning prediction and risk assessment, and SDN network path control, SLA guarantees for high-security tasks, maximizing resource utilization, and enhancing system adaptability and resilience are achieved. Specific measures include: deploying latency-sensitive services and high-throughput data on real-time computing nodes and high-throughput transmission nodes respectively, dividing them into core service resource pools and general service resource pools, and enabling hardware root trust verification, differential network segmentation, and role-based access control in high-security isolation domains; using the analytic hierarchy process (AHP) to evaluate task priorities, utilizing the DBSCAN algorithm to identify anomaly patterns, and combining random forest and multivariate regression models for resource prediction and scheduling; and using an SDN security gateway for traffic anomaly detection and real-time policy adjustment.
It achieves improved real-time response capabilities and resource utilization for critical businesses while ensuring high-level security, task isolation, and data consistency. It also ensures the stability and reliability of cloud computing data centers, reduces SLA default rates, and enhances system adaptability and resource utilization efficiency.
Smart Images

Figure CN122160394A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data transmission technology, and in particular to a computing power optimization method and system for cloud computing data center transmission. Background Technology
[0002] In cloud computing data centers, the separation of compute nodes and storage nodes, along with the layered design of service resources, while improving overall performance and maintainability, also brings new challenges in the dynamic allocation of compute node resources and the assurance of transmission security. Addressing the varying demands for real-time responsiveness, security levels, and resource consumption among different business tasks within the data center, how to achieve dynamic load balancing and efficient resource adjustment within limited compute node resources to ensure the security and real-time performance of core business nodes has become a crucial technical challenge that this invention urgently needs to solve. Specifically, in actual cloud computing data centers, compute nodes undertaking high-security-level critical tasks typically require higher real-time processing capabilities and data consistency assurance. Therefore, frequent task reallocation or load adjustment for these nodes should be avoided as much as possible to reduce potential data transmission risks. However, when the overall resource distribution of the data center is uneven, and some nodes face computing power shortages or idleness, excessively restricting load adjustment between compute nodes will inevitably lead to a decline in overall system performance. Therefore, finding a reasonable dynamic balance between node security assurance and efficient and balanced utilization of overall data center computing resources, and optimizing load balancing strategies, has become a crucial technical problem that this invention urgently needs to overcome. Furthermore, during the real-time adjustment of compute node load balancing, the complex and ever-changing resource usage states between nodes make traditional data transmission quality monitoring methods difficult to adapt quickly and effectively. Therefore, it is urgent to design an efficient and reliable compute node transmission status optimization mechanism that fully utilizes the spatiotemporal correlation characteristics of node resource usage states to achieve real-time transmission status monitoring and rapid identification of anomalies during the dynamic adjustment of node resources, thereby ensuring the stability and reliability of critical business data transmission in cloud computing data centers. Summary of the Invention
[0003] The technical problem to be solved by this invention is to provide a computing power optimization method and system for cloud computing data center transmission. By layered deployment and resource isolation, multi-dimensional criteria for priority quantification, real-time anomaly detection and response, machine learning prediction and risk assessment, and minimum incremental dynamic scheduling combined with SDN network path control, it achieves SLA guarantee for high-security tasks, maximizes resource utilization, and improves system adaptive elasticity.
[0004] To achieve the above objectives, the present invention provides the following technical solution:
[0005] A method for optimizing computing power in cloud computing data center transmission, the method comprising:
[0006] Latency-sensitive services and high-throughput data are deployed on real-time computing nodes and high-throughput transmission nodes, respectively. The computing resource domain is divided into a core business resource pool and a general business resource pool, respectively handling high-security and high-real-time tasks, and ordinary transmission and batch processing tasks. Based on task security levels, computing nodes are divided into high-security isolation domains and ordinary isolation domains, with hardware root of trust verification, differential network segmentation, and role-based access control policies enabled in the high-security isolation domain. Based on business security levels, latency requirements, communication coupling, and data consistency needs, tasks are evaluated using the analytic hierarchy process (AHP) to generate a task priority list. The CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected, and DBSCAN is used to calculate... The method performs anomaly pattern recognition on multidimensional time-series data. When an anomaly is detected, dynamic resource scheduling is triggered, and the affected tasks are redistributed to healthy nodes or resource quotas are adjusted. Combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth and I / O load, a random forest model is used to predict the processing time of core services with different resource allocations. When the predicted processing time of high-security-level core services exceeds the SLA threshold, the expected processing time output by the multivariate regression model and the migration risk score calculated based on bandwidth fluctuation, latency jitter and data consistency risk are combined to determine whether cross-node resource redistribution is allowed, and the number of CPU cores, memory and bandwidth quotas to be migrated are calculated based on the principle of minimum feasible resource quantity.
[0007] As a further aspect of the method of this invention, based on the security level of the task, the computing nodes are divided into a high-security isolation domain and a normal isolation domain, and hardware root of trust verification, differential network segmentation, and role-based access control policies are enabled in the high-security isolation domain, specifically including:
[0008] Measure and verify the integrity of firmware, BIOS, and hypervisor during node startup;
[0009] Enable a trusted execution environment to provide hardware-level isolation for the memory and computation of critical business processes;
[0010] A two-layer micro-network segmentation is adopted. VLANs are configured on physical switches to physically isolate traffic in high-security isolation zones. At the virtual network layer, isolation zones are further divided through VXLAN tunnels to achieve logical isolation across data centers / clusters.
[0011] Based on the RBAC model, the minimum privilege roles of scheduling, operation and maintenance, and auditing are defined respectively. The scheduling role can only issue resource scheduling instructions and cannot read / modify security audit logs. The operation and maintenance role can only perform security maintenance operations such as firmware upgrades and key management. The auditing role can only read security event logs and network traffic audit data.
[0012] Deploy traffic mirroring and DPI engines at the isolation domain boundary to perform deep inspection of cross-domain traffic and intercept unauthorized protocols and abnormal data packets in real time.
[0013] As a further aspect of the method of this invention, the analytic hierarchy process (AHP) is used to weighted evaluate tasks and generate a task priority list for resource scheduling, specifically including:
[0014] Construct a hierarchical model for task evaluation, placing the task's security level, latency sensitivity, communication coupling degree, and data consistency requirements in the criteria layer respectively;
[0015] Fill in the judgment matrix using the pairwise comparison method, and score the pairwise importance of each criterion on a scale of 1 to 9.
[0016] Calculate and normalize the eigenvectors of the judgment matrix to obtain the weights of each criterion;
[0017] Perform a consistency check on the judgment matrix, calculate the consistency ratio, and ensure that the consistency ratio is less than 0.1;
[0018] The performance score of each task under each criterion is multiplied by its corresponding weight and then summed to obtain the overall score of the task.
[0019] Sort tasks by comprehensive score from highest to lowest, generate a task priority list and output it to the resource scheduling engine to guide computing power allocation.
[0020] As a further aspect of the method of this invention, the CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected, and the DBSCAN algorithm is used to identify abnormal patterns in the multi-dimensional time-series data. When abnormal node resource usage is detected, dynamic resource scheduling is triggered to reallocate the affected tasks to healthy nodes or adjust resource quotas. Specifically, this includes:
[0021] Every 10 seconds, CPU utilization, memory usage, network packet transmission and reception, and I / O latency are collected from all computing nodes to form a time series matrix of 6 time points × 4 indicators;
[0022] Perform numerical normalization on each index in the matrix;
[0023] DBSCAN was used to cluster the normalized time series matrix, and data points marked as Noise were identified as anomalous samples.
[0024] When a node produces abnormal samples in two consecutive sampling windows, the current node is determined to be a performance bottleneck node.
[0025] For tasks running on performance bottleneck nodes, try to schedule them to healthy nodes in the same resource domain with CPU utilization of less than or equal to 70% and memory usage of less than or equal to 60% in order of priority from low to high.
[0026] If no healthy nodes are available, a short-term mitigation will be implemented on the bottleneck node, reducing its CPU CFS quota by 10% and limiting its network bandwidth by 10%.
[0027] Once the current node's resource usage is detected to have returned to normal levels, the initial quota will be automatically restored and the operational status model will be updated.
[0028] As a further aspect of the method of this invention, combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth, and I / O load, a random forest model is used to predict the expected processing time of core services under different resource allocation schemes, specifically including:
[0029] The response time, throughput, CPU utilization, memory utilization, network packet transmission and reception volume, and disk I / O latency of the core business are collected at 1-second intervals. The collected data is denoised and normalized, and missing values are filled in using linear interpolation.
[0030] Use the sliding window statistics of the above indicators over the past 5 minutes as input features, and add resource allocation scheme features;
[0031] The processed samples were divided into training and validation sets at a ratio of 80 / 20. The random forest model was trained using the training set, the model was evaluated using five-fold cross-validation, and the model hyperparameters were tuned by minimizing the mean squared error.
[0032] In the real-time scheduling phase, the current node monitoring data and candidate resource quota schemes are used as inputs, and the trained random forest model is called to output the expected response time under each scheme.
[0033] The model's predicted values are compared with the actual monitored values to obtain the prediction error, and model retraining / parameter fine-tuning is triggered when the error exceeds 10%.
[0034] The final computing resource allocation decision is made by combining the predicted response time feedback of each resource plan with task priority and migration risk.
[0035] As a further aspect of the method of this invention, when the predicted response time of a high-security-level core service exceeds the SLA threshold, the expected processing time output by the multivariate regression model is combined with the migration risk score calculated based on bandwidth fluctuations, latency jitter, and data consistency risks to determine whether cross-node resource reallocation is allowed. Furthermore, based on the principle of minimum feasible resource quantity, the number of CPU cores, memory, and bandwidth quotas to be migrated are calculated, specifically including:
[0036] Target nodes are filtered based on task priority and security level, requiring that the nodes simultaneously meet the following conditions: CPU utilization less than or equal to 70%, memory usage less than or equal to 60%, and network bandwidth idle time greater than or equal to 30%.
[0037] If the predicted response time is greater than the SLA threshold, then the latency difference is calculated;
[0038] A linear incremental equation is constructed using the weighted sum of the required increase in CPU cores, memory, and bandwidth. The least squares method is then used to solve the equation to obtain the minimum feasible resource increment.
[0039] If the migration risk score is less than or equal to the preset threshold, cross-node resource reallocation to the target node will be performed; otherwise, the node annihilation mechanism will be triggered.
[0040] After completing the resource reallocation, record the operation log and continuously monitor the performance of critical tasks. If the performance recovers to within the SLA requirements, end the scheduling; otherwise, re-evaluate and adjust the incremental plan.
[0041] As a further embodiment of the method of the present invention, the method further includes:
[0042] Based on the network traffic feature signature detection algorithm, the network traffic during the cross-node migration of core business is collected in real time, and a multi-dimensional traffic feature signature is generated by packet length distribution, arrival time interval, protocol distribution ratio, TCP / UDP session statistics and traffic entropy characteristics.
[0043] Based on traffic feature signatures, a machine learning model combining convolutional neural networks and autoencoders is used to train a traffic anomaly detection model to identify deviations / anomalies in traffic feature signatures in real time.
[0044] When abnormal traffic is detected, the SDN security gateway is triggered to send a security alert and the abnormal traffic data is marked and stored.
[0045] The SDN security gateway performs correlation analysis on abnormal traffic data and network logs to generate security threat intelligence and update the threat intelligence database.
[0046] Based on threat intelligence, the cross-node resource allocation strategy and network isolation parameters are dynamically adjusted, and migration bandwidth quotas are adjusted in real time, VLAN / VXLAN isolation policies are modified, and migration rollback operations are triggered.
[0047] As a further aspect of the method of the present invention, when abnormal traffic is detected, the SDN security gateway is triggered to send a security alarm, and the abnormal traffic data is marked and stored, further comprising:
[0048] Get a snapshot of network traffic packets during the current abnormal period;
[0049] The network traffic packet snapshots during abnormal periods are analyzed using a traffic rounding tool to determine whether the core business data packets are complete and consistent before and after the migration. If packet loss / tampering is detected, the data retransmission and recovery process is triggered.
[0050] After the service is restored by retransmission, integrity is checked again. If packet loss or duplicate / illegal tampering is still detected, the security incident handling process is triggered. The security incident handling process includes alarm shutdown of the session and isolation of the affected node.
[0051] Based on the flow rate curve and alarm time point, determine whether the abnormal flow is caused by a short-term surge in flow. If so, use flow shaping technology to regularize the flow and then use a malicious flow detection tool to perform a security scan on the regularized flow.
[0052] A computing power optimization system for cloud computing data center transmission, used to implement the aforementioned computing power optimization method for cloud computing data center transmission, the system comprising:
[0053] The node management module is used to divide computing nodes into real-time computing node groups and high-throughput transmission node groups based on the latency sensitivity and bandwidth requirements of cloud computing data center services.
[0054] The offline resource mode pre-training module is used to build support sets and query sets based on historical node operation logs and task scheduling feedback, and to obtain initial policy parameters through meta-learning training of a general resource scheduling model.
[0055] The online policy adaptive module is used to collect snapshots of node CPU utilization, memory usage, network queue length and I / O latency status in real time, and combine them with the load prediction model to generate task-specific scheduling policies.
[0056] The monitoring module is used to periodically collect performance indicators of each node and identify performance bottleneck nodes through the DBSCAN algorithm.
[0057] The priority evaluation module is used to calculate weights and sort tasks based on business security level, latency requirements, communication coupling degree and data consistency requirements using the analytic hierarchy process.
[0058] The performance prediction module is used to predict response time, throughput and historical performance logs based on key tasks, train a random forest model and predict task response time and throughput efficiency under candidate resource schemes.
[0059] The risk assessment module is used to build a risk model based on inter-node bandwidth fluctuations, network jitter, and data consistency risks, and to calculate the risk value of task migration across nodes.
[0060] The scheduling and execution module is used to perform the minimum feasible cross-node resource reallocation after comprehensively considering task priority, performance prediction results and migration risks.
[0061] The path control module is used to distribute flow tables through the OpenFlow 1.3 / P4 programmable switch to achieve dynamic adjustment and rollback control of network paths.
[0062] As a further embodiment of the system of the present invention, the system also includes a storage medium storing computer-executable instructions, wherein when the computer-executable instructions are executed, any of the above steps are implemented sequentially. A computing power optimization method for cloud computing data center transmission can be used in different scenarios, by classifying and optimizing computing power, performing deep learning, and applying it to various industrial internet platforms.
[0063] The technical effects of this invention, a computing power optimization method and system for cloud computing data center transmission, are as follows: This invention deploys latency-sensitive services and high-throughput data in a layered manner to real-time computing nodes and transmission nodes, and divides the computing power resource domain into a core service resource pool and a general service resource pool. In the high-security isolation domain, hardware root trust verification, differential network segmentation, and role-based access control are enabled to achieve multi-dimensional security isolation. The analytic hierarchy process (AHP) is used to dynamically evaluate task priorities, and the DBSCAN algorithm is used to identify anomalies in CPU, memory, network, and I / O timing data to promptly detect performance bottlenecks. Random forest and multivariate regression models are used to predict core service response times and computing migration risk scores, and cross-node resource reallocation or rate limiting is implemented based on the minimum feasible resource increment principle. Simultaneously, a deep learning model trained based on multi-dimensional traffic feature signatures is used to monitor cross-node migration traffic in real time and trigger SDN security gateway anomaly interception and rollback. Finally, a programmable switch dynamically distributes flow tables to achieve network path adjustment and rollback control. This improves the real-time response capability and resource utilization of critical services while ensuring high-security task isolation and data consistency, achieving efficient, secure, and reliable dynamic scheduling and transmission assurance of computing power resources. Attached Figure Description
[0064] Figure 1 This is a flowchart of a computing power optimization method for cloud computing data center transmission according to the present invention;
[0065] Figure 2 This is a system block diagram of a computing power optimization system for cloud computing data center transmission according to the present invention. Detailed Implementation
[0066] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0067] Example 1
[0068] like Figure 1 As shown, this invention proposes a computing power optimization method for cloud computing data center transmission, the method comprising:
[0069] Latency-sensitive services and high-throughput data are deployed on real-time computing nodes and high-throughput transmission nodes, respectively. The computing resource domain is divided into a core business resource pool and a general business resource pool, respectively handling high-security and high-real-time tasks, and ordinary transmission and batch processing tasks. Based on the security level of the tasks, computing nodes are divided into high-security isolation domains and ordinary isolation domains, with hardware root of trust verification, differential network segmentation, and role-based access control policies enabled in the high-security isolation domain. Based on the service security level, latency requirements, communication coupling, and data consistency needs, the analytic hierarchy process (AHP) is used to enhance task evaluation and generate a task priority list for resource scheduling. The CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected, and the DBSCAN algorithm is used to analyze these metrics. Anomaly pattern recognition is performed on multidimensional time-series data. When abnormal node resource usage is detected, dynamic resource scheduling is triggered to reallocate affected tasks to healthy nodes or adjust resource quotas. Combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth, and I / O load, a random forest model is used to predict the expected processing time of core services under different resource allocation schemes. When the predicted response time of high-security-level core services exceeds the SLA threshold, the expected processing time output by the multivariate regression model and the migration risk score calculated based on bandwidth fluctuation, latency jitter, and data consistency risk are combined to determine whether cross-node resource reallocation is allowed. Based on the principle of minimum feasible resource quantity, the number of CPU cores, memory, and bandwidth quotas to be migrated are calculated.
[0070] For example, a cloud computing data center might deploy 20 computing nodes, including 10 real-time computing nodes (each with 32 CPU cores and 64GB of memory) and 10 high-throughput transmission nodes (each with 16 CPU cores, 128GB of memory, and 10 Gbps of network bandwidth), physically divided into core business resource pools and general business resource pools. The specific implementation process is as follows:
[0071] (1) Initial deployment and service layering: Deploy all latency-sensitive online transaction processing services (SLA less than or equal to 50ms) to 10 real-time computing nodes, monitor the peak demand of TPS (Transactions Per Second) of about 500 TPS, deploy high-throughput jobs such as batch log aggregation and offline data analysis to 10 high-throughput transmission nodes, and process about 5 million records in batches at night.
[0072] (2) Task priority evaluation: Based on the security level, latency sensitivity, communication coupling degree and data consistency requirements, an AHP model is established for the 8 types of tasks to be scheduled (including 3 types of high security level, 2 types of strong real-time, and 3 types of ordinary batch tasks). A weight matrix is generated and passed through the consistency test (CR=0.05<0.1) to obtain a comprehensive priority list.
[0073] (3) Real-time monitoring and anomaly detection: Every 5 seconds, the CPU utilization, memory usage, network packet transmission and reception volume and I / O latency of all nodes are collected to form a 4×6 time series data matrix. DBSCAN (ε=0.3, MinPts=5) clustering is applied to the normalized time series matrix. Points marked as Noise are judged as abnormal samples. If a node has two consecutive windows of anomalies, it is regarded as a performance bottleneck.
[0074] (4) Dynamic resource scheduling: When the CPU utilization of real-time computing node Node-05 is detected to be higher than 90% and continuous abnormal samples occur, the system selects a real-time computing node Node-12 from the general resource pool according to priority, and migrates the lowest priority batch log writing task on Node-05. If there are no available nodes in the general resource pool, short-term relief is performed on Node-05: its CPU CFS quota is reduced by 10% and its bandwidth is limited by 10%;
[0075] (5) Performance prediction and cross-node migration: The random forest model (5-fold cross-validation MSE minimization) is trained using the core business response time, throughput and node resource status collected in the past 5 minutes. When the predicted response time of the real-time transaction service exceeds 50 ms (SLA threshold), the expected processing time output by the multivariate regression and the migration risk score (calculated based on bandwidth fluctuation, latency jitter and data consistency risk, RiskScore=0.12<0.2) are combined to decide to allow cross-node reallocation. According to the principle of minimum feasible resource quantity, the resources to be migrated are calculated through linear incremental equation as 2 CPU cores, 4GB memory and 500Mbps bandwidth, and they are allocated from Node-12 to Node-05.
[0076] (6) Migration execution and verification: After completing the cross-node resource reallocation, continuously monitor the real-time transaction service response time, restore it to an average of 42ms within 5s, record the operation log, and restore the initial quota application and self-learning model update after the performance stabilizes.
[0077] Through the above implementation process, this invention not only achieves scenario-based layered deployment and dynamic scheduling under the premise of high-security task isolation and data consistency assurance, but also effectively identifies performance bottlenecks and completes cross-node resource migration based on online monitoring and intelligent prediction, thereby ensuring the stable and efficient operation of critical services in cloud computing data centers.
[0078] It should be noted that, in this embodiment, based on the security level of the task, the computing nodes are divided into a high-security isolation domain and a normal isolation domain. Hardware root of trust verification, differential network segmentation, and role-based access control policies are enabled in the high-security isolation domain, specifically including:
[0079] Measure and verify the integrity of firmware, BIOS, and hypervisor during node startup to ensure boot chain trust;
[0080] Enable a trusted execution environment to provide hardware-level isolation for the memory and computation of critical business processes;
[0081] A two-layer micro-network segmentation is adopted. VLANs are configured on physical switches to physically isolate traffic in high-security isolation zones. At the virtual network layer, isolation zones are further divided through VXLAN tunnels to achieve logical isolation across data centers / clusters.
[0082] Based on the RBAC model, the minimum privilege roles of scheduling, operation and maintenance, and auditing are defined respectively. The scheduling role can only issue resource scheduling instructions and cannot read / modify security audit logs. The operation and maintenance role can only perform security maintenance operations such as firmware upgrades and key management. The auditing role can only read security event logs and network traffic audit data.
[0083] Deploy traffic mirroring and DPI engines at the isolation domain boundary to perform deep inspection of cross-domain traffic, intercept unauthorized protocols and abnormal data packets in real time, and ensure secure and reliable data transmission between the high-security isolation domain and other domains.
[0084] Through the multi-dimensional security measures described in this embodiment, such as hardware root of trust verification, trusted execution environment isolation, two-layer differential network segmentation, least privilege RBAC control, traffic mirroring, and DPI deep detection, end-to-end protection is formed at each stage of node startup, operation, and network transmission. This prevents the startup chain from being tampered with, critical business processes from being accessed without authorization, or side-channel attacks in real time, and can quickly intercept abnormal cross-domain traffic. This improves the trustworthiness, security, and anti-attack capabilities of the high-security isolation domain, ensuring the confidentiality, integrity, and availability of core business data transmission.
[0085] It should be noted that the Analytic Hierarchy Process (AHP) is used to weight and evaluate tasks, generating a task priority list for resource scheduling. This list includes:
[0086] Construct a hierarchical model for task evaluation, placing the task's security level, latency sensitivity, communication coupling degree, and data consistency requirements in the criteria layer respectively;
[0087] Fill in the judgment matrix using the pairwise comparison method, and score the pairwise importance of each criterion on a scale of 1 to 9.
[0088] Calculate and normalize the eigenvectors of the judgment matrix to obtain the weights of each criterion;
[0089] Perform a consistency check on the judgment matrix, calculate the consistency ratio, and ensure that the consistency ratio is less than 0.1;
[0090] The performance score of each task under each criterion is multiplied by its corresponding weight and then summed to obtain the overall score of the task.
[0091] Sort tasks by comprehensive score from highest to lowest, generate a task priority list and output it to the resource scheduling engine to guide computing power allocation.
[0092] Unlike traditional scheduling methods based on single factors or static priorities, this invention introduces the analytic hierarchy process (AHP) to quantitatively assign weights and verify consistency of multi-dimensional criteria such as security level, latency sensitivity, communication coupling, and data consistency requirements. This enables the scientific quantification and dynamic adjustment of task priorities, improving the objectivity and adaptability of resource scheduling.
[0093] It should be noted that the CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected, and the DBSCAN algorithm is used to identify abnormal patterns in the multi-dimensional time-series data. When abnormal node resource usage is detected, dynamic resource scheduling is triggered, which reallocates the affected tasks to healthy nodes or adjusts resource quotas. Specifically, this includes:
[0094] Every 10 seconds, CPU utilization, memory usage, network packet transmission and reception, and I / O latency are collected from all computing nodes to form a time series matrix of 6 time points × 4 indicators;
[0095] Perform numerical normalization on each index in the matrix;
[0096] DBSCAN was used to cluster the normalized time series matrix, and data points marked as Noise were identified as anomalous samples.
[0097] When a node produces abnormal samples in two consecutive sampling windows, the current node is determined to be a performance bottleneck node.
[0098] For tasks running on performance bottleneck nodes, try to schedule them to healthy nodes in the same resource domain with CPU utilization of less than or equal to 70% and memory usage of less than or equal to 60% in order of priority from low to high.
[0099] If no healthy nodes are available, a short-term mitigation will be implemented on the bottleneck node, reducing its CPU CFS quota by 10% and limiting its network bandwidth by 10%.
[0100] Once the current node's resource usage is detected to have returned to normal levels, the initial quota will be automatically restored and the operational status model will be updated.
[0101] By employing 10-second-level multi-dimensional time-series indicator collection, normalized preprocessing, and the DBSCAN clustering algorithm, abnormal node resource usage is accurately identified. Combined with continuous window judgment, priority-driven task reallocation, and short-term mitigation strategies, rapid location of performance bottleneck nodes and dynamic resource adjustment are achieved. This not only significantly improves the real-time performance and accuracy of anomaly detection, avoiding missed detections and misjudgments in multi-indicator scenarios using traditional thresholds or empirical rules, but also enhances the system's adaptability and robustness through automatic recovery and model update mechanisms, ensuring high availability, resource utilization efficiency, and consistent service quality of the cloud computing data center under complex loads and sudden anomalies. By combining cross-domain migration with local rate limiting, the SLA default rate of critical businesses is effectively reduced, and automated fine-grained resource management and stable performance improvement are achieved. Through model feedback optimization, the system adjusts resources according to business changes, maximizing resource utilization.
[0102] It should be noted that, combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth, and I / O load, a random forest model is used to predict the expected processing time of core services under different resource allocation schemes, specifically including:
[0103] The response time, throughput, CPU utilization, memory utilization, network packet transmission and reception volume, and disk I / O latency of the core business are collected at 1-second intervals. The collected data is denoised and normalized, and missing values are filled in using linear interpolation.
[0104] Use the sliding window statistics of the above indicators over the past 5 minutes as input features, and add resource allocation scheme features;
[0105] The processed samples were divided into training and validation sets at a ratio of 80 / 20. The random forest model was trained using the training set, the model was evaluated using five-fold cross-validation, and the model hyperparameters were tuned by minimizing the mean squared error.
[0106] In the real-time scheduling phase, the current node monitoring data and candidate resource quota schemes are used as inputs, and the trained random forest model is called to output the expected response time under each scheme.
[0107] The model's predicted values are compared with the actual monitored values to obtain the prediction error, and model retraining / parameter fine-tuning is triggered when the error exceeds 10%.
[0108] The final computing resource allocation decision is made by combining the predicted response time feedback of each resource plan with task priority and migration risk.
[0109] By monitoring core business response time, throughput, and multi-dimensional metrics such as CPU utilization, memory utilization, network packet transmission and reception volume, and disk I / O latency of each computing node in real time (1 second level), and combining the characteristics of different resource quota schemes, a random forest prediction model is constructed using preprocessing techniques such as data denoising, normalization, and linear interpolation. Training and hyperparameter tuning are performed using 80 / 20 sample partitioning and five-fold cross-validation. A predictor with high generalization ability is obtained by minimizing the mean squared error. In the real-time scheduling phase, the current monitoring data and candidate resource configurations are input into the model, outputting the expected processing time of core business under each scheme. When the predicted value... When the deviation from the actual value exceeds 10%, online error monitoring and model retraining or fine-tuning are automatically triggered. Finally, highly accurate resource allocation decisions are made by combining task priority and migration risk scores. Compared with existing scheduling methods based on static thresholds or empirical rules, this invention can perceive and quantify the nonlinear relationship between resource usage and business performance throughout the entire process, identify and avoid performance bottlenecks in advance, achieve adaptive response to sudden peak loads and abnormal scenarios, maximize resource utilization, reduce SLA default risk, and continuously adapt to business fluctuations and hardware iterations through online model updates, significantly improving the availability, stability and system elasticity of cloud computing data centers.
[0110] It should be noted that when the predicted response time of high-security-level core services exceeds the SLA threshold, the expected processing time output by the multivariate regression model is combined with the migration risk score calculated based on bandwidth fluctuations, latency jitter, and data consistency risks to determine whether cross-node resource reallocation is allowed. Based on the principle of minimum feasible resource quantity, the number of CPU cores, memory, and bandwidth quotas to be migrated are calculated, specifically including:
[0111] Target nodes are filtered based on task priority and security level, requiring that the nodes simultaneously meet the following conditions: CPU utilization less than or equal to 70%, memory usage less than or equal to 60%, and network bandwidth idle time greater than or equal to 30%.
[0112] If the predicted response time is greater than the SLA threshold, then the latency difference is calculated;
[0113] A linear incremental equation is constructed using the weighted sum of the required increase in CPU cores, memory, and bandwidth. The least squares method is then used to solve the equation to obtain the minimum feasible resource increment.
[0114] If the migration risk score is less than or equal to the preset threshold, cross-node resource reallocation to the target node will be performed; otherwise, the node annihilation mechanism will be triggered.
[0115] After completing the resource reallocation, record the operation log and continuously monitor the performance of critical tasks. If the performance recovers to within the SLA requirements, end the scheduling; otherwise, re-evaluate and adjust the incremental plan.
[0116] Compared with existing technologies, this embodiment achieves the following advancements in cross-node resource allocation for high-security core services:
[0117] Predictive-driven approach replaces static thresholds: Random forests and multivariate regression models are used to quantitatively predict business response time and migration risk, replacing the traditional single static threshold judgment, which greatly improves the accuracy and foresight of scheduling decisions.
[0118] Minimum incremental optimization of risk perception: Based on the risk scores of bandwidth fluctuation, latency jitter and data consistency, the minimum feasible resource increment is solved by the least squares method, which avoids the inefficiency and waste of excessive resource allocation for security or performance in existing methods.
[0119] Security level coupled scheduling strategy: Migration is only performed when the risk score is lower than the preset threshold and the target node meets the multi-dimensional resource idleness requirements; otherwise, the disaster recovery mechanism is automatically triggered, ensuring the consistency and reliability of high-security services during dynamic adjustment.
[0120] Closed-loop online adaptive: After the migration is completed, the system continuously monitors the performance and automatically fine-tunes the model and incremental scheme based on the actual response and prediction error, which significantly improves the system's ability to adapt to sudden load fluctuations and hardware status changes.
[0121] These innovations enable cloud computing data centers to achieve more efficient, reliable, and resource-saving dynamic cross-node computing power scheduling while ensuring high-security business SLAs.
[0122] It should be noted that the method further includes:
[0123] Based on the network traffic feature signature detection algorithm, the network traffic during the cross-node migration of core business is collected in real time, and a multi-dimensional traffic feature signature is generated by packet length distribution, arrival time interval, protocol distribution ratio, TCP / UDP session statistics and traffic entropy characteristics.
[0124] Based on traffic feature signatures, a machine learning model combining convolutional neural networks and autoencoders is used to train a traffic anomaly detection model to identify deviations / anomalies in traffic feature signatures in real time.
[0125] When abnormal traffic is detected, the SDN security gateway is triggered to send a security alert and the abnormal traffic data is marked and stored.
[0126] The SDN security gateway performs correlation analysis on abnormal traffic data and network logs to generate security threat intelligence and update the threat intelligence database.
[0127] Based on threat intelligence, the cross-node resource allocation strategy and network isolation parameters are dynamically adjusted, and migration bandwidth quotas are adjusted in real time, VLAN / VXLAN isolation policies are modified, and migration rollback operations are triggered.
[0128] As shown in Table 1, the advancements of the network traffic signature detection and SDN security gateway linkage control methods in this invention compared to typical existing technologies are as follows:
[0129] Table 1 Comparison of Prior Art with the Method of the Invention Mentioned Herein Described in This Embodiment
[0130] Comparison items Existing technology This invention Technical effect Traffic feature extraction dimensions Common packet length thresholds, IP / port blacklists, and single session count monitoring. Multidimensional traffic feature signature (packet length distribution, arrival interval, protocol ratio, TCP / UDP session statistics, traffic entropy) Improve the coverage and accuracy of anomaly detection, and reduce false negatives and false positives under a single threshold. Anomaly detection model Based on fixed thresholds or manual rules (such as the SNORT signature library). CNN + autoencoder deep learning model, combining multi-dimensional features for automatic learning It can identify unknown or mutated attacks, with accuracy and recall rates significantly better than rule bases. Alarm response methods Alarms issued by standalone IDS / IPS require manual review and intervention. Integrates with SDN security gateways to automatically send alerts and tag traffic. Response time has been reduced from minutes to milliseconds, and the level of automation has been greatly improved. Threat intelligence generation Offline log analysis, manual summarization and updates The SDN gateway correlates traffic snapshots and logs in real time, dynamically generating and updating the intelligence database. Get the latest threat intelligence in real time to ensure timely updates to protection strategies and network isolation. Resource and isolation strategy adjustments Static ACL / VLAN configuration, manually issued network policies Automatically adjust migration bandwidth, VLAN / VXLAN isolation, or rollback based on the latest intelligence. This enables on-demand, closed-loop, and zero-human-intervention control of network path and computing power migration, minimizing the risk of service interruption.
[0131] This invention overcomes the limitations of single thresholds and static rules, achieving high-precision traffic anomaly detection through multi-dimensional feature signatures and deep learning models. Combined with real-time alarms, intelligent threat intelligence generation, and dynamic network policy distribution from SDN security gateways, it completes cross-node bandwidth migration, VLAN / VXLAN isolation, and rollback control without manual intervention. This significantly improves detection recall and response speed, effectively reduces false positives and false negatives, and minimizes the risk of service interruption, ensuring the security and continuity of critical services in cloud computing data centers.
[0132] It should be noted that when abnormal traffic is detected, the SDN security gateway is triggered to send a security alert and mark and store the abnormal traffic data, which also includes:
[0133] Get a snapshot of network traffic packets during the current abnormal period;
[0134] The network traffic packet snapshots during abnormal periods are analyzed using a traffic rounding tool to determine whether the core business data packets are complete and consistent before and after the migration. If packet loss / tampering is detected, the data retransmission and recovery process is triggered.
[0135] After the service is restored by retransmission, integrity is checked again. If packet loss or duplicate / illegal tampering is still detected, the security incident handling process is triggered. The security incident handling process includes alarm shutdown of the session and isolation of the affected node.
[0136] Based on the flow rate curve and alarm time point, determine whether the abnormal flow is caused by a short-term surge in flow. If so, use flow shaping technology to regularize the flow and then use a malicious flow detection tool to perform a security scan on the regularized flow.
[0137] As shown in Table 2, in this embodiment, the technical effects of various methods such as abnormal traffic snapshot and integrity verification, automatic retransmission recovery, secondary verification triggering security events, and traffic shaping are compared with typical existing technologies as follows:
[0138] Table 2 Comparison of Prior Art with the Method of the Invention Mentioned Herein in This Embodiment
[0139] Comparison items Existing technology This invention Technical effect Traffic snapshot acquisition Collecting only metadata (such as header information) is insufficient to fully trace back the data before and after the migration. Traffic packet snapshots were collected during abnormal periods to fully record each data packet before and after the migration. It can accurately locate packet loss and tampering points, quickly trace the root cause of problems, and improve the efficiency of fault analysis. Integrity verification and automatic retransmission Relying on the transport layer ACK / retransmission mechanism makes it difficult to detect tampering or hidden packet loss during transit. Based on a traffic rounding tool, the snapshot is analyzed in depth, and the integrity is verified packet by packet. If an anomaly is detected, the application layer retransmission recovery process is automatically triggered. Ensure end-to-end consistency of business data during migration, eliminate the risk of tampering and hidden packet loss, and improve data reliability. Secondary verification and security incident handling Simply logging anomalies or providing basic isolation often leads to unnecessary session interruptions due to false alarms. The retransmitted data is verified again; if inconsistencies still exist, the session is closed and the affected nodes are isolated. To ensure that genuine security threats are accurately intercepted, while avoiding unnecessary business interruptions due to false alarms, a balance must be struck between security and availability. Traffic shaping and scanning for short-term traffic surges Without dynamic surge detection and shaping, sudden traffic spikes may cause network congestion, latency jitter, or false positives in security systems. Based on the rate curve and alarm timing to identify sudden increases, the system automatically performs traffic shaping and then performs a deep malicious traffic scan on the shaped traffic. Smoothly migrate bandwidth, avoid network congestion and migration jitter, while intercepting potential attack payloads, improving migration stability and security protection capabilities.
[0140] This invention achieves end-to-end data consistency assurance and dynamic security protection during cross-node migration by implementing end-to-end snapshots and multi-level integrity checks on abnormal traffic, supplemented by automatic retransmission recovery and precise isolation triggered by secondary checks, combined with surge traffic shaping and deep malicious traffic scanning. Compared with traditional methods that rely solely on transport layer ACK, static isolation or a single traffic threshold, this invention significantly improves fault location speed, data reliability, business continuity and overall system security.
[0141] Example 2
[0142] The difference between Embodiment 2 and Embodiment 1 is that this embodiment introduces a computing power optimization system for cloud computing data center transmission.
[0143] like Figure 2 As shown, the present invention proposes a computing power optimization system for cloud computing data center transmission, used to implement the above-mentioned computing power optimization method for cloud computing data center transmission. The system includes:
[0144] The node management module is used to divide computing nodes into real-time computing node groups and high-throughput transmission node groups based on the latency sensitivity and bandwidth requirements of cloud computing data center services.
[0145] The offline resource mode pre-training module is used to build support sets and query sets based on historical node operation logs and task scheduling feedback, and to obtain initial policy parameters through meta-learning training of a general resource scheduling model.
[0146] The online policy adaptive module is used to collect snapshots of node CPU utilization, memory usage, network queue length and I / O latency status in real time, and combine them with the load prediction model to generate task-specific scheduling policies.
[0147] The monitoring module is used to periodically collect performance indicators of each node and identify performance bottleneck nodes through the DBSCAN algorithm.
[0148] The priority evaluation module is used to calculate weights and sort tasks based on business security level, latency requirements, communication coupling degree and data consistency requirements using the analytic hierarchy process.
[0149] The performance prediction module is used to predict response time, throughput and historical performance logs based on key tasks, train a random forest model and predict task response time and throughput efficiency under candidate resource schemes.
[0150] The risk assessment module is used to build a risk model based on inter-node bandwidth fluctuations, network jitter, and data consistency risks, and to calculate the risk value of task migration across nodes.
[0151] The scheduling and execution module is used to perform the minimum feasible cross-node resource reallocation after comprehensively considering task priority, performance prediction results and migration risks.
[0152] The path control module is used to distribute flow tables through the OpenFlow 1.3 / P4 programmable switch to achieve dynamic adjustment and rollback control of network paths.
[0153] To achieve secure, efficient, and dynamic scheduling and transmission assurance of computing resources in cloud computing data centers, the modules work collaboratively in the following order:
[0154] (1) Node Management Module: Based on the latency sensitivity and bandwidth requirements of the business, all computing nodes are divided into "real-time computing node group" and "high-throughput transmission node group", and the group information is sent to each functional module;
[0155] (2) Offline resource mode pre-training module: collect historical node operation logs and task scheduling feedback, construct support set and query set, perform meta-learning training based on general resource scheduling model, and output initial policy parameters to online policy adaptation module;
[0156] (3) Online policy adaptive module: Real-time collection of CPU utilization, memory usage, network queue length and I / O latency snapshots of each node, combined with the initial policy parameters obtained from offline training and the load prediction model, to generate a preliminary scheduling policy for the current business load;
[0157] (4) Monitoring module: Periodically (e.g., every 10s) collect node performance indicators, use the DBSCAN algorithm to identify performance bottleneck nodes, and feed back abnormal node information to the scheduling execution module and priority evaluation module;
[0158] (5) Priority evaluation module: Based on the security level, latency sensitivity, communication coupling degree and data consistency requirements of the task, construct the AHP judgment matrix, calculate and verify the weights, and then perform weighted sorting on the current tasks to be scheduled to generate a task priority list;
[0159] (6) Performance prediction module: Input the core business response time, throughput and real-time resource status of each node into the random forest model, and output the expected processing time under different candidate resource allocation schemes for subsequent decision-making;
[0160] (7) Risk assessment module: Based on the risks of bandwidth fluctuation, latency jitter and data consistency between nodes, a migration risk model is constructed, a risk score is calculated for each cross-node migration scheme, and the score results are provided to the scheduling execution module;
[0161] (8) Scheduling and execution module: Based on the comprehensive task priority, performance prediction results and migration risk score, and according to the principle of minimum feasible resources, select the optimal solution to perform cross-node resource reallocation or local flow limiting mitigation, and transmit the scheduling instructions to the node management module and path control module;
[0162] (9) Path control module: By issuing or modifying the flow table through the OpenFlow1.3 / P4 programmable switch, the network path in the corresponding resource migration process is dynamically adjusted and rolled back, ensuring that cross-node traffic is isolated and transmitted efficiently as needed.
[0163] In this embodiment, the above modules are interconnected. Through a closed-loop process of offline training → online perception → anomaly detection → priority ranking → performance and risk prediction → minimum incremental scheduling → network path control, the refined, dynamic and secure management of computing resources in cloud computing data centers is achieved while meeting high security and SLA requirements.
[0164] It should be noted that the system also includes a storage medium storing computer-executable instructions, which, when executed, sequentially perform any of the above steps.
[0165] In summary, the system and method proposed in this invention, as described in Examples 1 and 2, deploy latency-sensitive services and high-throughput data in a layered manner across real-time computing and transmission nodes, and divide the computing resource domain into a core service resource pool and a general service resource pool. In the high-security isolation domain, hardware root of trust verification, differential network segmentation, and role-based access control are implemented to achieve multi-dimensional security isolation. The analytic hierarchy process (AHP) is used to dynamically evaluate task priorities, and the DBSCAN algorithm is used to identify anomalies in CPU, memory, network, and I / O timing data to promptly detect performance bottlenecks. Random forest and multivariate regression models are used to predict core service response times and computation migration risk scores, and cross-node resource reallocation or rate limiting is implemented based on the minimum feasible resource increment principle. Simultaneously, a deep learning model trained based on multi-dimensional traffic feature signatures is used to monitor cross-node migration traffic in real time and trigger SDN security gateway anomaly interception and rollback. Finally, a programmable switch dynamically distributes flow tables to achieve network path adjustment and rollback control. This improves the real-time response capability and resource utilization of critical services while ensuring high-security task isolation and data consistency, achieving efficient, secure, and reliable dynamic scheduling and transmission assurance of computing resources.
[0166] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
[0167] In conclusion, the above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims
1. A method for optimizing computing power in cloud computing data center transmission, characterized in that, The method includes: Latency-sensitive services and high-throughput data are deployed on real-time computing nodes and high-throughput transmission nodes, respectively. The computing resource domain is divided into a core business resource pool and a general business resource pool, respectively handling high-security and high-real-time tasks, and ordinary transmission and batch processing tasks. Based on task security levels, computing nodes are divided into high-security isolation domains and ordinary isolation domains, with hardware root of trust verification, differential network segmentation, and role-based access control policies enabled in the high-security isolation domain. Based on business security levels, latency requirements, communication coupling, and data consistency needs, tasks are evaluated using the analytic hierarchy process (AHP) to generate a task priority list. The CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected, and DBSCAN is used to calculate... The method performs anomaly pattern recognition on multidimensional time-series data. When an anomaly is detected, dynamic resource scheduling is triggered, and the affected tasks are redistributed to healthy nodes or resource quotas are adjusted. Combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth and I / O load, a random forest model is used to predict the processing time of core services with different resource allocations. When the predicted processing time of high-security-level core services exceeds the SLA threshold, the expected processing time output by the multivariate regression model and the migration risk score calculated based on bandwidth fluctuation, latency jitter and data consistency risk are combined to determine whether cross-node resource redistribution is allowed, and the number of CPU cores, memory and bandwidth quotas to be migrated are calculated based on the principle of minimum feasible resource quantity.
2. The computing power optimization method for cloud computing data center transmission according to claim 1, characterized in that, Based on the security level of the task, the computing nodes are divided into high-security isolation domains and ordinary isolation domains. Hardware root trust verification, differential network segmentation, and role-based access control policies are enabled in the high-security isolation domains, specifically including: Measure and verify the integrity of firmware, BIOS, and hypervisor during node startup; Enable a trusted execution environment to provide hardware-level isolation for the memory and computation of critical business processes; A two-layer micro-network segmentation is adopted. VLANs are configured on physical switches to physically isolate traffic in high-security isolation zones. At the virtual network layer, isolation zones are further divided through VXLAN tunnels to achieve logical isolation across data centers / clusters. Based on the RBAC model, the minimum privilege roles of scheduling, operation and maintenance, and auditing are defined respectively. The scheduling role can only issue resource scheduling instructions and cannot read / modify security audit logs. The operation and maintenance role can only perform security maintenance operations such as firmware upgrades and key management. The auditing role can only read security event logs and network traffic audit data. Deploy traffic mirroring and DPI engines at the isolation domain boundary to perform deep inspection of cross-domain traffic and intercept unauthorized protocols and abnormal data packets in real time.
3. The computing power optimization method for cloud computing data center transmission according to claim 1, characterized in that, The Analytic Hierarchy Process (AHP) is used to weight and evaluate tasks, generating a task priority list for resource scheduling. Specifically, this includes: Construct a hierarchical model for task evaluation, placing the task's security level, latency sensitivity, communication coupling degree, and data consistency requirements in the criteria layer respectively; Fill in the judgment matrix using the pairwise comparison method, and score the pairwise importance of each criterion on a scale of 1 to 9. Calculate and normalize the eigenvectors of the judgment matrix to obtain the weights of each criterion; Perform a consistency check on the judgment matrix, calculate the consistency ratio, and ensure that the consistency ratio is less than 0.1; The performance score of each task under each criterion is multiplied by its corresponding weight and then summed to obtain the overall score of the task. Sort tasks by comprehensive score from highest to lowest, generate a task priority list and output it to the resource scheduling engine to guide computing power allocation.
4. The computing power optimization method for cloud computing data center transmission according to claim 1, characterized in that, The CPU utilization, memory usage, network bandwidth, and I / O load of each computing node are periodically collected. The DBSCAN algorithm is used to identify abnormal patterns in the multi-dimensional time-series data. When abnormal node resource usage is detected, dynamic resource scheduling is triggered, reallocating affected tasks to healthy nodes or adjusting resource quotas. Specifically, this includes: Every 10 seconds, CPU utilization, memory usage, network packet transmission and reception, and I / O latency are collected from all computing nodes to form a time series matrix of 6 time points × 4 indicators; Perform numerical normalization on each index in the matrix; DBSCAN was used to cluster the normalized time series matrix, and data points marked as Noise were identified as anomalous samples. When a node produces abnormal samples in two consecutive sampling windows, the current node is determined to be a performance bottleneck node. For tasks running on performance bottleneck nodes, try to schedule them to healthy nodes in the same resource domain with CPU utilization of less than or equal to 70% and memory usage of less than or equal to 60% in order of priority from low to high. If no healthy nodes are available, a short-term mitigation will be implemented on the bottleneck node, reducing its CPU CFS quota by 10% and limiting its network bandwidth by 10%. Once the current node's resource usage is detected to have returned to normal levels, the initial quota will be automatically restored and the operational status model will be updated.
5. The computing power optimization method for cloud computing data center transmission according to claim 1, characterized in that, Combining the response time and throughput of core services with real-time monitoring of node CPU utilization, memory usage, network bandwidth, and I / O load, a random forest model is used to predict the expected processing time of core services under different resource allocation schemes, specifically including: The response time, throughput, CPU utilization, memory utilization, network packet transmission and reception volume, and disk I / O latency of the core business are collected at 1-second intervals. The collected data is denoised and normalized, and missing values are filled in using linear interpolation. Use the sliding window statistics of the above indicators over the past 5 minutes as input features, and add resource allocation scheme features; The processed samples were divided into training and validation sets at a ratio of 80 / 20. The random forest model was trained using the training set, the model was evaluated using five-fold cross-validation, and the model hyperparameters were tuned by minimizing the mean squared error. In the real-time scheduling phase, the current node monitoring data and candidate resource quota schemes are used as inputs, and the trained random forest model is called to output the expected response time under each scheme. The model's predicted values are compared with the actual monitored values to obtain the prediction error, and model retraining / parameter fine-tuning is triggered when the error exceeds 10%. The final computing resource allocation decision is made by combining the predicted response time feedback of each resource plan with task priority and migration risk.
6. The computing power optimization method for cloud computing data center transmission according to claim 1, characterized in that, When the predicted response time of high-security-level core services exceeds the SLA threshold, the expected processing time output by the multivariate regression model is combined with the migration risk score calculated based on bandwidth fluctuations, latency jitter, and data consistency risks to determine whether cross-node resource reallocation is allowed. Based on the principle of minimum feasible resource allocation, the number of CPU cores, memory, and bandwidth quotas to be migrated are calculated, specifically including: Target nodes are filtered based on task priority and security level, requiring that the nodes simultaneously meet the following conditions: CPU utilization less than or equal to 70%, memory usage less than or equal to 60%, and network bandwidth idle time greater than or equal to 30%. If the predicted response time is greater than the SLA threshold, then the latency difference is calculated; A linear incremental equation is constructed using the weighted sum of the required increase in CPU cores, memory, and bandwidth. The least squares method is then used to solve the equation to obtain the minimum feasible resource increment. If the migration risk score is less than or equal to the preset threshold, cross-node resource reallocation to the target node will be performed; otherwise, the node annihilation mechanism will be triggered. After completing the resource reallocation, record the operation log and continuously monitor the performance of critical tasks. If the performance recovers to within the SLA requirements, end the scheduling; otherwise, re-evaluate and adjust the incremental plan.
7. A method for optimizing computing power in cloud computing data center transmission according to any one of claims 1-6, characterized in that, The method further includes: Based on the network traffic feature signature detection algorithm, the network traffic during the cross-node migration of core business is collected in real time, and a multi-dimensional traffic feature signature is generated by packet length distribution, arrival time interval, protocol distribution ratio, TCP / UDP session statistics and traffic entropy characteristics. Based on traffic feature signatures, a machine learning model combining convolutional neural networks and autoencoders is used to train a traffic anomaly detection model to identify deviations / anomalies in traffic feature signatures in real time. When abnormal traffic is detected, the SDN security gateway is triggered to send a security alert and the abnormal traffic data is marked and stored. The SDN security gateway performs correlation analysis on abnormal traffic data and network logs to generate security threat intelligence and update the threat intelligence database. Based on threat intelligence, the cross-node resource allocation strategy and network isolation parameters are dynamically adjusted, and migration bandwidth quotas are adjusted in real time, VLAN / VXLAN isolation policies are modified, and migration rollback operations are triggered.
8. The computing power optimization method for cloud computing data center transmission according to claim 7, characterized in that, When abnormal traffic is detected, the SDN security gateway is triggered to send a security alert and the abnormal traffic data is marked and stored. This also includes: Get a snapshot of network traffic packets during the current abnormal period; The network traffic packet snapshots during abnormal periods are analyzed using a traffic rounding tool to determine whether the core business data packets are complete and consistent before and after the migration. If packet loss / tampering is detected, the data retransmission and recovery process is triggered. After the service is restored by retransmission, integrity is checked again. If packet loss or duplicate / illegal tampering is still detected, the security incident handling process is triggered. The security incident handling process includes alarm shutdown of the session and isolation of the affected node. Based on the flow rate curve and alarm time point, determine whether the abnormal flow is caused by a short-term surge in flow. If so, use flow shaping technology to regularize the flow and then use a malicious flow detection tool to perform a security scan on the regularized flow.
9. A computing power optimization system for cloud computing data center transmission, used to implement the computing power optimization method for cloud computing data center transmission as described in any one of claims 1-6, characterized in that, The system includes: The node management module is used to divide computing nodes into real-time computing node groups and high-throughput transmission node groups based on the latency sensitivity and bandwidth requirements of cloud computing data center services. The offline resource mode pre-training module is used to build support sets and query sets based on historical node operation logs and task scheduling feedback, and to obtain initial policy parameters through meta-learning training of a general resource scheduling model. The online policy adaptive module is used to collect snapshots of node CPU utilization, memory usage, network queue length and I / O latency in real time, and combine them with the load prediction model to generate task-specific scheduling policies. The monitoring module is used to periodically collect performance indicators of each node and identify performance bottleneck nodes through the DBSCAN algorithm. The priority evaluation module is used to calculate weights and sort tasks based on business security level, latency requirements, communication coupling degree and data consistency requirements using the analytic hierarchy process. The performance prediction module is used to predict response time, throughput and historical performance logs based on key tasks, train a random forest model and predict task response time and throughput efficiency under candidate resource schemes. The risk assessment module is used to build a risk model based on inter-node bandwidth fluctuations, network jitter, and data consistency risks, and to calculate the risk value of task migration across nodes. The scheduling and execution module is used to perform the minimum feasible cross-node resource reallocation after comprehensively considering task priority, performance prediction results and migration risks. The path control module is used to distribute flow tables through the OpenFlow 1.3 / P4 programmable switch to achieve dynamic adjustment and rollback control of network paths.
10. A computing power optimization system for cloud computing data center transmission according to claim 9, characterized in that, The system also includes a storage medium storing computer-executable instructions, which, when executed, sequentially implement the steps of any one of claims 1-8.