An encryption algorithm optimization method and system based on artificial intelligence
By using an AI-based encryption algorithm optimization method, multi-source environmental data is collected in real time and encryption strategies are dynamically adjusted using a deep Q-network model. This solves the problem of balancing security and efficiency in existing technologies, and achieves the effect of reducing computational overhead in low-risk scenarios and improving encryption strength in high-threat situations.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HUNAN UNIV OF HUMANITIES SCI & TECH
- Filing Date
- 2026-04-10
- Publication Date
- 2026-06-23
Smart Images

Figure CN122268583A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of artificial intelligence technology, and in particular to an artificial intelligence-based encryption algorithm optimization method and system. Background Technology
[0002] As cybersecurity threats continue to evolve, encryption technology, as a core means of ensuring data confidentiality and integrity, directly determines the overall security level of information systems through its performance and adaptability. Currently, mainstream encryption systems generally adopt fixed parameters and preset strategies, making it difficult to achieve the optimal balance between security and efficiency when facing dynamically changing attack patterns, data sensitivity levels, and system resource constraints.
[0003] Among them, the AI-based adaptive encryption optimization technology aims to use intelligent models to perceive the network environment, data semantic features and system operating status in real time, and dynamically adjust key parameters such as encryption algorithm type, key length or computation strength accordingly, so as to achieve the dual goals of accurate protection and resource saving under different risk scenarios.
[0004] In existing technologies, some solutions attempt to introduce rule engines or simple threshold judgment mechanisms to switch encryption methods, such as selecting a preset encryption mode based on IP address or traffic characteristics. However, their decision-making logic is rigid and lacks the ability to comprehensively model multi-dimensional dynamic factors. Other research focuses on using machine learning models to reverse identify ciphertext for algorithm classification or source tracing analysis. However, such methods only serve the purpose of passive detection and have not formed a closed-loop optimization mechanism from perception to decision-making to execution.
[0005] The aforementioned shortcomings prevent existing systems from effectively reducing computational overhead in low-risk scenarios and from promptly increasing encryption strength in high-risk situations, thus exposing a technical bottleneck that combines insufficient security with resource waste. Therefore, this paper proposes an artificial intelligence-based encryption algorithm optimization method and system to solve the above problems. Summary of the Invention
[0006] The main objective of this invention is to provide an artificial intelligence-based encryption algorithm optimization method and system to solve the problems mentioned in the background above.
[0007] To achieve the above objectives, the technical solution adopted by the present invention is as follows: a method and system for optimizing encryption algorithms based on artificial intelligence, comprising: 1. a method for optimizing encryption algorithms based on artificial intelligence, characterized in that it includes the following steps: S1. Real-time collection of multi-source environmental awareness data through security proxy modules deployed on network nodes. The multi-source environmental awareness data includes network traffic characteristics, system resource utilization, user behavior logs, data content sensitivity tags, and real-time risk scores released by external threat intelligence sources, forming a multi-dimensional dynamic input vector. S2. Standardize and perform feature engineering on the multi-source environmental perception data to extract structured features including but not limited to traffic entropy, session concurrency, CPU utilization, memory remaining ratio, data field privacy level, user operation frequency and threat intelligence confidence, and fuse them into a unified risk and semantic joint feature vector. S3. Input the risk and semantic joint feature vector into a pre-trained deep Q-network model. The deep Q-network model has the dual optimization objectives of maximizing long-term security benefits and minimizing resource consumption, and outputs the optimal encryption strategy. The encryption strategy includes a combination of encryption algorithm type, key length and encryption operation strength parameters. S4. Dynamically configure the underlying cryptographic engine according to the encryption strategy, automatically switch between symmetric and asymmetric encryption algorithms, and adjust the key length and iteration rounds to complete the real-time encryption processing of the target data stream. S5. Record the actual resource overhead, decryption delay, and subsequent security events after each encryption operation, and send them back to the deep Q-network model as a reward signal to drive online fine-tuning and policy updates.
[0008] Furthermore, the security proxy module is deployed between the operating system kernel layer and the application layer, supporting seamless monitoring of data streams for HTTPS, SSH, and database communication protocols, with a sampling frequency of no less than ten times per second.
[0009] Furthermore, the data content sensitivity labels are automatically generated after semantic analysis of plaintext content by a natural language processing model. The natural language processing model identifies ID card numbers, bank card numbers, and medical records based on a pre-trained Chinese word vector library, and maps them to multi-level sensitivity values according to the "Guidelines for Classification and Grading of Personal Information".
[0010] Furthermore, the deep Q-network model adopts a dual-network architecture, including a main Q-network and a target Q-network. The parameters of the main Q-network are updated according to a first preset data volume period, and the parameters of the target Q-network are synchronized according to a second preset data volume period. The input layer of the deep Q-network model receives the expanded feature vector, the hidden layer is a multi-layer fully connected structure and each layer uses the ReLU activation function, and the output layer corresponds to a combination of multiple preset encryption strategies.
[0011] Furthermore, the encryption algorithm types include AES, SM4, ChaCha20, RSA, and SM2; the key length is one of 128 bits, 192 bits, and 256 bits in symmetric encryption algorithms, and one of 2048 bits and 3072 bits in asymmetric encryption algorithms; and the encryption operation strength parameter is one of the number of encryption rounds and the number of S-box iterations in a specific encryption algorithm.
[0012] Furthermore, the cryptographic engine supports a hot-swappable algorithm module loading mechanism, which can complete algorithm switching without interrupting service, and all key generation is implemented through a true random number generator certified by the State Cryptography Administration.
[0013] Furthermore, it also includes establishing a historical strategy and effect database to store encryption strategy execution records. Each record contains the input feature vector, output strategy, resource consumption index, and security event status within a subsequent preset time period, which is used to periodically retrain the deep Q-network model offline.
[0014] Furthermore, the reward signal is composed of a weighted sum of security rewards, efficiency rewards, and latency penalties. The security reward is based on whether a data leakage event occurs within a preset time period; the efficiency reward is based on whether the CPU utilization rate is below a threshold; and the latency penalty is based on whether the decryption response time exceeds a preset latency threshold. The weighted sum serves as the immediate reward, which is stored in the experience replay buffer along with the state, action, and next state. When the buffer reaches 100,000 samples, an online fine-tuning process is triggered: 32 samples are randomly sampled from the buffer, and the TD error is calculated. ; And backpropagate to update the main network parameters, where For instant rewards, For state, For actions, This is the next state.
[0015] Furthermore, the method is deployed in a cloud-native environment, and the security proxy module runs alongside the business microservices in the form of a Sidecar container, achieving independent control of fine-grained, service-level encryption policies through the Kubernetes container orchestration platform.
[0016] An AI-based encryption algorithm optimization system includes a multi-source environment-aware agent module, a risk and semantic feature fusion engine, a deep reinforcement learning decision model unit, a programmable cryptographic engine executor, and a closed-loop feedback and online learning controller. The multi-source environmental sensing agent module is used to collect multi-source environmental sensing data in real time. The risk and semantic feature fusion engine is used to standardize and perform feature engineering on the multi-source environmental perception data, generating a joint risk and semantic feature vector. This engine is deployed on an independent computing node. The engine receives raw perception data streams from each agent module and performs standardization and feature engineering processing. Specifically, for network traffic data, it calculates the byte entropy value per unit time. ; in For the first The probability of a single byte value appearing, and the number of concurrent TCP sessions; for system resource data, normalized CPU utilization and memory remaining ratio; for user behavior logs, extracting API call frequency and abnormal operation patterns per unit time, such as high-frequency access during non-working hours; for the data content itself, calling the built-in Chinese sensitive information recognition model, which is based on... It is finely tuned from a pre-trained Chinese word vector library and can accurately identify highly sensitive fields such as ID card numbers, bank card numbers and medical diagnosis records; The deep reinforcement learning decision model unit is used to receive the joint feature vector of risk and semantics and output the optimal encryption strategy; The programmable cryptographic engine executor is used to dynamically configure the underlying cryptographic engine according to the encryption strategy; The closed-loop feedback and online learning controller is used to collect actual effect data of encryption operations and generate reward signals, which are then fed back to the deep reinforcement learning decision model unit to drive online fine-tuning of the model.
[0017] The present invention has the following beneficial effects: 1. In this invention, by constructing a complete closed loop from multi-source environmental perception, risk and semantic feature fusion to deep reinforcement learning decision-making, this invention can dynamically adjust the encryption algorithm and parameters according to real-time network situation, data sensitivity and system load. In low-risk scenarios, it automatically selects lightweight algorithms to reduce computational overhead, and in high-threat scenarios, it seamlessly switches to high-strength mode, fundamentally solving the core contradiction of traditional static encryption mechanisms that make it difficult to balance security and efficiency.
[0018] 2. In this invention, by integrating the Sidecar containerized architecture with native Kubernetes, the system can achieve millisecond-level policy synchronization in large-scale clusters, and the single-node policy update throughput reaches a preset high throughput level, meeting the real-time security control requirements of high-concurrency scenarios such as finance and government affairs, without requiring modification of existing business code, thus significantly reducing deployment costs.
[0019] 3. In this invention, a closed-loop feedback mechanism enables the model to automatically optimize its decision logic as attack methods evolve. During long-term real-world operation, the system's accuracy in identifying new ransomware encryption behaviors has significantly improved, demonstrating its strong online learning and environmental adaptability, overcoming the inherent performance degradation of traditional machine learning models due to data distribution drift. Attached Figure Description
[0020] Figure 1 This is an overall flowchart of the encryption algorithm optimization method based on artificial intelligence proposed in this invention; Figure 2This is a schematic diagram of the overall architecture of the AI-based encryption algorithm optimization system proposed in this invention; Figure 3 This is a logical flowchart of the multi-source environmental perception data acquisition and risk and semantic joint feature vector construction in this invention; Figure 4 This is a schematic diagram of the multi-level interaction relationship and data flow between the security proxy module and the cloud-native Sidecar container deployment architecture in this invention; Figure 5 This is a schematic diagram illustrating the technical effect and principle of the closed-loop feedback and online model optimization mechanism in this invention. Detailed Implementation
[0021] To make the technical means, creative features, objectives, and effects of this invention easier to understand, the following description is provided in conjunction with the appendix. Figure 1 To be continued Figure 5 The present invention will be further described with reference to specific implementation methods.
[0022] Example 1: This example is applied to the data transmission encryption scenario of a large-scale financial cloud service platform. This platform processes hundreds of millions of transaction requests daily, covering highly sensitive payment instructions, moderately sensitive user behavior logs, and low-sensitivity system monitoring data. In order to maximize resource utilization efficiency while ensuring the security of core business, the AI-based encryption algorithm optimization system of this invention is deployed.
[0023] First, from the perspective of system architecture construction, the system adopted in this embodiment includes five core functional modules: multi-source environment perception agent module, risk and semantic feature fusion engine, deep reinforcement learning decision model unit, programmable cryptographic engine executor, and closed-loop feedback and online learning controller; the above modules work together through a high-speed internal bus and a distributed message queue to form a complete adaptive encryption control closed loop.
[0024] The multi-source environment perception agent module is lightweight. Containerized deployment Each business microservice in the cluster Internally, it operates between the operating system kernel layer and the application layer. In a sandbox environment, this ensures non-intrusiveness to upper-layer services. This module integrates multiple dedicated data collection sub-units: a network traffic sniffer, a system resource monitoring probe, an application-layer log parser, and an external threat intelligence subscription client. The network traffic sniffer is based on the DPDK high-performance packet processing framework, and the system resource monitoring probe... Interface reading Memory and Metrics, application-layer log parser uses Hook to work with mainstream web frameworks: such as , The log output stream, external threat intelligence subscription client through Protocol periodically pull and the National Internet Emergency Center Released by authoritative sources Formatted threat scoring; all collection subunits are configured to be per Sampling is performed once per millisecond, meaning the sampling frequency is no less than once per second. This satisfies real-time requirements; the collected raw data is temporarily stored in a local buffer before being processed. The agreement is based on The serialized format is sent to the feature fusion engine.
[0025] The risk and semantic feature fusion engine is deployed on a separate computing node and equipped with processor, Memory and The network interface receives raw perceptual data streams from various agent modules and performs standardization and feature engineering processing; specifically, for network traffic data, it calculates the byte entropy value per unit time: [Calculation of byte entropy value per unit time:] ; in For the first The probability of a byte value occurring simultaneously Session count; for system resource data, normalization. Utilization rate and memory remaining ratio; for user behavior logs, extract data per unit time period. The frequency of calls and abnormal operation patterns, such as high-frequency access outside of working hours, are considered. Regarding the data content itself, the built-in Chinese sensitive information identification model is invoked. This model is based on... It is finely tuned from a pre-trained Chinese word vector library and can accurately identify highly sensitive fields such as ID card numbers, bank card numbers, and medical diagnosis records. ID card number recognition uses regular expression matching and checksum verification, while bank card number recognition uses... Algorithm verification: Medical diagnostic records are extracted using keyword matching and contextual semantic analysis, and mapped to an integer sensitivity level of 1 to 5 according to the "Guidelines for Classification and Grading of Personal Information," representing information from public to core confidential, respectively. For external threat intelligence, its confidence score is analyzed and converted into risk weights, with the confidence score represented by 0–1. Finally, the above-mentioned structured features—traffic entropy, number of sessions, CPU utilization, memory remaining ratio, sensitivity level, operation frequency, abnormal behavior indicators, and threat confidence—are concatenated into an 8-dimensional floating-point vector and standardized using Z-score. ; The input is then fed into the deep reinforcement learning decision model unit; the entire feature vector construction process has a latency of less than 5 milliseconds.
[0026] The deep reinforcement learning decision model unit runs on an inference server equipped with an NVIDIA A10 GPU and powered by the TensorRT 8.6 acceleration engine. The core of this unit is a dual-network architecture deep Q-network, consisting of a main Q-network and a target Q-network. The main network comprises an input layer, three hidden layers, and an output layer. Specifically, the input layer has 128 neurons, receiving the expanded 128-dimensional feature vector. This expanded 128-dimensional feature vector is obtained by upscaling the original 8-dimensional features through a fully connected layer and injecting contextual information such as timestamps and historical policy IDs. Each of the three hidden layers has 256 neurons, using the ReLU activation function. The output layer consists of 32 neurons, corresponding to 32 preset encryption policy combinations. The target network has the same structure as the main network, but its parameter updates are delayed. During training, the main network parameters are updated once every 1000 experience samples processed by the Adam optimizer. The target network parameters are hard-synchronized from the main network every 10,000 accumulated samples to suppress Q-value overestimation. In the initial stage, the model loads 500,000 historical attack and defense exercise data labeled by security experts through imitation learning. For example, when the threat score is >0.8 and the sensitivity is 5, AES-256 should be selected to ensure cold start security. During inference, the model receives the standardized risk and semantic joint feature vector and outputs the policy index with the highest Q-value. This index corresponds to the specific encryption algorithm type, key length, and computational strength parameters. The encryption algorithm type can be any one of AES, SM4, ChaCha20, RSA, and SM2. The key length can be a symmetric or asymmetric algorithm. The symmetric algorithm is 128, 192, and 256 bits, and the asymmetric algorithm is 2048 and 3072 bits. The computational strength parameters are as follows: AES round number 10–14, SM4 S-box iteration number 10–14.
[0027] The programmable cryptographic engine executor is integrated into the hardware security module software cryptographic library of each business node, supporting hot-swappable algorithm module loading. The software cryptographic library adopts OpenSSL 3.0 and the national cryptographic standard SM series patches. Its underlying driver registers the standard PKCS#11 interface and is decoupled from the upper-layer application through the Linux kernel's cryptoAPI. When a new encryption policy instruction is received, the executor first verifies the policy's legality, such as not using asymmetric algorithms for high-volume encryption. Then, it calls a true random number generator certified by the State Cryptography Administration. The true random number generator TRNG generates a new key based on IntelRDRAND instructions or a dedicated hardware entropy source. Next, it dynamically unloads the current algorithm module and loads the target algorithm module, such as switching from SM4 to AES. The entire process is completed atomically, ensuring uninterrupted service. Actual tests show that the algorithm switching latency is less than 5 milliseconds, and the key generation complies with GM / T0005-2013 "Randomness Detection Specification".
[0028] The closed-loop feedback and online learning controller is deployed at the central management node, responsible for collecting actual performance data for each encryption operation. Specifically, this includes: measuring the number of CPU cycles and peak memory usage consumed during encryption / decryption operations using the eBPF program; recording end-to-end decryption latency using a distributed tracing system, such as Jaeger; and correlating SIEM security information with the event management platform to determine if any data breaches or abnormal external connections have occurred within the next 72 hours. This data is constructed into three reward signals: security reward, efficiency reward, and latency penalty; the security reward has a weight of 0.6. If no security incidents occur within 2 hours, the score is +1.0; otherwise, it is -1.0. The efficiency reward has a weight of 0.3; if CPU utilization is below a preset threshold of 70%, points are added linearly according to the savings ratio, up to a maximum of +0.5. The latency penalty has a weight of 0.1; if the decryption response time exceeds 100 milliseconds, points are deducted according to the timeout ratio, down to a minimum of -0.2. The weighted sum is used as the immediate reward rt, and is stored in the experience replay buffer along with the state st, action at, and next state st+1. When the buffer reaches 100,000 samples, an online fine-tuning process is triggered: 32 samples are randomly sampled from the buffer, and the TD error is calculated. ; And then propagate back to update the main network parameters.
[0029] In addition, the system maintains a historical policy and effect database, which is built on Apache Cassandra with 3 replicas and write consistency. It stores no fewer than 1 million complete records for weekly offline retraining to address concept drift. Based on the above system architecture, the workflow of this embodiment is as follows: First, when any business microservice initiates a data transmission request, such as when a user submits a payment order, the multi-source environment awareness proxy module deployed in its Pod immediately starts multi-channel collection: the network sniffer captures the TCP flow characteristics of the request and calculates the traffic entropy value of 2.1 in the past second; the system probe reads that the current CPU utilization is 45% and the memory remaining is 62%; the log parser extracts that the request contains the cardNo or idCard field; the sensitive information identification model performs NLP analysis on the plaintext, confirms the existence of a valid bank card number and ID card number, and determines the sensitivity level to be 5; at the same time, the threat intelligence client pulls the latest active alerts of APT organizations targeting the financial industry, with a confidence level of 0.85; the above data is encapsulated into a raw awareness packet and sent to the feature fusion engine via gRPC.
[0030] Subsequently, the risk and semantic feature fusion engine receives the packet and performs feature extraction: traffic entropy = 2.1, normalized to 0.3; session concurrency = 12, normalized to 0.12; CPU utilization = 0.45; remaining memory = 0.62; sensitivity = 5; operation frequency = 8 times / minute (normal); no abnormal behavior indicators; threat confidence = 0.85; the 8-dimensional vector is normalized by Z-score, then increased to 128 dimensions and timestamp is added to form the final input vector.
[0031] The vector is fed into the deep reinforcement learning decision model unit; after forward propagation of the model, the policy index with the highest Q value is #27, which corresponds to the policy of AES-256 bits and 14 rounds of encryption; the decision is based on the superimposed risk of level 5 sensitivity and high threat confidence. Although the system load is low, security priority overrides efficiency considerations.
[0032] The decision result is sent to the programmable cryptographic engine executor of the target Pod via the Kubernetes API Server. After the executor verifies the validity of the policy, it calls TRNG to generate a 256-bit AES key, unloads the currently running SM4 module, loads the AES-NI hardware acceleration module, and configures the number of encryption rounds to 14. The entire switch is completed within 4.2 milliseconds, and the business request is then sent after being encrypted with the new key.
[0033] After encryption, the closed-loop feedback and online learning controller startup effect were evaluated: the encryption time was 8 milliseconds, CPU usage increased by 12%, and decryption latency was 95 milliseconds, which did not exceed the limits, and SIEM did not report any related data leakage in the following 72 hours; therefore, the reward signal was calculated as follows: security reward = +1.0 × 0.6 = 0.6, since CPU < 70%, efficiency reward = +0.4 × 0.3 = 0.12, latency penalty = 0, and total reward rt = 0.72; this sample was stored in the experience replay pool and used for subsequent model fine-tuning.
[0034] Through the closed-loop process of perception, fusion, decision-making, execution, and feedback described above, the system in this embodiment achieves high-strength real-time protection for highly sensitive financial data. At the same time, during non-critical periods, such as nighttime log synchronization, it automatically downgrades to SM4-128 bits, reducing the overall encryption module's CPU utilization by 37% and memory consumption by 29%, thus verifying the invention's ability to dynamically balance security and efficiency.
[0035] Example 2: This example is deployed on a provincial government cloud platform, focusing on addressing the differentiated encryption needs in cross-departmental data sharing scenarios. The platform involves multiple highly sensitive business systems such as public security, medical insurance, and taxation, and needs to achieve efficient and flexible data exchange while ensuring data sovereignty and privacy compliance.
[0036] In terms of system architecture, this embodiment makes two key enhancements based on the first embodiment: first, it introduces a federated learning coordinator to aggregate multi-tenant model updates without sharing the original data; second, it adds a policy compliance verification module to ensure that all encryption decisions comply with the Cybersecurity Law, the Data Security Law and local regulations.
[0037] Specifically, in addition to regular data collection, the multi-source environmental perception agent module adds a data sovereignty label field. This label is declared by the data provider when registering data assets, such as access is limited to the municipal medical insurance bureau only, and is stored on the blockchain to ensure that it cannot be tampered with. When constructing feature vectors, the risk and semantic feature fusion engine adds an additional dimension of access subject credibility. This value is dynamically calculated by the zero-trust identity engine based on the SPIFFE / SPIRE standard, and a score of 0-1 is obtained by comprehensively considering factors such as user role, device health status and geographical location.
[0038] The deep reinforcement learning decision model unit adopts a federated learning architecture: each tenant, such as the public security bureau and the tax bureau, has a local copy of the DQN model and trains it only on the local experience replay pool; the central coordinator periodically aggregates the model gradient updates of each tenant, generates a global model and distributes it, thereby improving the model's generalization ability while protecting data privacy; the model output layer is expanded to 64 strategies, and a new national cryptographic algorithm mandatory enable switch is added to meet the compliance requirements of government systems for SM series algorithms.
[0039] The programmable cryptographic engine executor integrates the national cryptographic level 2 certification HSM, supports the full series of SM2 / SM4 / SM9 algorithms, and has a built-in policy compliance checker. When the decision model outputs a non-national cryptographic algorithm, if the data sensitivity is ≥4 or the access subject is an overseas IP, the executor will automatically overwrite it with SM4-256 bits and record the audit log.
[0040] The workflow of this example is as follows: Taking the sharing of medical records of suspected insurance fraudsters between the Medical Insurance Bureau and the Public Security Bureau as an example: The agent module collects data containing diagnostic codes or drug lists, and the NLP model determines the sensitivity to be 4; the access party is the interface designated by the Public Security Bureau, and the zero-trust engine gives a confidence level of 0.92; there are currently no relevant alarms in the threat intelligence; after the feature vector is input, the original output of the DQN model... However, the policy compliance verification module detected that the data sensitivity was ≥4, and forced the overlay to SM4-256 bits, with 14 rounds of encryption; the executor called HSM to complete the encryption, and the ciphertext was transmitted through the government network; subsequent feedback showed no security events, a latency of 98 milliseconds, and CPU usage of 68%, and a positive reward was obtained; after local training, the gradient update of this sample was uploaded to the federated coordinator to participate in the global model optimization.
[0041] This embodiment, through federated learning and compliance enforcement mechanisms, safeguards the data sovereignty of multiple departments while achieving intelligent collaborative optimization of encryption strategies. The daily strategy update throughput reaches 4200 times per node, meeting the needs of high-concurrency government interaction.
[0042] Example 3: This example is for an industrial IoT edge computing scenario, deployed in the production line control system of a smart manufacturing plant. This environment is characterized by extremely limited resources (ARM Cortex-A5 31.2GHz, 512MB RAM), unstable network, and wide attack surface (PLC, sensors, HMI).
[0043] The system architecture was optimized in a targeted manner: the multi-source environment perception agent module was trimmed into a micro C program, retaining only key acquisition items, such as traffic entropy, CPU, memory and PLC instruction types, and the sampling frequency was reduced to twice per second to save energy; the risk and semantic feature fusion engine was merged with the DQN model unit and deployed on the edge gateway, and the model was compressed into a lightweight DQN in the style of MobileNetV2, with a 64-dimensional input layer and two hidden layers, each with 128 neurons; the cryptographic engine executor adopted the mbedTLS lightweight library, which only supports the SM4 and ChaCha20 algorithms, and the key length was fixed at 128 bits to reduce storage overhead.
[0044] The workflow of this example is as follows: When the robot control command is sent from the HMI to the PLC, the agent module detects that the command type is emergency stop and the sensitivity is automatically set to 3; the current CPU usage is 85%, indicating a high load; the network packet loss rate suddenly increases to 15%, indicating a possible DoS attack; the feature vector input is a lightweight DQN, and after model trade-offs, ChaCha20-128 is selected because it is 3 times faster than SM4 on ARM, and the number of encryption rounds is set to the minimum, with a minimum value of 10; the actuator quickly completes encryption with a latency of only 3 milliseconds; subsequent feedback: no command tampering events, CPU peak of 92%, and a reward of 0.58; based on this, the model learns that: under high load and network anomalies, availability should be prioritized.
[0045] This embodiment demonstrates that even in harsh edge environments, the present invention can still achieve a basic balance between security and efficiency through model lightweighting and policy simplification, with encryption energy consumption being only 38% of that of the traditional AES-256 scheme.
[0046] The foregoing has shown and described the basic principles, main features, and advantages of the present invention. Those skilled in the art should understand that the present invention is not limited to the above embodiments. The embodiments and descriptions in the specification are merely illustrative of the principles of the invention. Various changes and modifications can be made to the invention without departing from its spirit and scope, and all such changes and modifications fall within the scope of the present invention as claimed. The scope of protection of this invention is defined by the appended claims and their equivalents.
Claims
1. An artificial intelligence-based encryption algorithm optimization method, characterized by, Includes the following steps: S1. Real-time collection of multi-source environmental awareness data through security proxy modules deployed on network nodes. The multi-source environmental awareness data includes network traffic characteristics, system resource utilization, user behavior logs, data content sensitivity tags, and real-time risk scores released by external threat intelligence sources, forming a multi-dimensional dynamic input vector. S2. Standardize and perform feature engineering on the multi-source environmental perception data to extract structured features including but not limited to traffic entropy, session concurrency, CPU utilization, memory remaining ratio, data field privacy level, user operation frequency and threat intelligence confidence, and fuse them into a unified risk and semantic joint feature vector. S3. Input the risk and semantic joint feature vector into a pre-trained deep Q-network model. The deep Q-network model has the dual optimization objectives of maximizing long-term security benefits and minimizing resource consumption, and outputs the optimal encryption strategy. The encryption strategy includes a combination of encryption algorithm type, key length and encryption operation strength parameters. S4. Dynamically configure the underlying cryptographic engine according to the encryption strategy, automatically switch between symmetric and asymmetric encryption algorithms, and adjust the key length and iteration rounds to complete the real-time encryption processing of the target data stream. S5. Record the actual resource overhead, decryption delay, and subsequent security events after each encryption operation, and send them back to the deep Q-network model as a reward signal to drive online fine-tuning and policy updates.
2. The method of claim 1, wherein, The security proxy module is deployed between the operating system kernel layer and the application layer, and supports unobtrusive monitoring of data streams of HTTPS, SSH and database communication protocols, with a sampling frequency of no less than ten times per second.
3. The method of claim 1, wherein, The data content sensitivity labels are automatically generated after semantic analysis of plaintext content by a natural language processing model. The natural language processing model identifies ID card numbers, bank card numbers and medical records based on a pre-trained Chinese word vector library and maps them to multi-level sensitivity values according to the "Guidelines for Classification and Grading of Personal Information".
4. The method of claim 1, wherein, The deep Q-network model adopts a dual-network architecture, including a main Q-network and a target Q-network. The parameters of the main Q-network are updated according to a first preset data volume period, and the parameters of the target Q-network are synchronized according to a second preset data volume period. The input layer of the deep Q-network model receives the expanded feature vector, the hidden layer is a multi-layer fully connected structure and each layer uses the ReLU activation function, and the output layer corresponds to a combination of multiple preset encryption strategies.
5. The method according to claim 1, characterized in that, The encryption algorithm types include AES, SM4, ChaCha20, RSA, and SM2. The key length is one of 128 bits, 192 bits, and 256 bits in symmetric encryption algorithms, and one of 2048 bits and 3072 bits in asymmetric encryption algorithms. The encryption operation strength parameter is one of the number of encryption rounds and the number of S-box iterations in a specific encryption algorithm.
6. The method according to claim 1, characterized in that, The cryptographic engine supports a hot-swappable algorithm module loading mechanism, which can complete algorithm switching without interrupting service, and all key generation is achieved through a true random number generator certified by the State Cryptography Administration.
7. The method according to claim 1, characterized in that, It also includes establishing a historical strategy and effect database to store encryption strategy execution records. Each record contains the input feature vector, output strategy, resource consumption index, and security event status within a subsequent preset time period, which is used to periodically retrain the deep Q-network model offline.
8. The method according to claim 1, characterized in that, The reward signal is composed of a weighted sum of security rewards, efficiency rewards, and latency penalties. The security reward is based on whether a data breach occurs within a preset time period; the efficiency reward is based on whether CPU utilization is below a threshold; and the latency penalty is based on whether the decryption response time exceeds a preset latency threshold. The weighted sum serves as the immediate reward, which, along with the status, action, and next status, is stored in an experience replay buffer. When the buffer reaches 100,000 samples, an online fine-tuning process is triggered: 32 samples are randomly sampled from the buffer, and the TD error is calculated. ; And backpropagate to update the main network parameters, where For instant rewards, For state, For actions, This is the next state.
9. The method according to claim 1, characterized in that, The method is deployed in a cloud-native environment. The security proxy module runs alongside the business microservices in the form of a Sidecar container, and fine-grained, service-level encryption policies are independently controlled through the Kubernetes container orchestration platform.
10. An artificial intelligence-based encryption algorithm optimization system, applied to the artificial intelligence-based encryption algorithm optimization method according to any one of claims 1-9, characterized in that, It includes a multi-source environment-aware agent module, a risk and semantic feature fusion engine, a deep reinforcement learning decision model unit, a programmable cryptographic engine executor, and a closed-loop feedback and online learning controller; The multi-source environmental sensing agent module is used to collect multi-source environmental sensing data in real time. The risk and semantic feature fusion engine is used to standardize and perform feature engineering on the multi-source environmental perception data, generating a joint risk and semantic feature vector. This engine is deployed on an independent computing node. The engine receives raw perception data streams from each agent module and performs standardization and feature engineering processing. Specifically, for network traffic data, it calculates the byte entropy value per unit time. ; in For the first The probability of a single byte value appearing, and the number of concurrent TCP sessions; for system resource data, normalized CPU utilization and memory remaining ratio; for user behavior logs, extracting API call frequency and abnormal operation patterns per unit time, such as high-frequency access during non-working hours; for the data content itself, calling the built-in Chinese sensitive information recognition model, which is based on... It is finely tuned from a pre-trained Chinese word vector library and can accurately identify highly sensitive fields such as ID card numbers, bank card numbers and medical diagnosis records; The deep reinforcement learning decision model unit is used to receive the joint feature vector of risk and semantics and output the optimal encryption strategy; The programmable cryptographic engine executor is used to dynamically configure the underlying cryptographic engine according to the encryption strategy; The closed-loop feedback and online learning controller is used to collect actual effect data of encryption operations and generate reward signals, which are then fed back to the deep reinforcement learning decision model unit to drive online fine-tuning of the model.