Flow log encryption method, device, equipment, storage medium and program product

By parsing key information in streaming logs, dynamically determining encryption strategies, and using lightweight encryption algorithms, the system performance bottleneck and resource waste problems in streaming log encryption methods are solved, achieving efficient and secure encryption processing.

CN122339730APending Publication Date: 2026-07-03INDUSTRIAL AND COMMERCIAL BANK OF CHINA

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Filing Date
2026-03-10
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing streaming log encryption methods, which encrypt all data, lead to system performance bottlenecks and resource waste. In particular, encryption operations significantly increase system load in high-concurrency scenarios, causing a surge in business processing latency.

Method used

By parsing key information from streaming logs, the target circuit breaker strategy is dynamically determined. The streaming logs are encrypted according to different encryption densities, and a lightweight encryption algorithm is used for integrity verification.

Benefits of technology

It improves the efficiency and accuracy of encrypted streaming logs, optimizes resource utilization, and reduces system load while ensuring data security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339730A_ABST
    Figure CN122339730A_ABST
Patent Text Reader

Abstract

This application provides a streaming log encryption method, apparatus, device, storage medium, and program product, relating to the field of privacy computing. The method includes: responding to a real-time generated streaming log, parsing key information from the streaming log; wherein the key information represents attribute data of the streaming log; determining a target circuit breaker strategy based on the key information, and encrypting the streaming log based on the target circuit breaker strategy to obtain an encrypted log; wherein the target circuit breaker strategy represents the encryption density of the streaming log. This method improves the efficiency and accuracy of encrypting streaming logs while ensuring data security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of privacy computing, and more particularly to a streaming log encryption method, apparatus, device, storage medium, and program product. Background Technology

[0002] With the rapid development of information technology, data security and privacy protection have become crucial issues, especially in industries with high data sensitivity such as finance. Streaming logs, as an important form of data that records system operation status and user behavior in real time, require encryption as a key measure to ensure that data is not stolen, tampered with, or leaked during transmission and storage.

[0003] Existing streaming log encryption methods encrypt all fields in the log through full encryption to ensure data security. However, full encryption leads to system performance bottlenecks and resource waste. In high-concurrency scenarios, encryption operations significantly increase system load, causing a surge in business processing delays.

[0004] Therefore, there is an urgent need for a solution that can improve the efficiency and accuracy of encrypted streaming logs in order to optimize resource utilization while ensuring data security. Summary of the Invention

[0005] This application provides a streaming log encryption method, apparatus, device, storage medium, and program product to solve the technical problems of system performance bottlenecks and resource waste faced by encrypted streaming logs.

[0006] Firstly, this application provides a streaming log encryption method, including:

[0007] In response to the real-time generated streaming logs, the key information in the streaming logs is parsed; the key information represents the attribute data of the streaming logs.

[0008] Based on key information, a target circuit breaker strategy is determined, and based on the target circuit breaker strategy, the streaming logs are encrypted to obtain encrypted logs; where the target circuit breaker strategy represents the encryption density of the streaming logs.

[0009] Secondly, this application provides a streaming log encryption device, comprising:

[0010] The response module is used to respond to the real-time generated streaming logs and parse the key information of the streaming logs; the key information represents the attribute data of the streaming logs.

[0011] The encryption module is used to determine the target circuit breaker strategy based on key information, and to encrypt the streaming logs based on the target circuit breaker strategy to obtain encrypted logs; wherein, the target circuit breaker strategy represents the encryption density of the streaming logs.

[0012] Thirdly, embodiments of this application provide an electronic device, including:

[0013] The processor, and the memory that is communicatively connected to the processor;

[0014] The memory stores the instructions that the computer executes;

[0015] The processor executes computer execution instructions stored in memory to implement the first aspect and / or various possible implementations of the first aspect as described above.

[0016] Fourthly, embodiments of this application provide a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, are used to implement the first aspect and / or various possible implementations of the first aspect.

[0017] Fifthly, embodiments of this application provide a computer program product, including a computer program that, when executed by a processor, implements the first aspect and / or various possible implementations of the first aspect.

[0018] The streaming log encryption method, apparatus, device, storage medium, and program product provided in this application, responding to real-time generated streaming logs, parses key information from the streaming logs, further determines a target circuit breaker strategy based on the key information, and encrypts the streaming logs based on the target circuit breaker strategy to obtain encrypted logs. Here, the key information represents the attribute data of the streaming logs, and the target circuit breaker strategy represents the encryption density of the streaming logs. The method of this application, by parsing the key information of the logs and dynamically determining the encryption strategy to encrypt the streaming logs according to different encryption densities, improves the efficiency and accuracy of encrypting streaming logs while ensuring data security, and also optimizes resource utilization. Attached Figure Description

[0019] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0020] Figure 1 Flowchart of the streaming log encryption method provided in this application Figure 1 ;

[0021] Figure 2 Flowchart of the streaming log encryption method provided in this application Figure 2 ;

[0022] Figure 3 A schematic diagram of the streaming log encryption device provided in this application;

[0023] Figure 4 A schematic diagram of the structure of the electronic device provided in this application.

[0024] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation

[0025] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.

[0026] It should be noted that the user information and data involved in this application are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, storage, use, processing, transmission, provision, disclosure, and application of the relevant data all comply with the relevant laws, regulations, and standards of the relevant countries and regions, and necessary confidentiality measures have been taken. The data does not violate public order and good morals, and corresponding operation portals are provided for users to choose to authorize or refuse.

[0027] It should be noted that the streaming log encryption method, apparatus, device, storage medium, and program product provided in this application can be used in the field of privacy computing, or in any field other than privacy computing. The application field of the streaming log encryption method, apparatus, device, storage medium, and program product in this application is not limited.

[0028] With the rapid development of information technology, data security and privacy protection have become crucial issues, especially in industries with high data sensitivity such as finance. Streaming logs, as an important form of data that records system operation status and user behavior in real time, require encryption as a key measure to ensure that data is not stolen, tampered with, or leaked during transmission and storage.

[0029] Existing streaming log encryption methods encrypt all fields in the log through full encryption to ensure data security. However, full encryption leads to system performance bottlenecks and resource waste. In high-concurrency scenarios, encryption operations significantly increase system load, causing a surge in business processing delays.

[0030] Therefore, there is an urgent need for a solution that can improve the efficiency and accuracy of encrypted streaming logs in order to optimize resource utilization while ensuring data security.

[0031] The streaming log encryption method, apparatus, device, storage medium, and program product provided in this application, responding to real-time generated streaming logs, parses key information from the streaming logs, further determines a target circuit breaker strategy based on the key information, and encrypts the streaming logs based on the target circuit breaker strategy to obtain encrypted logs. Here, the key information represents the attribute data of the streaming logs, and the target circuit breaker strategy represents the encryption density of the streaming logs. The method of this application, by parsing the key information of the logs and dynamically determining the encryption strategy to encrypt the streaming logs according to different encryption densities, improves the efficiency and accuracy of encrypting streaming logs while ensuring data security, and also optimizes resource utilization.

[0032] The technical solution of this application and how the technical solution of this application solves the above-mentioned technical problems are described in detail below with specific embodiments. These specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of this application will now be described with reference to the accompanying drawings.

[0033] Figure 1 Flowchart of the streaming log encryption method provided in this application Figure 1 The execution subject of this method can be a host, server, or other device, such as... Figure 1 As shown, the method includes:

[0034] S101. In response to the real-time generated streaming logs, parse the key information of the streaming logs; whereby the key information represents the attribute data of the streaming logs.

[0035] S102. Based on the key information, determine the target circuit breaker strategy, and based on the target circuit breaker strategy, encrypt the streaming log to obtain encrypted log; wherein, the target circuit breaker strategy represents the encryption density of the streaming log.

[0036] In step S101, streaming logs can refer to log data generated in real time during the operation of a system (such as a server, host, or other devices or program products with computing and storage capabilities). Streaming logs record information such as the system's operating status, user operation behavior, system performance indicators, and security events.

[0037] Streaming logs are generated in real time during system operation. For example, in a financial trading system, records of each transaction, user login activity, and server performance monitoring data are all generated in real time as logs. For instance, streaming logs are represented in text or structured data formats to facilitate subsequent parsing and processing.

[0038] In response to the real-time generated streaming logs, it can be expressed as follows: the execution entity of this application immediately triggers the parsing and processing of the streaming logs the moment it detects the generation of the streaming logs, so as to obtain the key information of the streaming logs.

[0039] Key information refers to the attribute data parsed from streaming logs used to determine subsequent target circuit breaker policies. Key information may include, but is not limited to, field structure, operation type, field semantics, source IP (Internet Protocol), and timestamp. Specifically, field structure refers to the specific definition of each field in the streaming log; operation type refers to the specific operation recorded in the streaming log, such as "login," "transfer," or "query"; field semantics refers to the specific meaning of the field's content; source IP refers to the IP address that initiated the operation in the streaming log; and timestamp refers to the specific time the streaming log was generated.

[0040] Parsing key information from streaming logs can be achieved by using a pre-defined parser. In one possible implementation, the pre-defined parser can utilize techniques such as regular expressions and natural language processing to extract key information from the streaming logs. For example, for a streaming log entry in a financial transaction system: "2025-12-31 00:00:00, IP:192.168.1.1, Operation Type: Transfer, Account: 12345678, Amount: 1000", the pre-defined parser can extract key information such as the timestamp (2025-12-31 00:00:00), the source IP (192.168.1.1), the operation type (transfer), and the semantic meaning of the fields (account and amount).

[0041] In step S102, the target circuit breaker strategy can refer to the encryption density of the streaming log, that is, which fields in the streaming log are encrypted and which fields are not encrypted. It is understood that different streaming logs have different target circuit breaker strategies due to their different key information.

[0042] In one possible implementation, the target circuit breaker strategy corresponding to the key information can be determined based on a preset mapping relationship. The preset mapping relationship represents the mapping relationship between the key information and the target circuit breaker strategy.

[0043] Furthermore, based on the target circuit breaker strategy, the streaming logs are encrypted to obtain encrypted logs. Encrypted logs are the streaming logs that have undergone encryption, where some or all fields are encrypted according to the target circuit breaker strategy to ensure data security.

[0044] The streaming log encryption method provided in this application dynamically determines the encryption strategy by parsing key information in the log, and encrypts the streaming log according to different encryption densities. While ensuring data security, it improves the efficiency and accuracy of encrypting streaming logs and optimizes resource utilization.

[0045] Figure 2 Flowchart of the streaming log encryption method provided in this application Figure 2 In this embodiment Figure 1 Based on the embodiments, the streaming log encryption method is described in detail, such as... Figure 2 As shown, the method includes:

[0046] S201. In response to the real-time generated streaming logs, parse the key information of the streaming logs; whereby the key information represents the attribute data of the streaming logs.

[0047] S202. Determine the security score based on key information; the security score represents the degree of security risk of the streaming log.

[0048] The security score can be a quantitative value used to comprehensively assess the security risk level of streaming logs. For example, a higher security score indicates greater sensitivity and potential risks of the streaming log data, requiring more stringent encryption measures.

[0049] In one optional implementation, the key information includes first information, second information and third information, whereby the first information represents the inherent sensitivity level of the field, the second information represents the operation type and business scenario, and the third information represents abnormal operation behavior.

[0050] The first piece of information can refer to the sensitivity classification of the field, such as highly sensitive, moderately sensitive, and low sensitive. This first piece of information may include, but is not limited to, the field name, field type, and field content. For example, the "Account" field might be marked as highly sensitive, while the "Timestamp" field might be marked as low sensitive.

[0051] The second piece of information can refer to the type of operation and its corresponding business scenario, such as the "transfer" operation in a financial transaction scenario. This second piece of information may include, but is not limited to, the operation name, the range of amounts involved, and the frequency of the operation. For example, the sensitivity is higher when a "transfer" operation involves a large flow of funds.

[0052] Third-party information can refer to the type and frequency of abnormal behavior, such as frequent failed login attempts from the same IP address. This information may include, but is not limited to, the type, frequency, and duration of the abnormal behavior. For example, multiple consecutive login failures may indicate a brute-force attack.

[0053] Step S202 may include:

[0054] S2021. Based on the first information, determine the basic sensitivity score; whereby the basic sensitivity score represents the inherent sensitivity of the field itself.

[0055] In one possible implementation, determining the basic sensitivity score based on the first information can be done by using a preset first mapping table. The preset first mapping table represents the mapping relationship between the first information and the basic sensitivity score. For example, the basic sensitivity score can range from [0, 100].

[0056] For example, the sensitivity classification of the field represented by the first information is high sensitivity, and its corresponding basic sensitivity score is 90; the sensitivity classification of the field represented by the first information is medium sensitivity, and its corresponding basic sensitivity score is 50; the sensitivity classification of the field represented by the first information is low sensitivity, and its corresponding basic sensitivity score is 20.

[0057] S2022. Based on the second information, determine the context-weighted score; whereby the context-weighted score represents the impact of operation type and business scenario on field sensitivity.

[0058] In one possible implementation, determining the context-weighted score based on the second information can be done by using a preset second mapping table. The preset second mapping table represents the mapping relationship between the second information and the context-weighted score. For example, the context-weighted score can range from [0,1].

[0059] For example, when the operation type represented by the second information is "transfer" and the amount involved is greater than 100,000 yuan, its context weighted score is 0.4; when the operation type represented by the second information is "query" and the amount involved is less than 10,000 yuan, its context weighted score is 0.1.

[0060] S2023. Based on the third information, determine the risk penalty score; whereby the risk penalty score represents the potential security risks in the log stream.

[0061] In one possible implementation, determining the risk penalty score based on the third information can be done by using a preset third mapping table. The preset third mapping table represents the mapping relationship between the third information and the risk penalty score. For example, the risk penalty score can range from [0, 100].

[0062] For example, the abnormal behavior represented by the third information is a high frequency of failed login attempts (more than 10 times / minute) from the same IP address, with a risk penalty score of 50; the abnormal behavior represented by the third information is a log tampering marker, with a risk penalty score of 100.

[0063] It should be noted that the aforementioned pre-set first, second, and third mapping tables can be pre-configured by staff based on historical data and relevant security rules to dynamically assess the security risks of streaming logs. In one possible implementation, these mapping tables can be adjusted and optimized by staff according to actual application scenarios to adapt to different security needs.

[0064] S2024. Determine the security score based on the basic sensitivity score, context-weighted score, and risk penalty score.

[0065] In one alternative implementation, step S2024 may include:

[0066] The initial score is obtained by multiplying the basic sensitivity score and the context-weighted score; the security score is obtained by adding the initial score and the risk penalty score.

[0067] For example, a security score can be expressed as:

[0068] .

[0069] It is understandable that by using a specific formula to calculate the security score, the beneficial effect of this setup is that it enhances the operability of the encryption strategy.

[0070] It is understandable that by separately determining the basic sensitivity score, context-weighted score, and risk penalty score, and then comprehensively calculating the security score, the beneficial effect of this setting is that it enables a refined evaluation of streaming logs and improves the accuracy of encryption strategies.

[0071] S203. Determine the target circuit breaker strategy based on the security score.

[0072] In one possible implementation, determining the target circuit breaker strategy based on the security score can be done by using a pre-defined fourth mapping table. Here, the pre-defined fourth mapping table represents the mapping relationship between the security score and the target circuit breaker strategy.

[0073] In one alternative implementation, step S203 may include:

[0074] S2031. Obtain real-time load data; whereby load data represents the current utilization rate of computing resources;

[0075] S2032. Determine the target circuit breaker strategy based on load data and security score.

[0076] Load data can refer to the system's current central processing unit (CPU) utilization, memory utilization, or other relevant performance metrics. For example, real-time load data represents the system's resource utilization, such as CPU utilization, at the current moment.

[0077] In one alternative implementation, step S2032 may include:

[0078] S2032a. If the load data is less than the preset first load threshold, all fields in the streaming log will be encrypted as the target circuit breaker strategy.

[0079] For example, if the load data is less than a preset first load threshold (e.g., 60%), it means that the current system resources are sufficient and there are enough computing resources to perform full-field encryption. In this case, the target circuit breaker policy is to select all fields in the streaming log for encryption.

[0080] S2032b: If the load data is greater than or equal to the preset first load threshold and less than or equal to the preset second load threshold, and the security score is greater than or equal to the preset first security threshold, then the first field in the streaming log will be encrypted as the target circuit breaker strategy; wherein, the first field belongs to the preset set of sensitive fields.

[0081] For example, if the load data is greater than or equal to a preset first load threshold (e.g., 60%) and less than or equal to a preset second load threshold (e.g., 85%), and the security score is greater than or equal to a preset first security threshold (e.g., 60), it indicates that the current system load is moderate and the risk of the streaming log is high. In this case, the target circuit breaker policy is to select the first field in the streaming log for encryption.

[0082] The first field belongs to a preset set of sensitive fields. This preset set of sensitive fields can be pre-set by staff based on historical data and security rules. For example, the preset set of sensitive fields includes sensitive fields such as "account number," "amount," and "password." This target circuit breaker policy is suitable for situations with moderate system load and high log risk, ensuring that sensitive fields are encrypted and effectively balancing security and resource utilization.

[0083] It should be understood that the aforementioned preset second load threshold is greater than the first load threshold.

[0084] S2032c: If the load data is greater than the preset second load threshold and the security score is less than the preset second security threshold, then the second field in the streaming log will be encrypted as the target circuit breaker strategy; wherein, the second field belongs to the preset core field set.

[0085] For example, if the load data is greater than a preset second load threshold (e.g., 85%) and the security score is less than a preset second security threshold (e.g., 70), it indicates that the current system load is high and the risk of the streaming log is low. In this case, the target circuit breaker policy is to select the second field in the streaming log for encryption.

[0086] The second field belongs to a preset set of core fields. This preset set of core fields can be pre-defined by staff based on historical data and security rules. For example, the preset set of core fields includes core fields such as "account" and "transaction amount". This target circuit breaker strategy is suitable for situations with high load and low risk of streaming logs, ensuring that core fields are encrypted and effectively balancing security and resource utilization.

[0087] It should be understood that the difference between the fields in the preset core field set and the fields in the preset sensitive field set lies in the fact that the core field set mainly includes fields that have a significant impact on system operation and data integrity, while the sensitive field set focuses more on fields containing user privacy and high-value information. For example, the "Account" field can belong to both the core field set and the sensitive field set, but the "Transaction Amount" field only belongs to the core field set, and the "Password" field only belongs to the sensitive field set.

[0088] S2032d If the load data is greater than the preset second load threshold and the security score is greater than or equal to the preset second security threshold, then thread resources will be allocated first and the first field in the streaming log will be encrypted as the target circuit breaker strategy.

[0089] For example, if the load data is greater than a preset second load threshold (e.g., 85%) and the security score is greater than or equal to a preset second security threshold (e.g., 70), it indicates that the current system load is high and the risk of the streaming log is high. In this case, the target circuit breaker policy is to prioritize the allocation of thread resources and select the first field in the streaming log for encryption.

[0090] Thread resources can refer to threads used to perform encryption operations. For example, by dynamically adjusting thread priorities, it can be ensured that encryption tasks involving sensitive fields are processed first, thus improving resource utilization, especially when system load is high and the risk of streaming logs is high.

[0091] It is understandable that by selecting different fields for encryption based on different load data and security scoring conditions, the encryption density can be dynamically adjusted. The beneficial effect of this setting is that it optimizes the allocation of encryption resources and improves the utilization rate of encryption resources.

[0092] It is understandable that by combining real-time load data and security scores to determine the target circuit breaker strategy, the beneficial effect of this setup is that it improves encryption efficiency while ensuring data security.

[0093] It is understandable that by determining a security score based on key information in the logs, and then determining the target circuit breaker strategy based on the security score, the encryption strategy can be dynamically adjusted. The beneficial effect of this setup is that it improves the flexibility and security of encrypted streaming logs.

[0094] S204. Based on the target circuit breaker strategy, use a preset lightweight encryption algorithm to encrypt the fields to be encrypted in the streaming log to obtain encrypted logs.

[0095] Among them, the preset lightweight encryption algorithm can refer to an encryption algorithm that consumes less computing resources while ensuring data security.

[0096] For example, the preset lightweight encryption algorithm may include, but is not limited to, algorithms such as AES-GCM (Advanced Encryption Standard - Galois / Counter Mode).

[0097] It is understandable that using a preset lightweight encryption algorithm for encryption has the advantage of improving encryption efficiency while ensuring data security.

[0098] S205. Perform integrity verification on the encrypted logs; if an integrity problem is detected in the encrypted logs, trigger an alarm.

[0099] Integrity verification can refer to verifying whether the encrypted log remains intact and has not been tampered with or damaged during encryption and transmission.

[0100] In one possible implementation, integrity verification can employ techniques such as hash verification (e.g., SHA-256) or digital signatures to verify the integrity and authenticity of the data.

[0101] For example, when generating an encrypted log, the SHA-256 algorithm is used to calculate the hash value of the encrypted log, and this hash value is stored or transmitted along with the encrypted log. During subsequent verification, the same encryption algorithm is used again to hash the encrypted log, and the newly generated hash value is compared with the previously generated hash value. If the two hash values ​​match, it indicates that the encrypted log has remained intact during transmission and storage and has not been tampered with; if they do not match, it indicates that the encrypted log may have been tampered with or corrupted, indicating a detected integrity issue with the encrypted log, and triggering an alarm.

[0102] The alarm can be triggered by notifying staff to check and handle the situation via email or SMS.

[0103] It is understandable that by performing integrity checks on encrypted logs, the beneficial effect of this setting is to ensure the integrity and security of streaming logs.

[0104] The streaming log encryption method provided in this application dynamically determines the encryption strategy by parsing key information in the log, and encrypts the streaming log according to different encryption densities. While ensuring data security, it improves the efficiency and accuracy of encrypting streaming logs and optimizes resource utilization.

[0105] Figure 3 This is a schematic diagram of the structure of the streaming log encryption device provided in this application, as shown below. Figure 3 As shown, the streaming log encryption device 30 provided in this application includes: a response module 301 and an encryption module 302.

[0106] The response module 301 is used to respond to the real-time generated streaming logs and parse the key information of the streaming logs; wherein, the key information represents the attribute data of the streaming logs;

[0107] The encryption module 302 is used to determine the target circuit breaker strategy based on key information, and to encrypt the streaming log based on the target circuit breaker strategy to obtain encrypted logs; wherein, the target circuit breaker strategy represents the encryption density of the streaming logs.

[0108] In an optional example, encryption module 302 is also used to determine a security score based on key information; wherein the security score characterizes the degree of security risk of the streaming log.

[0109] Based on the safety score, determine the target circuit breaker strategy.

[0110] In an optional example, the key information includes first information, second information, and third information. The first information represents the inherent sensitivity level of the field, the second information represents the operation type and business scenario, and the third information represents abnormal operation behavior. The encryption module 302 is also used to determine a basic sensitivity score based on the first information. The basic sensitivity score represents the inherent sensitivity of the field itself.

[0111] Based on the second piece of information, the context-weighted score is determined; whereby the context-weighted score represents the impact of operation type and business scenario on field sensitivity;

[0112] Based on the third piece of information, a risk penalty score is determined; the risk penalty score represents the potential security risks in the log stream.

[0113] The security score is determined based on the basic sensitivity score, the context-weighted score, and the risk penalty score.

[0114] In an optional example, encryption module 302 is also used to multiply the base sensitivity score and the context-weighted score to obtain an initial score;

[0115] The initial score and the risk penalty score are added together to obtain the safety score.

[0116] In an optional example, the encryption module 302 is also used to acquire real-time load data; wherein the load data represents the current utilization rate of computing resources;

[0117] Determine the target circuit breaker strategy based on load data and security scores.

[0118] In an optional example, encryption module 302 is also used to select all fields in the streaming log for encryption as the target circuit breaker strategy if the load data is less than a preset first load threshold.

[0119] If the load data is greater than or equal to the preset first load threshold and less than or equal to the preset second load threshold, and the security score is greater than or equal to the preset first security threshold, then the first field in the streaming log will be encrypted as the target circuit breaker policy; where the first field belongs to the preset set of sensitive fields.

[0120] If the load data is greater than the preset second load threshold and the security score is less than the preset second security threshold, then the second field in the streaming log will be encrypted as the target circuit breaker strategy; the second field belongs to the preset core field set.

[0121] If the load data is greater than the preset second load threshold and the security score is greater than or equal to the preset second security threshold, then thread resources will be allocated first and the first field in the streaming log will be encrypted as the target circuit breaker strategy.

[0122] In an optional example, encryption module 302 is also used to encrypt the fields to be encrypted in the streaming log based on the target circuit breaker policy and using a preset lightweight encryption algorithm to obtain encrypted logs.

[0123] In an optional example, the streaming log encryption device 30 also includes a verification module for performing integrity verification on the encrypted logs;

[0124] An alert is triggered if an integrity issue is detected in the encrypted logs.

[0125] The streaming log encryption device provided in this embodiment can execute the method provided in the above method embodiment. Its implementation principle and technical effect are similar, and will not be described in detail here.

[0126] Figure 4 A schematic diagram of the structure of the electronic device provided in this application, such as... Figure 4As shown, the electronic device 40 provided in this application includes at least one processor 401 and a memory 402. Optionally, the electronic device 40 further includes a communication component 403. The processor 401, memory 402, and communication component 403 are connected via a bus 404.

[0127] In a specific implementation, at least one processor 401 executes computer execution instructions stored in memory 402, causing at least one processor 401 to perform the above-described method.

[0128] The specific implementation process of processor 401 can be found in the above method embodiments, and its implementation principle and technical effect are similar. It will not be repeated here.

[0129] In the above embodiments, it should be understood that the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), etc. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in this invention can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules within the processor.

[0130] The memory may include random access memory (RAM) and may also include non-volatile memory (NVM), such as at least one disk storage device.

[0131] The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of illustration, the buses shown in the accompanying drawings are not limited to a single bus or a single type of bus.

[0132] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the above-described method.

[0133] This application also provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, implement the above-described method.

[0134] The aforementioned readable storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. The readable storage medium can be any available medium accessible to a general-purpose or special-purpose computer.

[0135] An exemplary readable storage medium is coupled to a processor, enabling the processor to read information from and write information to the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium can reside in an Application Specific Integrated Circuit (ASIC). Alternatively, the processor and the readable storage medium can exist as discrete components in the device.

[0136] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are all optional embodiments, and the actions and modules involved are not necessarily essential to this application.

[0137] It should be further noted that although the steps in the flowchart are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.

[0138] It should be understood that the above-described device embodiments are merely illustrative, and the device of this application can also be implemented in other ways. For example, the division of units / modules in the above embodiments is only a logical functional division, and there may be other division methods in actual implementation. For example, multiple units, modules, or components may be combined, or integrated into another system, or some features may be ignored or not executed.

[0139] Furthermore, unless otherwise specified, the functional units / modules in the various embodiments of this application can be integrated into one unit / module, or each unit / module can exist physically separately, or two or more units / modules can be integrated together. The integrated units / modules described above can be implemented in hardware or in the form of software program modules.

[0140] When integrated units / modules are implemented in hardware, the hardware can be digital circuits, analog circuits, etc. The physical implementation of the hardware structure includes, but is not limited to, transistors, memristors, etc. Unless otherwise specified, the processor can be any suitable hardware processor, such as a CPU, GPU, FPGA, DSP, and ASIC, etc. Unless otherwise specified, the storage unit can be any suitable magnetic or magneto-optical storage medium, such as Resistive Random Access Memory (RRAM), Dynamic Random Access Memory (DRAM), Static Random Access Memory (SRAM), Enhanced Dynamic Random Access Memory (EDRAM), High-Bandwidth Memory (HBM), Hybrid Memory Cube (HMC), etc.

[0141] If the integrated unit / module is implemented as a software program module and sold or used as an independent product, it can be stored in a computer-readable storage device (CMD). Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a memory and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned memory includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0142] In the above embodiments, the descriptions of each embodiment have their own emphasis. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments. The technical features of the above embodiments can be combined arbitrarily. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as the combination of these technical features does not contradict each other, it should be considered within the scope of this specification.

[0143] Other embodiments of this application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this application are indicated by the following claims.

[0144] It should be understood that this application is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this application is limited only by the appended claims.

Claims

1. A streaming log encryption method, characterized in that, include: In response to the real-time generated streaming logs, the key information of the streaming logs is parsed; wherein, the key information represents the attribute data of the streaming logs; Based on the key information, a target circuit breaker strategy is determined, and based on the target circuit breaker strategy, the streaming log is encrypted to obtain an encrypted log; wherein, the target circuit breaker strategy represents the encryption density of the streaming log.

2. The method according to claim 1, characterized in that, Based on the aforementioned key information, the target circuit breaker strategy is determined, including: Based on the key information, a security score is determined; wherein, the security score characterizes the degree of security risk of the streaming log. The target circuit breaker strategy is determined based on the security score.

3. The method according to claim 2, characterized in that, The key information includes first information, second information, and third information. The first information represents the inherent sensitivity level of the field, the second information represents the operation type and business scenario, and the third information represents abnormal operation behavior. Based on the aforementioned key information, a security score is determined, including: Based on the first information, a basic sensitivity score is determined; wherein, the basic sensitivity score characterizes the inherent sensitivity of the field itself; Based on the second information, a context-weighted score is determined; wherein, the context-weighted score represents the impact of operation type and business scenario on field sensitivity; Based on the third piece of information, a risk penalty score is determined; wherein, the risk penalty score represents the potential security risks in the log stream; The security score is determined based on the basic sensitivity score, the context-weighted score, and the risk penalty score.

4. The method according to claim 3, characterized in that, The security score is determined based on the basic sensitivity score, the context-weighted score, and the risk penalty score, including: The initial score is obtained by multiplying the basic sensitivity score and the context-weighted score. The initial score and the risk penalty score are added together to obtain the safety score.

5. The method according to claim 2, characterized in that, Based on the security score, the target circuit breaker strategy is determined, including: Obtain real-time load data; wherein the load data represents the current utilization rate of computing resources; The target circuit breaker strategy is determined based on the load data and the security score.

6. The method according to claim 5, characterized in that, Based on the load data and the security score, the target circuit breaker strategy is determined, including: If the load data is less than the preset first load threshold, then all fields in the streaming log will be encrypted as the target circuit breaker strategy. If the load data is greater than or equal to the preset first load threshold and less than or equal to the preset second load threshold, and the security score is greater than or equal to the preset first security threshold, then the first field in the streaming log will be encrypted as the target circuit breaker policy; wherein, the first field belongs to the preset set of sensitive fields. If the load data is greater than the preset second load threshold and the security score is less than the preset second security threshold, then the second field in the streaming log will be encrypted as the target circuit breaker strategy; wherein, the second field belongs to the preset core field set; If the load data is greater than the preset second load threshold and the security score is greater than or equal to the preset second security threshold, then thread resources will be allocated first and the first field in the streaming log will be encrypted as the target circuit breaker strategy.

7. The method according to claim 1, characterized in that, Based on the target circuit breaker policy, the streaming log is encrypted to obtain encrypted logs, including: Based on the target circuit breaker strategy, a preset lightweight encryption algorithm is used to encrypt the fields to be encrypted in the streaming log, thereby obtaining the encrypted log.

8. The method according to any one of claims 1-7, characterized in that, Also includes: Perform integrity verification on the encrypted logs; If an integrity issue is detected in the encrypted log, an alert is triggered.

9. A streaming log encryption device, characterized in that, include: The response module is used to respond to the real-time generated streaming logs and parse the key information of the streaming logs; wherein the key information represents the attribute data of the streaming logs; An encryption module is used to determine a target circuit breaker strategy based on the key information, and to encrypt the streaming log based on the target circuit breaker strategy to obtain encrypted logs; wherein, the target circuit breaker strategy represents the encryption density of the streaming logs.

10. An electronic device, characterized in that, include: A processor, and a memory communicatively connected to the processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory to implement the method as described in any one of claims 1 to 8.

11. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1 to 8.

12. A computer program product, characterized in that, Includes a computer program that, when executed by a processor, implements the method described in any one of claims 1 to 8.