CN103984902B - A kind of recognition methods of newly-increased data assets and system - Google Patents

A kind of recognition methods of newly-increased data assets and system Download PDF

Info

Publication number
CN103984902B
CN103984902B CN201410225656.3A CN201410225656A CN103984902B CN 103984902 B CN103984902 B CN 103984902B CN 201410225656 A CN201410225656 A CN 201410225656A CN 103984902 B CN103984902 B CN 103984902B
Authority
CN
China
Prior art keywords
event
leaks
data assets
metadata
storehouse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410225656.3A
Other languages
Chinese (zh)
Other versions
CN103984902A (en
Inventor
彭建芬
韩义亭
郭春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CEC CYBERSPACE GREAT WALL Co Ltd
Original Assignee
CEC CYBERSPACE GREAT WALL Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CEC CYBERSPACE GREAT WALL Co Ltd filed Critical CEC CYBERSPACE GREAT WALL Co Ltd
Priority to CN201410225656.3A priority Critical patent/CN103984902B/en
Publication of CN103984902A publication Critical patent/CN103984902A/en
Application granted granted Critical
Publication of CN103984902B publication Critical patent/CN103984902B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/907Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Library & Information Science (AREA)
  • Data Mining & Analysis (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides recognition methods and the system of a kind of newly-increased data assets, the event of leaking is matched with the artificial determination event in the event base that leaks, if the event that leaks succeeds with the artificial determination event matches in the event base that leaks, the metadata of the event that leaked described in extracting, adds the metadata to data assets storehouse.In the recognition methods and system of the newly-increased data assets of present invention offer, after confirming the event that leaks that the event of leaking is artificial determination, the metadata of the event that directly leaked described in extraction is added to data assets storehouse.Above-mentioned recognition methods can in time, effectively update the data asset library so that newly-increased data assets are reported much sooner, completely, so as to more efficiently confirm to the possible event of leaking.

Description

A kind of recognition methods of newly-increased data assets and system
Technical field
The present invention relates to field of information security technology, more particularly to a kind of newly-increased data assets recognition methods and system.
Background technology
Leakage prevention (Data Leakage Prevention, DLP) be by certain technology and management means, Prevent from specifying data or information assets to be stored in the form of violating security strategy, used and transmitted.Leakage prevention technology In being capable of identify that, monitor and protecting use, transmission neutralize static sensitive data.Leakage prevention product form includes network Leakage prevention, terminal data leakage protection, data storage leakage protection and leakage prevention control platform, wherein counting The collection to the possible event that leaks is realized according to leakage protection control platform.
Leakage prevention system uses the sensitive data discovery technique based on content, according to pre-defined tactful logarithm According to being detected, once finding to violate the possible event that leaks of strategy, the leakage prevention system is according to pre-defining Safeguard procedures take corresponding technological means, and leaking for sensitive data is prevented so as to reach.This sensitive data based on content Discovery technique is able to detect that the possible event that leaks, and whether the above-mentioned possible event that leaks is that the real event of leaking is also needed to Carry out artificial judgment.The real event of leaking can be divided into leak event and the event that leaks for being not intended to leakage, and base of intentional leakage Tactful in violation of rules and regulations in the content of data assets and based on metadata the event recognition method that leaks can leak to being not intended to leakage Event is confirmed.Above-mentioned recognition methods needs to set up data assets storehouse, and is usually in the prior art logical by data combing The mode of typing under line is crossed to the newly-increased data assets of data assets storehouse addition, newly-increased data assets are added in this way can lead Cause reporting for newly-increased data assets imperfect, not in time, so as to cause effectively to confirm to the possible event of leaking.
The content of the invention
To solve the above problems, the present invention provides recognition methods and the system of a kind of newly-increased data assets, existing for solving Having in technology can cause reporting for newly-increased data assets imperfect, not in time to the newly-increased data assets of data assets storehouse addition, from And cause the problem that effectively can not be confirmed to the possible event of leaking.
Therefore, the present invention provides a kind of recognition methods of newly-increased data assets, including:The event that will leak and the event base that leaks In artificial determination event matched, if the artificial determination event matches success in leak event and the event base that leaks, The metadata of the event that leaked described in extracting, adds the metadata to data assets storehouse.
Preferably, also include:If the event that leaks is unsuccessful with artificial determination event matches in the event base that leaks, carry The metadata of the event that leaks is taken, the metadata is matched with the data in the data assets storehouse, if the unit Data are unsuccessful with Data Matching in the data assets storehouse, add the metadata to the data assets storehouse.
Preferably, if the event that leaks is unsuccessful with artificial determination event matches in the event base that leaks, extract Also include before the step of metadata of the event that leaks:If the artificial determination thing in leak event and the event base that leaks Part matching is unsuccessful, the strategy of the event that leaks is matched with the fingerprinting strategies in fingerprinting strategies storehouse, if described leak The strategy of event matches unsuccessful, the metadata of the event that leaked described in the execution extraction with the fingerprinting strategies in fingerprinting strategies storehouse The step of.
Preferably, also include:The event base that leaks is formed according to artificial determination event.
Preferably, also include:Fingerprinting strategies storehouse is formed according to the fingerprinting strategies extracted from artificial determination event.
The present invention also provides a kind of identifying system of newly-increased data assets, including:First matching unit, for the thing that will leak Part is matched with the artificial determination event in the event base that leaks, the first extraction unit, for when it is described leak event with leak The metadata of the event that leaked described in extraction when the artificial determination event matches in event base succeed, the first adding device, for inciting somebody to action The metadata is added to data assets storehouse.
Preferably, also include:Second extraction unit, for when the artificial determination in leak event and the event base that leaks Leak the metadata of event described in being extracted when event matches are unsuccessful, the second matching unit, for by the metadata with it is described Data in data assets storehouse are matched, the second adding device, for when in the metadata with the data assets storehouse The data assets storehouse is added the metadata to when Data Matching is unsuccessful.
Preferably, also include:3rd matching unit, for when the artificial determination in leak event and the event base that leaks The strategy of the event that leaks is matched with the fingerprinting strategies in fingerprinting strategies storehouse when event matches are unsuccessful.
Preferably, also include:The event elements that leak storehouse, for forming the event base that leaks according to artificial determination event.
Preferably, also include:Fingerprinting strategies cell library, for the fingerprinting strategies shape that basis is extracted from artificial determination event Into fingerprinting strategies storehouse.
The present invention has following beneficial effects:
In the recognition methods and system of the newly-increased data assets that the present invention is provided, confirm that the event of leaking is the outer of artificial determination After letting out event, the metadata of the event that directly leaked described in extraction is added to data assets storehouse.Above-mentioned recognition methods can in time, have Update the data asset library to effect so that reporting much sooner, completely for data assets is increased newly, so that more efficiently to possible The event of leaking is confirmed.
Brief description of the drawings
Fig. 1 is the flow chart of the recognition methods of a kind of newly-increased data assets that the embodiment of the present invention one is provided;
Fig. 2 is the structural representation of the identifying system of a kind of newly-increased data assets that the embodiment of the present invention two is provided.
Specific embodiment
To make those skilled in the art more fully understand technical scheme, the present invention is carried below in conjunction with the accompanying drawings The recognition methods of the newly-increased data assets for supplying and system are described in detail.
Fig. 1 is the flow chart of the recognition methods of a kind of newly-increased data assets that the embodiment of the present invention one is provided.Such as Fig. 1 institutes Show, the recognition methods of the newly-increased data assets includes:
Step 101, the event of leaking is matched with the artificial determination event in the event base that leaks, if the event that leaks Step 102 is performed when succeeding with the artificial determination event matches in the event base that leaks, if event and the event base that leaks of leaking In artificial determination event matches it is unsuccessful when perform step 104.
Optionally, the event base that leaks is formed according to artificial determination event before step 101.In the present embodiment, will be conventional The artificial event of leaking for determining is sorted out, so as to form the event base that leaks.By event and the event base that leaks of leaking In artificial determination event matched, if artificial in leak event and the event base that leaks determine event matches success, can be with The event of leaking described in directly determining is the artificial event that leaks for determining, so that it is determined that the event that leaks necessarily increases data money newly Produce, can much sooner, effectively determine whether the event that leaks is newly-increased data assets by this method so that newly-increased Reporting for data assets is timely, complete.
The metadata of the event that leaked described in step 102, extraction.
Step 103, add the metadata to data assets storehouse.
In the present embodiment, the event that leaks just can determine with the artificial determination event matches success in the event base that leaks The event that leaks is newly-increased data assets.It is after increasing data assets newly, to be leaked described in extraction the event that leaks is determined The metadata of event, then add the metadata to data assets storehouse, thus in time, effectively update the data asset library, make Reporting much sooner, completely for data assets must be increased newly.
Step 104, by the event that leaks strategy matched with the fingerprinting strategies in fingerprinting strategies storehouse, if it is described outward The strategy for letting out event performs step 105 when matching unsuccessful with the fingerprinting strategies in fingerprinting strategies storehouse, if the event that leaks Strategy with fingerprinting strategies storehouse in fingerprinting strategies the match is successful when flow terminate.
Optionally, fingerprinting strategies storehouse was formed according to the fingerprinting strategies extracted from artificial determination event before step 104. In the present embodiment, data fingerprint is the unique digital fragment generated according to target data, thus data fingerprint has Confirm the unique characteristic of original target data content, that is to say, that unique target data has unique data fingerprint, Target data once changes, and the data fingerprint of target data necessarily changes, therefore, by the use of data fingerprint as strategy The newly-increased data assets of identification have accuracy very high, by the fingerprint plan in the strategy of the event that leaks and fingerprinting strategies storehouse Slightly matched, once the match is successful, and the event that leaks is not necessarily newly-increased data assets, so as to much sooner, effectively send out Now increase newly data assets so that in time, effectively update the data asset library.
The metadata of the event that leaked described in step 105, extraction.
Step 106, the metadata is matched with the data in the data assets storehouse, if the metadata and institute State Data Matching in data assets storehouse it is unsuccessful when perform step 103, if in the metadata and the data assets storehouse Flow terminates during Data Matching success.
Preferably, the data assets storehouse includes the artificial metadata for determining event.In the present embodiment, metadata (Meta Data) it is data about other data, refers to produced relevant data source definitions in data procedures are generated, target is fixed The related critical data such as justice, transformation rule.Metadata includes relevant paper writer, document summary and various other type informations Information.When user generates file or addition additional data, system can automatically generate associated metadata.In addition, user also may be used With by the metadata of related tool editor or generation specific file or document.Because metadata has particular community, therefore The event of leaking can be identified using metadata.Therefore, have using the newly-increased data assets of metadata identification very high Accuracy, the metadata of the event that leaks is matched with the data in the data assets storehouse, once the match is successful, institute It is not newly-increased data assets to state the event that leaks inevitable, so that newly-increased data assets much sooner, are effectively found, so that and When, effectively update the data asset library.
In the recognition methods of the newly-increased data assets that the present embodiment is provided, confirm that the event of leaking is the artificial thing that leaks for determining After part, the metadata of the event that directly leaked described in extraction is added to data assets storehouse.Above-mentioned recognition methods can in time, effectively Update the data asset library so that reporting much sooner, completely for data assets is increased newly, so as to more efficiently be leaked to possible Event is confirmed.
Fig. 2 is the structural representation of the identifying system of a kind of newly-increased data assets that the embodiment of the present invention two is provided.Such as Fig. 2 Shown, the identifying system of the newly-increased data assets includes:First matching unit 201, the first extraction unit 202, first are added Unit 203 and data assets storehouse 208.First extraction unit 202 is single with the first matching unit 201 and the first addition respectively Unit 203 connects, and first adding device 203 is connected with data assets storehouse 208.First matching unit 201 is used for will be outer Let out event to be matched with the artificial determination event in the event base that leaks, first extraction unit 202 is used to work as described first Leak event described in being extracted when matching unit 201 is by artificial determination event matches success in the event of leaking and the event base that leaks Metadata, first adding device 203 is used to add the metadata to data assets storehouse 208.
In the present embodiment, the identifying system of the newly-increased data assets also includes leak event library unit, the thing that leaks Part library unit is connected with the first matching unit 201.The event library unit that leaks leaks for being formed according to artificial determination event Event base.
Optionally, the identifying system of the newly-increased data assets also includes the second extraction unit 205, the second matching unit 204 and second adding device 206.Second matching unit 204 respectively with the second extraction unit 205 and the second adding device 206 connections, second adding device 206 is connected with data assets storehouse 208.Second extraction unit 205 is used for when described The metadata of the event that leaked described in being extracted when the artificial determination event matches in the event that leaks and the event base that leaks are unsuccessful, it is described Second matching unit 204 is used to be matched the metadata with the data in the data assets storehouse, second addition Unit 206 is used for institute when second matching unit 204 is unsuccessful by the Data Matching in metadata and data assets storehouse State metadata and be added to the data assets storehouse 208.
Optionally, the identifying system of the newly-increased data assets also includes the 3rd matching unit 207, and the 3rd matching is single Unit 207 is connected with the first matching unit 201 and the second extraction unit 205 respectively.3rd matching unit 207 is used for when described By the strategy and fingerprint plan of the event that leaks when artificial determination event matches in the event that leaks and the event base that leaks are unsuccessful Fingerprinting strategies slightly in storehouse are matched.
In the present embodiment, the identifying system of the newly-increased data assets also includes fingerprinting strategies library unit, the fingerprint plan Slightly library unit is connected with the 3rd matching unit 207.The fingerprinting strategies library unit is used to be extracted according to from artificial determination event Fingerprinting strategies form fingerprinting strategies storehouses.
In the identifying system of the newly-increased data assets that the present embodiment is provided, confirm that the event of leaking is the artificial thing that leaks for determining After part, the metadata of the event that directly leaked described in extraction is added to data assets storehouse.Above-mentioned identifying system can in time, effectively Update the data asset library so that reporting much sooner, completely for data assets is increased newly, so as to more efficiently be leaked to possible Event is confirmed.
It is understood that the embodiment of above principle being intended to be merely illustrative of the present and the exemplary implementation for using Mode, but the invention is not limited in this.For those skilled in the art, essence of the invention is not being departed from In the case of god and essence, various changes and modifications can be made therein, and these variations and modifications are also considered as protection scope of the present invention.

Claims (6)

1. a kind of recognition methods of newly-increased data assets, it is characterised in that including:
The event of leaking is matched with the artificial determination event in the event base that leaks;
If the artificial determination event matches success in leak event and the event base that leaks, extract described in leak the first of event Metadata;
First metadata is added to data assets storehouse;
If the event that leaks is unsuccessful with artificial determination event matches in the event base that leaks, extract described in leak the of event Binary data;
Second metadata is matched with the data in the data assets storehouse;
If second metadata is unsuccessful with Data Matching in the data assets storehouse, second metadata is added to The data assets storehouse;
If the event that leaks is unsuccessful with artificial determination event matches in the event base that leaks, extract described in leak event The second metadata the step of before also include:
If the event that leaks is unsuccessful with artificial determination event matches in the event base that leaks, by the strategy of the event that leaks Matched with the fingerprinting strategies in fingerprinting strategies storehouse;
If the event that leaks strategy match with the fingerprinting strategies in fingerprinting strategies storehouse it is unsuccessful, perform it is described extraction it is described outward The step of letting out the second metadata of event.
2. the recognition methods of newly-increased data assets according to claim 1, it is characterised in that also include:
The event base that leaks is formed according to artificial determination event.
3. the recognition methods of newly-increased data assets according to claim 1, it is characterised in that also include:
Fingerprinting strategies storehouse is formed according to the fingerprinting strategies extracted from artificial determination event.
4. a kind of identifying system of newly-increased data assets, it is characterised in that including:
First matching unit, for the event of leaking to be matched with the artificial determination event in the event base that leaks;
First extraction unit, for extracting when the artificial determination event matches success in leak event and the event base that leaks First metadata of the event that leaks;
First adding device, for first metadata to be added into data assets storehouse;
Second extraction unit, for being carried when the artificial determination event matches in leak event and the event base that leaks are unsuccessful Take the second metadata of the event that leaks;
Second matching unit, for second metadata to be matched with the data in the data assets storehouse;
Second adding device, for when the Data Matching in second metadata with the data assets storehouse is unsuccessful by institute State the second metadata and be added to the data assets storehouse;
3rd matching unit, for will when the artificial determination event matches in leak event and the event base that leaks are unsuccessful The strategy of the event that leaks is matched with the fingerprinting strategies in fingerprinting strategies storehouse.
5. the identifying system of newly-increased data assets according to claim 4, it is characterised in that also include:
The event that leaks library unit, for forming the event base that leaks according to artificial determination event.
6. the identifying system of newly-increased data assets according to claim 4, it is characterised in that also include:
Fingerprinting strategies library unit, fingerprinting strategies storehouse is formed for the fingerprinting strategies that basis is extracted from artificial determination event.
CN201410225656.3A 2014-05-26 2014-05-26 A kind of recognition methods of newly-increased data assets and system Active CN103984902B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410225656.3A CN103984902B (en) 2014-05-26 2014-05-26 A kind of recognition methods of newly-increased data assets and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410225656.3A CN103984902B (en) 2014-05-26 2014-05-26 A kind of recognition methods of newly-increased data assets and system

Publications (2)

Publication Number Publication Date
CN103984902A CN103984902A (en) 2014-08-13
CN103984902B true CN103984902B (en) 2017-06-30

Family

ID=51276867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410225656.3A Active CN103984902B (en) 2014-05-26 2014-05-26 A kind of recognition methods of newly-increased data assets and system

Country Status (1)

Country Link
CN (1) CN103984902B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113495978B (en) * 2020-03-18 2024-01-02 中电长城网际系统应用有限公司 Data retrieval method and device
CN113326269A (en) * 2021-06-29 2021-08-31 深信服科技股份有限公司 Asset identification method, equipment, device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068168A (en) * 2007-04-23 2007-11-07 北京启明星辰信息技术有限公司 Main machine invading detecting method and system
CN102546641A (en) * 2012-01-14 2012-07-04 杭州安恒信息技术有限公司 Method and system for carrying out accurate risk detection in application security system
CN102771135A (en) * 2010-01-07 2012-11-07 迪维克斯公司 Systems and methods for accessing content using an internet content guide
CN103336927A (en) * 2013-06-07 2013-10-02 杭州世平信息科技有限公司 Data classification based data leakage prevention method and system
CN103365963A (en) * 2013-06-20 2013-10-23 广州赛姆科技资讯有限公司 Method for quickly testing compliance by database auditing system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068168A (en) * 2007-04-23 2007-11-07 北京启明星辰信息技术有限公司 Main machine invading detecting method and system
CN102771135A (en) * 2010-01-07 2012-11-07 迪维克斯公司 Systems and methods for accessing content using an internet content guide
CN102546641A (en) * 2012-01-14 2012-07-04 杭州安恒信息技术有限公司 Method and system for carrying out accurate risk detection in application security system
CN103336927A (en) * 2013-06-07 2013-10-02 杭州世平信息科技有限公司 Data classification based data leakage prevention method and system
CN103365963A (en) * 2013-06-20 2013-10-23 广州赛姆科技资讯有限公司 Method for quickly testing compliance by database auditing system

Also Published As

Publication number Publication date
CN103984902A (en) 2014-08-13

Similar Documents

Publication Publication Date Title
CN106991326A (en) The upgrade method and its equipment of a kind of equipment firmware
US20120317421A1 (en) Fingerprinting Executable Code
CN109344611B (en) Application access control method, terminal equipment and medium
CN105989306A (en) File signature method and device of operating system and file verification method and device of operating system
CN104021467A (en) Method and device for protecting payment security of mobile terminal and mobile terminal
JP2019502192A (en) Method and device for application information risk management
CN110381166A (en) A kind of message informing management method, device and computer readable storage medium
CN110071924B (en) Big data analysis method and system based on terminal
CN104123488A (en) Method and device for verifying application program
CN104123496B (en) The hold-up interception method and device of a kind of rogue software, terminal
CN112651010A (en) Method and device for verifying sliding verification code, computer equipment and medium
CN111124421B (en) Abnormal contract data detection method and device for blockchain intelligent contract
CN107977576A (en) A kind of host leakage location and method based on employing fingerprint
CN103984902B (en) A kind of recognition methods of newly-increased data assets and system
KR20200128250A (en) System and method for providing contract platform service based on block chain
CN111222181B (en) AI model supervision method, system, server and storage medium
CN103973708B (en) A kind of determination method and system for the event that leaks
KR101730600B1 (en) Personal information leak detection apparatus and method using false personal information
CN105631291A (en) Fingerprint authentication method and electronic equipment
CN103942293A (en) Self-destroying protection method based on malicious invasion of file system and device thereof
KR101990998B1 (en) System and method for protecting font copyrights
CN109670337B (en) Detection method and device
CN102737193A (en) Equipment shielding method and device for data security prevention and control
CN105809074B (en) USB data transmission control method, device, control assembly and system
CN110765318A (en) Method and device for inquiring block chain data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant