CN112100655A - Data detection method and device, electronic equipment and readable storage medium - Google Patents
Data detection method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN112100655A CN112100655A CN202010941286.9A CN202010941286A CN112100655A CN 112100655 A CN112100655 A CN 112100655A CN 202010941286 A CN202010941286 A CN 202010941286A CN 112100655 A CN112100655 A CN 112100655A
- Authority
- CN
- China
- Prior art keywords
- data
- detected
- determining
- probability
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 54
- 238000012544 monitoring process Methods 0.000 claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000000875 corresponding effect Effects 0.000 claims description 79
- 230000035945 sensitivity Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 9
- 230000002596 correlated effect Effects 0.000 claims description 8
- 238000013500 data storage Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000002265 prevention Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 7
- 230000009193 crawling Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013481 data capture Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000010079 rubber tapping Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2415—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Probability & Statistics with Applications (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a data detection method and device, electronic equipment and a readable storage medium, and belongs to the technical field of data security. According to the method, data to be detected is obtained from an external data source, the probability that the data to be detected is leaked sensitive data is determined according to a preset sensitive data detection rule, the target severity level of a leakage event corresponding to the data to be detected is determined according to the probability, and finally alarm information is output according to the target severity level. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, and the whole network monitoring of the sensitive data can be realized, so that a user can find the leaked sensitive data in time, and the efficiency of data protection can be improved.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a data detection method and apparatus, an electronic device, and a readable storage medium.
Background
With the rapid development and wide popularization of information technology, electronic devices and the internet have become necessary tools for people in daily life, work and office, communication and the like. However, when using the electronic device or working through the internet, it often happens that important data on the electronic device is leaked to the internet, which causes serious loss to users.
In the prior art, in order to effectively monitor whether important data leaks, two methods are generally used, one is to install a monitoring program on an electronic device to monitor whether the important data leaks from the electronic device; another method is to install a monitoring program at a network port, and monitor whether sensitive data exists in data transmitted through the network, so as to determine whether the problem of sensitive data leakage occurs. However, the leaked sensitive data cannot be monitored and discovered by the method, so that a user cannot timely discover that the sensitive data is leaked, and the data protection efficiency is low.
Disclosure of Invention
The embodiment of the invention provides a data detection method, a data detection device, electronic equipment and a readable storage medium, and aims to solve the problem that leaked sensitive data cannot be monitored and discovered through the method, so that a user cannot timely discover that the sensitive data is leaked, and the data protection efficiency is low.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention further provides a data detection method, where the method includes:
acquiring data to be detected from an external data source;
determining the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule;
determining the target severity level of the leakage event corresponding to the data to be detected according to the probability;
and outputting alarm information according to the target severity level.
In a second aspect, an embodiment of the present invention further provides a data detection apparatus, where the apparatus includes: the acquisition module is used for acquiring the data to be detected from an external data source;
the first determining module is used for determining the probability that the data to be detected is the leaked sensitive data according to a preset sensitive data detection rule;
the second determining module is used for determining the target severity level of the leakage event corresponding to the data to be detected according to the probability;
and the output module is used for outputting alarm information according to the target severity level.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a processor, a memory, and a computer program stored on the memory and executable on the processor, and when executed by the processor, the electronic device implements the steps of the data detection method according to the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the data detection method according to the first aspect.
To sum up, the data detection method provided in the embodiment of the present application may first obtain data to be detected from an external data source, determine the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule, determine a target severity level of a leakage event corresponding to the data to be detected according to the probability, and finally output alarm information according to the target severity level. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, and the whole network monitoring of the sensitive data can be realized, so that a user can find the leaked sensitive data in time, and the efficiency of data protection can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart illustrating steps of a data detection method according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating steps of another data detection method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of another data leakage prevention system according to an embodiment of the present invention;
fig. 4 is a flowchart of a novel monitoring scheme based on internal and external network data leakage according to an embodiment of the present invention;
fig. 5 is a system diagram of a novel monitoring scheme based on internal and external network data leakage according to an embodiment of the present invention;
fig. 6 shows a block diagram of a data detection apparatus according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The following describes in detail the data detection provided by the embodiments of the present application through specific embodiments and application scenarios thereof with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating steps of a data detection method according to an embodiment of the present invention, where as shown in fig. 1, the method may include:
In this embodiment of the present invention, the external data source may be a data source other than the internal data source, for example, the internal data source is data on a local Area Network (lan), and the external data source may be data on a Wide Area Network (WAN). The data to be detected may be text, symbols, pictures, etc. used for transmitting information.
The data to be detected can be obtained by data capture from an external data source by using a data crawling tool, and the captured data is used as the data to be detected. The data crawling tool may be a web crawler system, such as heitrix, or a crawler tool library, such as Qing, JSoup, or other data crawling tools, which is not limited in this respect.
And step 102, determining the probability that the data to be detected is the leaked sensitive data according to a preset sensitive data detection rule.
In the embodiment of the invention, because the sensitive data is important data which needs to be kept secret and is prevented from being leaked out in the internal data source, when the sensitive data in the internal data source is detected on the external data source, the sensitive data in the internal data source can be considered to be leaked out to the external data source.
In the embodiment of the present invention, the sensitive data detection rule may be a preset method for detecting whether data is sensitive data, specifically, the similarity between the data to be detected and the content of the sensitive data or the characteristics of the sensitive data may be determined, and the similarity is used as the probability that the data to be detected may be sensitive data, that is, the probability that the data to be detected is leaked sensitive data. For example, when it is detected that the similarity between the data to be detected and the sensitive data is 60%, the probability that the data to be detected is the sensitive data on the internal data source is considered to be 60%, that is, the probability that the data to be detected is the leaked sensitive data is considered to be 60%.
And 103, determining the target severity level of the leakage event corresponding to the data to be detected according to the probability.
In the embodiment of the present invention, a plurality of severity levels may be divided for a leakage event of sensitive data, specifically, the severity levels may be divided into different severity levels according to the importance of the leakage data and the number of the leakage data, for example, the severity levels may be divided into a first-level severity, a second-level severity and a third-level severity, and when the probability that the data to be detected is sensitive data is higher, the severity of the leakage event may be considered to be higher. By dividing the severity levels, the severity of the leakage event can be more accurately characterized, so that a user can quickly know the severity of the leakage event through the severity levels.
It should be noted that the target severity level of the leakage event corresponding to the data to be detected is determined according to the probability, which may be determining the severity level of the probability corresponding to the leakage event according to the probability that the data to be detected is the leaked sensitive data, and determining the severity level as the target severity level. For example, the probability corresponding to the first-level severity can be 40-60%, the probability corresponding to the second-level severity can be 60-80%, the probability corresponding to the third-level severity can be 80-100%, and when the probability that the data to be detected is leaked sensitive data is detected to be 78%, the target severity level of the leakage event corresponding to the data to be detected is the second-level severity; when the probability that the data to be detected is the leaked sensitive data is 85%, the target severity level of the leakage event corresponding to the data to be detected is three-level severity.
And 104, outputting alarm information according to the target severity level.
In the embodiment of the present invention, the alarm information may be a prompt message for prompting a user that the sensitive data is leaked to an external data source, and the alarm information may include a document file in which the sensitive data is appeared, specifically, different severity levels may correspond to alarm information of different contents, and meanwhile, the more severe the sensitive data leakage event is, the higher the corresponding severity level is, the greater the strength of outputting the alarm information is, so that the user can determine the severity level of the sensitive data leakage directly according to the content of the alarm information. For example, when the severity level is first-level severity, the corresponding warning information may be information for prompting the user to detect that sensitive data appears in the document; when the severity level is second-level severity, the corresponding warning information can prompt the user to detect that sensitive data appears in the document and attach the document screenshot; when the severity level is three-level severity, the corresponding warning information can prompt the user to immediately check the document where the sensitive data is located, and the link of the document is attached so that the user can check the document in time.
It should be noted that, outputting the warning information may be sending the warning information according to the network address of the terminal used by the user, and the network address of the terminal used may be the network address pre-stored by the user, and then sending the warning information to the network address of the terminal used, and may be sending a short message or a mail containing the warning information to the network address of the terminal used, so that the user can check and receive the warning information in time.
To sum up, the data detection method provided in the embodiment of the present application may first obtain data to be detected from an external data source, determine the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule, determine a target severity level of a leakage event corresponding to the data to be detected according to the probability, and finally output alarm information according to the target severity level. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, and the whole network monitoring of the sensitive data can be realized, so that a user can find the leaked sensitive data in time, and the efficiency of data protection can be improved.
Fig. 2 is a flowchart of steps of another data detection method provided in an embodiment of the present invention, and as shown in fig. 2, the method may include:
In the embodiment of the present invention, when the external data source is at least two data sources, the priorities corresponding to the at least two data sources may be determined first. The priority corresponding to the data source may be determined according to the credibility of the data source, which is preset by a user, and a higher priority may be set for the data source with higher credibility and a lower priority may be set for the data source with lower credibility. For example, the external data sources are a data source X, a data source Y, and a data source Z, and the credibility ranks of the data sources are as follows: data source Y > data source Z > data source X, then the priority of the data source may be obtained as: priority of data source Y > priority of data source Z > priority of data source X. The data processing is carried out according to the priority of the data source, and the processing resources can be reasonably arranged, so that the data processing efficiency can be improved.
In the embodiment of the present invention, the data to be detected is sequentially acquired from the data source, and the data to be detected may be sequentially acquired from the data source with the high priority to the data source with the low priority according to the priority order corresponding to the data source. For example, if the priority of the data source is the priority of the data source Y > the priority of the data source Z > the priority of the data source X, the data to be detected may be obtained from the data source Y first, then the data to be detected may be obtained from the data source Z, and finally the data to be detected may be obtained from the data source X. The data to be detected are acquired in sequence according to the priority of the data source, so that the reliability of the data to be detected acquired first can be high, and the data processing efficiency can be improved.
Specifically, the determination of the probability that the data to be detected is the leaked sensitive data can be realized through the following steps 2031 to 2032.
Step 2031, determining the occurrence frequency of preset key data in the data to be detected according to the preset key data; the preset key data is determined according to the secret data in the internal data source.
In the embodiment of the invention, the preset key data can be determined according to the confidential data in the internal data source, and specifically, the preset key data can be a statement needing to be confidential in a document or a graph structure needing to be confidential in a graph. Determining the occurrence frequency of the preset key data in the data to be detected, which may be counting the occurrence frequency of each preset key data in the data to be detected, and using the occurrence frequency as the occurrence frequency of each preset key data in the data to be detected. By determining the occurrence frequency of the preset key data in the data to be detected, whether the preset key data is leaked or not can be accurately known, so that the data detection efficiency is improved.
Step 2032, determining the probability that the data to be detected is leaked sensitive data according to the sensitivity level corresponding to the preset key data and the occurrence frequency; the probability is positively correlated with the sensitivity level of the preset key data and the occurrence frequency.
In the embodiment of the present invention, the sensitivity level corresponding to the preset key data may be determined according to the confidentiality degree of the key data, and specifically, a high sensitivity level may be set for the key data with a high confidentiality degree, and a low sensitivity level may be set for the key data with a low confidentiality degree. Determining the probability that the data to be detected is the leaked sensitive data, which may be determining the sensitivity level corresponding to the preset key data and the probability corresponding to the occurrence frequency according to a preset probability correspondence table, and taking the probability as the probability that the data to be detected is the leaked sensitive data, where the probability correspondence table may be preset according to an actual situation, and when the sensitivity level of the preset key data is higher, the corresponding probability is higher, and when the occurrence frequency of the preset key data is higher, the corresponding probability is higher. The probability that the data to be detected is the leaked sensitive data is determined by presetting the sensitivity grade and the occurrence frequency corresponding to the sensitive data, so that the accuracy of determining the leaked sensitive data can be improved, and the data processing efficiency can be further improved.
Further, the determination of the probability that the data to be detected is the leaked sensitive data can also be realized through the following steps 2033 to 2035.
Step 2033, generating target data characteristics of the data to be detected according to preset type data characteristics.
In the embodiment of the present invention, the data feature of the preset type may be a data feature corresponding to the data type determined according to the type of the data, for example, if the data type is a document, the content with the largest occurrence number in the document may be used as the document feature of the document, and the title of the document may also be used as the document feature of the document; if the data type is a graph, the central structure of the graph can be used as the graph feature of the graph.
Further, generating target data characteristics of the data to be detected may be determining the data type of the data to be detected, obtaining the data characteristics of the data to be detected according to the data type, and using the obtained data characteristics as the target data characteristics, specifically, if the data to be detected is a document, the target data characteristics may be the content appearing most frequently in the document, or may be a title of the document; if the data to be detected is a graph, the target data feature may be a central structure of the graph. Therefore, the target data characteristics of the data to be detected are generated according to the data characteristics of the preset type, and the data processing efficiency can be improved.
Step 2034, determining the matching degree of the target data characteristics and preset data characteristics; the predetermined data characteristic is determined based on a secret data characteristic in the internal data source.
In the embodiment of the present invention, the preset data feature may be determined according to a secret data feature in an internal data source, specifically, if the secret data is a document, the preset data feature may be a content with the largest occurrence number in the secret document, or may be a title of the secret document; if the security data is a graphic, the predetermined data characteristic may be a central structure of the security graphic.
Further, the matching degree of the target data features and the preset data features is determined, which may be determining the coincidence rate of the target data features and the preset data features of the data to be detected, and taking the coincidence rate as the matching degree of the target data features and the preset data features. By determining the matching degree of the target data characteristics and the preset data characteristics, whether the characteristics of the data to be detected and the characteristics of the sensitive data are matched or not can be determined, so that whether the data to be detected is the sensitive data or not can be determined, and the data detection efficiency is further improved.
Step 2035, determining the probability that the data to be detected is the leaked sensitive data according to the matching degree; the probability is positively correlated with the degree of match.
In the embodiment of the present invention, the probability that the data to be detected is the leaked sensitive data is determined, which may be determining the probability that the matching degree of the target data feature and the preset data feature corresponds to according to a preset probability correspondence table, and taking the probability as the probability that the data to be detected is the leaked sensitive data, where the probability correspondence table may be preset according to an actual situation, and when the matching degree is higher, the corresponding probability is higher. The probability that the data to be detected is the leaked sensitive data is determined according to the matching degree, so that the accuracy of determining the leaked sensitive data can be improved, and the data processing efficiency can be further improved.
And 204, determining the target severity level of the leakage event corresponding to the data to be detected according to the probability.
Specifically, the step 103 may be referred to in an implementation manner of this step, and this is not limited in this embodiment of the present invention.
In the embodiment of the invention, under the condition that the data to be detected is a document, the corresponding relation between the preset severity level and the alarm mode can be preset according to the actual situation, different severity levels correspond to different alarm modes, and the strength of the corresponding alarm mode is higher when the severity level is higher. For example, when the severity level is a first severity level, that is, the severity of the sensitive data leakage event is low, the corresponding alarm manner may be to send alarm information once; when the severity level is a third-level severity level, that is, the severity of the sensitive data leakage event is higher, the corresponding alarm mode may be to periodically send alarm information, wherein the higher the severity level is, the shorter the period is, so as to prompt the user to view the information in time, thereby avoiding the problem of missing the information.
Further, the determining of the target alarm mode corresponding to the target severity level may be determining the alarm mode corresponding to the target severity level of the leakage event corresponding to the data to be detected in a corresponding relationship between preset severity levels and alarm modes, and using the alarm mode as the target alarm mode corresponding to the target severity level. And determining a corresponding target alarm mode according to the target severity level, and prompting the severity of sensitive data leakage of the user through different alarm modes so as to prompt the user to check alarm information in time and avoid the user missing alarm information corresponding to a sensitive data leakage event with a higher severity level.
In the embodiment of the invention, different alarm information can be output according to different severity levels, for example, when the severity level is a first-level severity level, the output alarm information can be a document screenshot of the data to be detected; when the severity level is a secondary severity level, the output warning information can be a document screenshot of the data to be detected, the number of times of hitting preset key data and a target severity level; when the severity level is a third-level severity level, the output warning information can be a document screenshot of the data to be detected, the number of times of hitting preset key data, the target severity level and the document address, and a document author, namely a site to which the document belongs.
Further, the warning information may be output according to a target warning manner, and the warning information corresponding to the target severity level may be output according to the target warning manner according to the target severity level of the data to be detected, for example, when the target severity level of the data to be detected is a first severity level, the warning information may be sent to the user once, the warning information is a document screenshot of the data to be detected, when the target severity level of the data to be detected is a third severity level, the warning information may be sent to the user periodically, and the warning information may be the document screenshot of the data to be detected, the number of times of hitting preset key data, the target severity level, the document address, and a site to which the document author, that is, the document belongs. And outputting the alarm information according to the target severity level and the target alarm mode, so that the user can determine the severity of the sensitive data leakage event according to different alarm modes and alarm information and can be prompted to avoid missing alarm information with higher severity level.
It should be noted that, the embodiment of the present invention may also monitor the operation of the user on the sensitive data in the user terminal; if the operation is illegal, sending out early warning information; and/or monitoring the operation of the new sensitive data when the new sensitive data is stored in the data storage server; if the operation has violation operation, sending out early warning information; and/or monitoring transmission data at a network outlet of an internal data source, and if sensitive data appear in the transmission data, sending out early warning information. Specifically, the illegal operation may be sending the sensitive data to another untrusted terminal, or copying the sensitive data to a storage server with low security, or sending the sensitive data to an external data source, where the untrusted terminal and the storage server with low security may be preset by a user. The early warning information may be information that prompts a user to present a risk of sensitive data leakage. The operation on the sensitive data is monitored on the user terminal, the storage server and the network outlet, so that early warning information can be timely sent out when illegal operation occurs, a window for protecting sensitive data leakage can be advanced, early warning information can be timely sent out when the sensitive data leakage is possible, and loss caused by sensitive data leakage can be effectively reduced.
To sum up, in the data detection method provided in the embodiment of the present application, priorities corresponding to at least two data sources are determined, data to be detected is sequentially obtained from the data sources according to the priorities corresponding to the data sources, a probability that the data to be detected is leaked sensitive data is determined according to a preset sensitive data detection rule, a target severity level of a leakage event corresponding to the data to be detected is determined according to the probability, a target alarm mode corresponding to the target severity level is determined according to a correspondence between the preset severity level and the alarm mode, and alarm information is output according to the target alarm mode. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, the whole-network monitoring of the sensitive data can be realized, a user can find the leaked sensitive data in time, a corresponding target alarm mode is determined according to the target severity level, the severity of the leakage of the sensitive data of the user can be prompted through different alarm modes, the user is prompted to check alarm information in time, the user is prevented from missing the alarm information corresponding to the sensitive data leakage event with the higher severity level, and the efficiency of data protection can be improved.
Fig. 3 is a schematic diagram of another Data leakage prevention system according to an embodiment of the present invention, and as shown in fig. 3, a centralized management and control center implemented by a Data Leakage Prevention (DLP) system technology mainly includes network Data leakage prevention, terminal Data leakage prevention, storage Data leakage prevention, and the like. Wherein, network data prevents revealing: the data leakage prevention system is deployed at a network outlet of the electronic equipment, and is used for intelligently analyzing and identifying the content of data transmitted through a network, and performing network monitoring, network alarming and network blocking on illegal content according to a strategy. The method mainly monitors sensitive data in network protocol transmission such as Web, FTP, mail and the like. The terminal data is prevented from being revealed: the data leakage prevention system is deployed in terminal equipment of a Windows system, is mainly used for discovering, identifying and monitoring sensitive data in a computer by a terminal, and comprises terminal monitoring, terminal alarming and terminal blocking, policy control is carried out on illegal use of the sensitive data, and management and control are carried out on use behaviors of the terminal equipment. The stored data is prevented from being leaked: the method comprises the steps of scanning structured and unstructured data stored in a server, a database and a storage library, discovering and recording sensitive data according to a preset strategy in a system, and alarming sensitive events, including storage monitoring, storage alarming and storage protection.
Fig. 4 is a flowchart of a novel monitoring scheme based on Data leakage from the internal and external networks according to an embodiment of the present invention, as shown in fig. 4, when the novel monitoring scheme based on Data leakage from the internal and external networks according to the present invention is started, a rule policy is first formulated, specifically including a severity definition, a document element definition, and a document rule definition, a monitoring task is then created, deep legal crawling is performed on internet Data, a file is generated, and the file is sent to a Network-based Data leakage defense scheme (NDLP) for analysis, because the NDLP supports analysis of various file formats, the file generated after Data meeting conditions is crawled by using a crawler is stored in a file server and is sent to the NDLP for processing, and the NDLP performs analysis in an all-around recognition manner such as keywords, regular expressions, file attributes, and file fingerprints according to a rule policy prefabricated by the NDLP system, and finally, receiving and recording the analysis result, judging whether the analysis result is hit, if the analysis result is not hit, namely the file in the analysis result is not a sensitive file, ending the monitoring scheme, and if the analysis result is hit, namely the file in the analysis result is a sensitive file, generating an alarm according to the analysis result, sending a short message or a mail to inform a user, and ending the monitoring scheme.
Fig. 5 is a system diagram of a novel monitoring scheme based on data leakage from the internal and external networks according to an embodiment of the present invention, and as shown in fig. 5, the novel monitoring scheme based on data leakage from the internal and external networks includes DLP centralized management and control center and internet data monitoring. In the DLP centralized management and control center, the DLP centralized management and control center mainly comprises three aspects of network DLP, terminal DLP and storage DLP, wherein the network DLP comprises mail safety, WEB safety, FTP safety and instant information safety, the terminal DLP comprises data mining, printing/faxing, USB and CD/DVD, and the storage DLP comprises server safety, database safety and storage library safety. In the internet data monitoring, the method mainly comprises four aspects of a rule strategy, a monitoring task, a data report and alarm information, wherein the rule strategy comprises keywords, a regular expression, a data identifier and a document fingerprint, the monitoring task mainly comprises internet data legal deep crawling, file basic information, NDLP combined identification and alarm triggering are included, the data report mainly comprises data analysis, and the alarm information comprises file basic information, hit information and mail/short message notification. The data detection method provided by the embodiment of the invention is described above, and the data detection device provided by the embodiment of the invention is described below with reference to the accompanying drawings.
Fig. 6 is a block diagram of a structure of a data detection device according to an embodiment of the present invention, and as shown in fig. 6, the data detection device 30 may include:
an obtaining module 301, configured to obtain data to be detected from an external data source;
a first determining module 302, configured to determine, according to a preset sensitive data detection rule, a probability that the data to be detected is leaked sensitive data;
a second determining module 303, configured to determine, according to the probability, a target severity level of a leakage event corresponding to the data to be detected;
and the output module 304 is configured to output alarm information according to the target severity level.
To sum up, the data detection device provided in the embodiment of the present application may obtain data to be detected from an external data source, determine the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule, determine the target severity level of a leakage event corresponding to the data to be detected according to the probability, and output alarm information according to the target severity level. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, and the whole network monitoring of the sensitive data can be realized, so that a user can find the leaked sensitive data in time, and the efficiency of data protection can be improved.
Optionally, the first determining module 302 is further configured to:
determining the occurrence frequency of preset key data in the data to be detected according to the preset key data; the preset key data is determined according to the secret data in the internal data source;
determining the probability that the data to be detected is leaked sensitive data according to the sensitivity level corresponding to the preset key data and the occurrence frequency; the probability is positively correlated with the sensitivity level of the preset key data and the occurrence frequency.
Optionally, the first determining module 302 is further configured to:
generating target data characteristics of the data to be detected according to data characteristics of a preset type;
determining the matching degree of the target data characteristics and preset data characteristics; the preset data characteristics are determined according to the secret data characteristics in the internal data source;
determining the probability that the data to be detected is the leaked sensitive data according to the matching degree; the probability is positively correlated with the degree of match.
Optionally, the external data source is at least two data sources; the obtaining module 301 is further configured to:
determining priorities corresponding to the at least two data sources;
and sequentially acquiring the data to be detected from the data sources according to the priorities corresponding to the data sources.
Optionally, the data to be detected is a document; the output module 304 is further configured to:
determining a target alarm mode corresponding to the target severity level according to the corresponding relation between the preset severity level and the alarm mode;
outputting the alarm information according to the target alarm mode; the alarm information comprises at least one of a document screenshot of the data to be detected, the number of times of hitting preset key data, a target severity level, a document address and a document author, namely a site to which the document belongs.
Optionally, the apparatus 30 further includes:
the monitoring module is used for monitoring the operation of the user on the sensitive data in the user terminal; if the operation is illegal, sending out early warning information;
and/or monitoring the operation of new sensitive data when the new sensitive data is stored in the data storage server; if the operation has the illegal operation, sending out early warning information;
and/or monitoring transmission data at a network outlet of the internal data source, and sending early warning information if sensitive data appears in the transmission data.
To sum up, the data detection device provided in the embodiment of the present application may first determine priorities corresponding to at least two data sources, sequentially obtain data to be detected from the data sources according to the priorities corresponding to the data sources, determine a probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule, finally determine a target severity level of a leakage event corresponding to the data to be detected according to the probability, determine a target alarm manner corresponding to the target severity level according to a correspondence between the preset severity level and the alarm manner, and output alarm information according to the target alarm manner. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, the whole-network monitoring of the sensitive data can be realized, a user can find the leaked sensitive data in time, a corresponding target alarm mode is determined according to the target severity level, the severity of the leakage of the sensitive data of the user can be prompted through different alarm modes, the user is prompted to check alarm information in time, the user is prevented from missing the alarm information corresponding to the sensitive data leakage event with the higher severity level, and the efficiency of data protection can be improved.
FIG. 7 is a diagram illustrating a hardware configuration of an electronic device implementing various embodiments of the invention;
the electronic device 400 includes, but is not limited to: radio frequency unit 401, network module 402, audio output unit 403, input unit 404, sensor 405, display unit 406, user input unit 407, interface unit 408, memory 409, processor 410, and power supply 411. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 7 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.
The processor 410 is configured to obtain data to be detected from an external data source;
the processor 410 is configured to determine, according to a preset sensitive data detection rule, a probability that the data to be detected is leaked sensitive data;
the processor 410 is configured to determine a target severity level of a leakage event corresponding to the data to be detected according to the probability;
and the processor 410 is configured to output alarm information according to the target severity level.
To sum up, the data detection method provided in the embodiment of the present application may first obtain data to be detected from an external data source, determine the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule, determine a target severity level of a leakage event corresponding to the data to be detected according to the probability, and finally output alarm information according to the target severity level. Whether sensitive data are leaked or not is determined by detecting the sensitive data from an external data source, and the whole network monitoring of the sensitive data can be realized, so that a user can find the leaked sensitive data in time, and the efficiency of data protection can be improved.
It should be understood that, in the embodiment of the present invention, the radio frequency unit 401 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 410; in addition, the uplink data is transmitted to the base station. Typically, radio unit 401 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. Further, the radio unit 401 can also communicate with a network and other devices through a wireless communication system.
The electronic device provides wireless broadband internet access to the user via the network module 402, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.
The audio output unit 403 may convert audio data received by the radio frequency unit 401 or the network module 402 or stored in the memory 409 into an audio signal and output as sound. Also, the audio output unit 403 may also provide audio output related to a specific function performed by the electronic apparatus 400 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 403 includes a speaker, a buzzer, a receiver, and the like.
The input unit 404 is used to receive audio or video signals. The input Unit 404 may include a Graphics Processing Unit (GPU) 4041 and a microphone 4042, and the Graphics processor 4041 processes image data of a still picture or video obtained by an image capturing apparatus (such as a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 406. The image frames processed by the graphic processor 4041 may be stored in the memory 409 (or other storage medium) or transmitted via the radio frequency unit 401 or the network module 402. The microphone 4042 may receive sound, and may be capable of processing such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 401 in case of the phone call mode.
The electronic device 400 also includes at least one sensor 405, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor includes an ambient light sensor that adjusts the brightness of the display panel 4061 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 4061 and/or the backlight when the electronic apparatus 400 is moved to the ear. As one type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of an electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), and vibration identification related functions (such as pedometer, tapping); the sensors 405 may also include a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, etc., which will not be described in detail herein.
The display unit 406 is used to display information input by the user or information provided to the user. The Display unit 606 may include a Display panel 4061, and the Display panel 4061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 407 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 407 includes a touch panel 4071 and other input devices 4072. Touch panel 4071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 4071 using a finger, a stylus, or any suitable object or attachment). The touch panel 4071 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 410, receives a command from the processor 410, and executes the command. In addition, the touch panel 4071 can be implemented by using various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 4071, the user input unit 407 may include other input devices 4072. Specifically, the other input devices 4072 may include, but are not limited to, a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a track ball, a mouse, and a joystick, which are not described herein again.
Further, the touch panel 4071 can be overlaid on the display panel 4061, and when the touch panel 4071 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 410 to determine the type of the touch event, and then the processor 410 provides a corresponding visual output on the display panel 4061 according to the type of the touch event. Although in fig. 7, the touch panel 4071 and the display panel 4061 are two independent components to implement the input and output functions of the electronic device, in some embodiments, the touch panel 4071 and the display panel 4061 may be integrated to implement the input and output functions of the electronic device, and the implementation is not limited herein.
The interface unit 408 is an interface for connecting an external device to the electronic apparatus 400. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 408 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the electronic apparatus 400 or may be used to transmit data between the electronic apparatus 400 and an external device.
The memory 409 may be used to store software programs as well as various data. The memory 409 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 409 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 410 is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, performs various functions of the electronic device and processes data by operating or executing software programs and/or modules stored in the memory 409 and calling data stored in the memory 409, thereby performing overall monitoring of the electronic device. Processor 410 may include one or more processing units; preferably, the processor 410 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 410.
The electronic device 400 may further include a power supply 411 (e.g., a battery) for supplying power to various components, and preferably, the power supply 411 may be logically connected to the processor 410 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.
In addition, the electronic device 400 includes some functional modules that are not shown, and are not described in detail herein.
Preferably, an embodiment of the present invention further provides an electronic device, which includes a processor 410, a memory 409, and a computer program that is stored in the memory 409 and can be run on the processor 410, and when being executed by the processor 410, the computer program implements each process of the data detection method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the data detection method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (14)
1. A method of data detection, the method comprising:
acquiring data to be detected from an external data source;
determining the probability that the data to be detected is leaked sensitive data according to a preset sensitive data detection rule;
determining the target severity level of the leakage event corresponding to the data to be detected according to the probability;
and outputting alarm information according to the target severity level.
2. The method according to claim 1, wherein the determining the probability that the data to be detected is the leaked sensitive data according to a preset sensitive data detection rule comprises:
determining the occurrence frequency of preset key data in the data to be detected according to the preset key data; the preset key data is determined according to the secret data in the internal data source;
determining the probability that the data to be detected is leaked sensitive data according to the sensitivity level corresponding to the preset key data and the occurrence frequency; the probability is positively correlated with the sensitivity level of the preset key data and the occurrence frequency.
3. The method according to claim 1, wherein the determining the probability that the data to be detected is the leaked sensitive data according to a preset sensitive data detection rule comprises:
generating target data characteristics of the data to be detected according to data characteristics of a preset type;
determining the matching degree of the target data characteristics and preset data characteristics; the preset data characteristics are determined according to the secret data characteristics in the internal data source;
determining the probability that the data to be detected is the leaked sensitive data according to the matching degree; the probability is positively correlated with the degree of match.
4. The method of any of claims 1-3, wherein the external data source is at least two data sources; the acquiring of the data to be detected from the external data source includes:
determining priorities corresponding to the at least two data sources;
and sequentially acquiring the data to be detected from the data sources according to the priorities corresponding to the data sources.
5. The method according to claim 1, wherein the data to be detected is a document; the outputting alarm information according to the target severity level includes:
determining a target alarm mode corresponding to the target severity level according to the corresponding relation between the preset severity level and the alarm mode;
outputting the alarm information according to the target alarm mode; the alarm information comprises at least one of a document screenshot of the data to be detected, the number of times of hitting preset key data, a target severity level, a document address and a document author, namely a site to which the document belongs.
6. The method of claim 1, further comprising:
monitoring the operation of a user on sensitive data in a user terminal; if the operation is illegal, sending out early warning information;
and/or monitoring the operation of new sensitive data when the new sensitive data is stored in the data storage server; if the operation has the illegal operation, sending out early warning information;
and/or monitoring transmission data at a network outlet of the internal data source, and sending early warning information if sensitive data appears in the transmission data.
7. A data detection apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring the data to be detected from an external data source;
the first determining module is used for determining the probability that the data to be detected is the leaked sensitive data according to a preset sensitive data detection rule;
the second determining module is used for determining the target severity level of the leakage event corresponding to the data to be detected according to the probability;
and the output module is used for outputting alarm information according to the target severity level.
8. The apparatus of claim 7, wherein the first determining module is further configured to:
determining the occurrence frequency of preset key data in the data to be detected according to the preset key data; the preset key data is determined according to the secret data in the internal data source;
determining the probability that the data to be detected is leaked sensitive data according to the sensitivity level corresponding to the preset key data and the occurrence frequency; the probability is positively correlated with the sensitivity level of the preset key data and the occurrence frequency.
9. The apparatus of claim 7, wherein the first determining module is further configured to:
generating target data characteristics of the data to be detected according to data characteristics of a preset type;
determining the matching degree of the target data characteristics and preset data characteristics; the preset data characteristics are determined according to the secret data characteristics in the internal data source;
determining the probability that the data to be detected is the leaked sensitive data according to the matching degree; the probability is positively correlated with the degree of match.
10. The apparatus of any of claims 7-9, wherein the external data source is at least two data sources; the obtaining module is further configured to:
determining priorities corresponding to the at least two data sources;
and sequentially acquiring the data to be detected from the data sources according to the priorities corresponding to the data sources.
11. The apparatus according to claim 7, wherein the data to be detected is a document; the output module is further configured to:
determining a target alarm mode corresponding to the target severity level according to the corresponding relation between the preset severity level and the alarm mode;
outputting the alarm information according to the target alarm mode; the alarm information comprises at least one of a document screenshot of the data to be detected, the number of times of hitting preset key data, a target severity level, a document address and a document author, namely a site to which the document belongs.
12. The apparatus of claim 7, further comprising:
the monitoring module is used for monitoring the operation of the user on the sensitive data in the user terminal; if the operation is illegal, sending out early warning information;
and/or monitoring the operation of new sensitive data when the new sensitive data is stored in the data storage server; if the operation has the illegal operation, sending out early warning information;
and/or monitoring transmission data at a network outlet of the internal data source, and sending early warning information if sensitive data appears in the transmission data.
13. An electronic device, comprising a processor, a memory, and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the data detection method according to any one of claims 1 to 6.
14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the data detection method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010941286.9A CN112100655A (en) | 2020-09-09 | 2020-09-09 | Data detection method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010941286.9A CN112100655A (en) | 2020-09-09 | 2020-09-09 | Data detection method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112100655A true CN112100655A (en) | 2020-12-18 |
Family
ID=73751765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010941286.9A Pending CN112100655A (en) | 2020-09-09 | 2020-09-09 | Data detection method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112100655A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685775A (en) * | 2020-12-29 | 2021-04-20 | 北京八分量信息科技有限公司 | Method and device for monitoring data leakage prevention in block chain system and related products |
| CN112804192A (en) * | 2020-12-21 | 2021-05-14 | 网神信息技术(北京)股份有限公司 | Method, apparatus, electronic device, program, and medium for monitoring hidden network leakage |
| CN113434740A (en) * | 2021-06-22 | 2021-09-24 | 中国平安人寿保险股份有限公司 | Sensitive information monitoring method and device, terminal equipment and storage medium |
| CN115242462A (en) * | 2022-06-30 | 2022-10-25 | 北京华顺信安科技有限公司 | Data leakage detection method |
| CN116112228A (en) * | 2022-12-28 | 2023-05-12 | 北京明朝万达科技股份有限公司 | HTTPS data packet sending method and device, electronic equipment and readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156365A (en) * | 2013-05-14 | 2014-11-19 | 中国移动通信集团湖南有限公司 | Monitoring method, device and system for file |
| US9171171B1 (en) * | 2013-03-12 | 2015-10-27 | Emc Corporation | Generating a heat map to identify vulnerable data users within an organization |
| CN108519970A (en) * | 2018-02-06 | 2018-09-11 | 平安科技(深圳)有限公司 | The identification method of sensitive information, electronic device and readable storage medium storing program for executing in text |
| CN108650108A (en) * | 2018-03-23 | 2018-10-12 | 北京明朝万达科技股份有限公司 | A kind of user input data anti-leak method for early warning and system |
| CN110941956A (en) * | 2019-10-26 | 2020-03-31 | 华为技术有限公司 | Data classification method, device and related equipment |
-
2020
- 2020-09-09 CN CN202010941286.9A patent/CN112100655A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9171171B1 (en) * | 2013-03-12 | 2015-10-27 | Emc Corporation | Generating a heat map to identify vulnerable data users within an organization |
| CN104156365A (en) * | 2013-05-14 | 2014-11-19 | 中国移动通信集团湖南有限公司 | Monitoring method, device and system for file |
| CN108519970A (en) * | 2018-02-06 | 2018-09-11 | 平安科技(深圳)有限公司 | The identification method of sensitive information, electronic device and readable storage medium storing program for executing in text |
| CN108650108A (en) * | 2018-03-23 | 2018-10-12 | 北京明朝万达科技股份有限公司 | A kind of user input data anti-leak method for early warning and system |
| CN110941956A (en) * | 2019-10-26 | 2020-03-31 | 华为技术有限公司 | Data classification method, device and related equipment |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804192A (en) * | 2020-12-21 | 2021-05-14 | 网神信息技术(北京)股份有限公司 | Method, apparatus, electronic device, program, and medium for monitoring hidden network leakage |
| CN112685775A (en) * | 2020-12-29 | 2021-04-20 | 北京八分量信息科技有限公司 | Method and device for monitoring data leakage prevention in block chain system and related products |
| CN113434740A (en) * | 2021-06-22 | 2021-09-24 | 中国平安人寿保险股份有限公司 | Sensitive information monitoring method and device, terminal equipment and storage medium |
| CN115242462A (en) * | 2022-06-30 | 2022-10-25 | 北京华顺信安科技有限公司 | Data leakage detection method |
| CN116112228A (en) * | 2022-12-28 | 2023-05-12 | 北京明朝万达科技股份有限公司 | HTTPS data packet sending method and device, electronic equipment and readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112100655A (en) | Data detection method and device, electronic equipment and readable storage medium | |
| CN107580147B (en) | Management method of notification message and mobile terminal | |
| CN108712561B (en) | Authority management method, device, mobile terminal and storage medium | |
| CN107506646B (en) | Malicious application detection method and device and computer readable storage medium | |
| CN111125696B (en) | Information prompting method and electronic equipment | |
| CN110457935B (en) | Permission configuration method and terminal equipment | |
| CN111510557B (en) | Content processing method and electronic equipment | |
| CN112350974A (en) | Safety monitoring method and device of Internet of things and electronic equipment | |
| CN108491713B (en) | Safety reminding method and electronic equipment | |
| CN108629280B (en) | Face recognition method and mobile terminal | |
| CN111597540B (en) | Login method of application program, electronic device and readable storage medium | |
| CN109918944B (en) | Information protection method and device, mobile terminal and storage medium | |
| CN109815679B (en) | Authority management method and mobile terminal | |
| CN111372205A (en) | Information prompting method and electronic equipment | |
| CN109522741B (en) | Application program permission prompting method and terminal equipment thereof | |
| CN110796552A (en) | Risk prompting method and device | |
| CN109067979B (en) | Prompting method and mobile terminal | |
| CN110225040B (en) | Information processing method and terminal equipment | |
| CN108959960B (en) | Method, device and computer readable storage medium for preventing privacy disclosure | |
| CN116028157A (en) | Risk identification method and device and electronic equipment | |
| CN110276209B (en) | Alarm method and mobile terminal | |
| CN108989350B (en) | Method, device and equipment for detecting denial of service vulnerability | |
| CN110856173B (en) | Network access method and device and electronic equipment | |
| CN109995849B (en) | Information recording method and terminal equipment | |
| CN109508425B (en) | Setting item recommendation method and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |