CN115604019A - Industrial data desensitization detecting system - Google Patents

Industrial data desensitization detecting system Download PDF

Info

Publication number
CN115604019A
CN115604019A CN202211387856.XA CN202211387856A CN115604019A CN 115604019 A CN115604019 A CN 115604019A CN 202211387856 A CN202211387856 A CN 202211387856A CN 115604019 A CN115604019 A CN 115604019A
Authority
CN
China
Prior art keywords
desensitization
data
industrial
detection
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211387856.XA
Other languages
Chinese (zh)
Other versions
CN115604019B (en
Inventor
李俊
赵千
李耀兵
高建磊
郝志强
王福焱
李赟
贾炯轩
许丰娟
江浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Industrial Control Systems Cyber Emergency Response Team
Original Assignee
China Industrial Control Systems Cyber Emergency Response Team
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Industrial Control Systems Cyber Emergency Response Team filed Critical China Industrial Control Systems Cyber Emergency Response Team
Priority to CN202211387856.XA priority Critical patent/CN115604019B/en
Publication of CN115604019A publication Critical patent/CN115604019A/en
Application granted granted Critical
Publication of CN115604019B publication Critical patent/CN115604019B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an industrial data desensitization detection system, which relates to the field of industrial data processing and comprises the following components: the device comprises a data acquisition layer, a desensitization detection layer and a result treatment layer; the data acquisition layer is used for acquiring industrial desensitization data and a safety log related to the industrial desensitization data; the desensitization detection layer is used for detecting the removal degree, effectiveness and distortion of sensitive information of the industrial desensitization data and outputting a detection result; the desensitization detection layer is also used for detecting abnormal flow transmission of industrial desensitization data based on the security log; the result processing layer is used for recording the detection result and giving an alarm for abnormal desensitization conditions and abnormal flow transmission of industrial desensitization data; abnormal desensitization conditions include the presence of sensitive data in the industrial desensitization data, invalid industrial desensitization data, and distortion of industrial desensitization data. The invention reduces the desensitization detection difficulty and improves the desensitization detection efficiency.

Description

Industrial data desensitization detecting system
Technical Field
The invention relates to the technical field of industrial data processing, in particular to an industrial data desensitization detection system.
Background
With the continuous deepening of industrial internet and informatization and industrialization construction, industrial enterprises take a way of digital transformation, and people pay more and more attention to data security problems in the industrial internet. As the 'blood' of the industrial internet, industrial data contains a large amount of important and sensitive information, and once security events such as stealing, leakage and tampering of the industrial sensitive data occur, unpredictable influences are generated on individuals, enterprises and even countries. Visible data desensitization is an indispensable ring in industrial internet data security protection.
Under the background, many researchers develop research on industrial data desensitization algorithms, but desensitization detection is an important component in a data desensitization process, and related research on industrial data desensitization detection is relatively few. At present, the industrial data desensitization effect lacks a uniform evaluation index to evaluate whether the industrial data desensitization algorithm meets the corresponding desensitization requirement or not, so that the industrial data desensitization effect is mainly manually checked, and the randomness and the management difficulty are high.
Disclosure of Invention
The invention aims to provide an industrial data desensitization detection system structure, which reduces desensitization detection difficulty and improves desensitization detection efficiency.
In order to achieve the purpose, the invention provides the following scheme:
the invention discloses an industrial data desensitization detection system, which comprises: the device comprises a data acquisition layer, a desensitization detection layer and a result treatment layer;
the data acquisition layer is used for acquiring industrial desensitization data and a security log related to the industrial desensitization data;
the desensitization detection layer is used for detecting the removal degree, effectiveness and distortion of sensitive information of the industrial desensitization data and outputting a detection result; the desensitization detection layer is also used for detecting abnormal flow transmission of industrial desensitization data based on the safety log;
the result processing layer is used for recording the detection result and giving an alarm for abnormal desensitization conditions and abnormal flow transmission of industrial desensitization data; the abnormal desensitization condition includes presence of sensitive data in the industrial desensitization data, invalidity of the industrial desensitization data, and distortion of the industrial desensitization data.
Optionally, the data acquisition layer comprises an industrial desensitization data acquisition module;
the industrial desensitization data acquisition module is used for acquiring industrial desensitization data from a desensitization database, wherein the industrial desensitization data comprises numerical data, text data and image data; the desensitization database is used for storing industrial desensitization data of the system to be detected.
Optionally, the desensitization database is Oracle, mysql, DB2, sybase, or SQL Server.
Optionally, the desensitization detection layer comprises an industrial desensitization data detection module;
the industrial desensitization data detection module comprises an industrial desensitization data reduction sub-module, a sensitive information removal degree detection sub-module, an effectiveness detection sub-module and a distortion detection sub-module;
the industrial desensitization data reduction submodule is used for reducing the industrial desensitization data acquired by the industrial desensitization data acquisition module according to a preset desensitization rule to obtain reduced industrial data;
the sensitive information removing degree detection submodule is used for judging whether the industrial desensitization data contain information in an industrial sensitive data semantic library or not, and if the industrial desensitization data contain the information in the industrial sensitive data semantic library, the sensitive information removing degree detection submodule sends the corresponding industrial desensitization data to the result processing layer; the industrial sensitive data semantic database is used for storing preset sensitive data;
for the numerical data and the image data in the industrial desensitization data, the effectiveness detection submodule is used for respectively obtaining the similarity between each numerical data and each image data and the corresponding restored industrial data, if the similarity is smaller than a first set threshold value, the corresponding numerical data or image data in the industrial desensitization data are invalid, and the corresponding numerical data or image data in the industrial desensitization data are sent to the result handling layer;
for the text-type data in the industrial desensitization data, the validity detection submodule is further used for calculating the information entropy of the text-type data in the industrial desensitization data, and recording the information entropy as a first information entropy, and the information entropy of the text-type data in the industrial desensitization data and the corresponding restored industrial data as a second information entropy, if the second information entropy is larger than the first information entropy and the difference value between the second information entropy and the first information entropy is larger than a second set threshold value, the corresponding text-type data in the industrial desensitization data is invalid, and the corresponding text-type data in the industrial desensitization data is sent to the result disposal layer;
the distortive detection sub-module is used for performing feature extraction on the industrial desensitization data and the restored industrial data in the same mode to respectively obtain first feature data and second feature data, if the first feature data is inconsistent with the second feature data, the industrial desensitization data is distorted, and the distorted industrial desensitization data is sent to the result handling layer.
Optionally, the data collection layer comprises a security log collection module;
the safety log acquisition module is used for acquiring the log information related to industrial desensitization from the safety log records of the system to be detected, and the log information related to industrial desensitization comprises desensitization event logs and desensitization data transmission flow logs.
Optionally, the desensitization detection layer comprises an industrial desensitization secure environment detection module;
the industrial desensitization safety environment detection module comprises a desensitization data transmission abnormal flow detection sub-module and a desensitization configuration unauthorized behavior detection sub-module;
the desensitization data transmission abnormal flow detection submodule is used for detecting whether abnormal flow transmission of desensitization data occurs or not through a machine learning algorithm based on the desensitization data transmission flow log, and if the abnormal flow transmission of the desensitization data occurs, the desensitization data transmission flow log corresponding to the abnormal flow transmission is sent to the result handling layer;
the desensitization configuration unauthorized behavior detection sub-module is used for sending operation behaviors of modifying desensitization configuration parameters, modifying desensitization rules and viewing original industrial data of an unauthorized user to the result handling layer based on a desensitization operation authority white list; the desensitization operation authority white list is used for storing authorized users.
Optionally, the result handling layer comprises a detection logging module;
the detection log recording module stores the detection result output by the desensitization detection layer in a log form, wherein the log comprises detection time, a detection object, a detection index and a detection result, and the detection index comprises the sensitive information removal degree, the effectiveness and the distortion.
Optionally, the result handling layer comprises an anomaly desensitization alarm module;
the abnormal desensitization alarming module is used for alarming the industrial desensitization data with sensitive information, the invalid industrial desensitization data and the distorted industrial desensitization data.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses an industrial data desensitization detection system, which is used for automatically detecting the sensitive information removal degree, effectiveness and distortion of industrial desensitization data and recording a detection result, so that the desensitization detection difficulty is reduced and the desensitization detection efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic diagram of an industrial data desensitization detection system of the present invention;
FIG. 2 is a schematic diagram of a data analysis principle in an industrial data desensitization detection system according to the present invention;
FIG. 3 is a schematic diagram of the data analysis principle of the industrial desensitization data detection module of the present invention;
FIG. 4 is a schematic diagram of the data analysis principle of the industrial desensitization environment security detection module of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide an industrial data desensitization detection system structure, which reduces desensitization detection difficulty and improves desensitization detection efficiency.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic structural diagram of an industrial data desensitization detection system of the present invention, and as shown in fig. 1, the industrial data desensitization detection system includes: a data acquisition layer 101, a desensitization detection layer 102 and a result handling layer 103.
The data collection layer 101 is used to collect industrial desensitization data and security logs related to the industrial desensitization data.
The desensitization detection layer 102 is used for detecting the sensitive information removal degree, effectiveness and distortion of the industrial desensitization data and outputting a detection result; the desensitization detection layer 102 is further configured to detect abnormal traffic transmission of industrial desensitization data based on the security log.
As shown in fig. 2, the desensitization detection layer 102 is used for industrial data desensitization effect detection and evaluation and industrial data desensitization security environment detection and evaluation.
The industrial data desensitization effect detection and evaluation comprises industrial desensitization data restoration, sensitive information removal degree analysis, desensitization effectiveness analysis and desensitization distortion analysis.
The industrial data desensitization safety environment detection and evaluation comprises desensitization data transmission abnormal flow analysis and desensitization configuration unauthorized behavior analysis.
The result handling layer 103 is configured to record the detection result and alarm an abnormal desensitization condition and abnormal flow transmission of industrial desensitization data; the anomalous desensitization conditions include presence of sensitive data in the industrial desensitization data, invalidity of the industrial desensitization data, and distortion of the industrial desensitization data.
The data acquisition layer 101 comprises an industrial desensitization data acquisition module.
The industrial desensitization data acquisition module is used for acquiring industrial desensitization data from a desensitization database of an industrial enterprise, wherein the industrial desensitization data comprises numerical data, text data and image data; the desensitization database is used for storing industrial desensitization data of the system to be detected.
The desensitization database is a relational database, and specifically comprises Oracle, mysql, DB2, sybase and SQL Server.
The desensitization detection layer 102 includes an industrial desensitization data detection module. Data analysis of the industrial desensitization data detection module is shown in fig. 3.
The industrial desensitization data detection module comprises an industrial desensitization data reduction sub-module, a sensitive information removal degree detection sub-module, an effectiveness detection sub-module and a distortion detection sub-module.
And the industrial desensitization data reduction submodule is used for reducing the industrial desensitization data acquired by the industrial desensitization data acquisition module according to a preset desensitization rule to obtain the reduced industrial data. For example, numerical data desensitized based on an encryption algorithm can be subjected to data recovery through a corresponding key; the sensitive data-based desensitized text data in modes of deletion or special character replacement and the like can obtain original data by searching a data cache library; the image type data desensitized based on the mode of an auto-encoder and the like can be restored by inputting the desensitized data into a corresponding decoder module.
The sensitive information removing degree detection submodule is used for judging whether the industrial desensitization data contains information in an industrial sensitive data semantic library or not, and if the industrial desensitization data contains the information in the industrial sensitive data semantic library, sending the corresponding industrial desensitization data to the result processing layer 103; the industrial sensitive data semantic library is used for storing preset sensitive data. Namely, the sensitive information removal degree detection submodule is used for measuring whether the industrial desensitization data still contains sensitive information, and sending the industrial desensitization data still containing sensitive information to the result handling layer 103. The industrial sensitive data semantic library defines specific characteristics of industrial sensitive data, and the specific characteristics of the industrial sensitive data are extracted through the target industrial desensitization data and matched with characteristic values of the industrial sensitive data semantic library, so that whether the industrial desensitization data still contain unremoved sensitive data is detected.
And the effectiveness detection submodule is used for measuring whether the industrial desensitization data is easy to restore to the original data or not, and if the desensitization effectiveness is strong, the industrial desensitization data is difficult to restore. And uploading the industrial desensitization data with weak desensitization effectiveness to an industrial data desensitization detection recording and alarming module (result handling layer).
For the numerical data and the image data in the industrial desensitization data, the validity detection submodule is configured to obtain similarities between each numerical data and each image data and the corresponding restored industrial data, if the similarities are smaller than a first set threshold, the corresponding numerical data or image data in the industrial desensitization data is invalid, and send the corresponding numerical data or image data in the industrial desensitization data to the result handling layer 103. And determining the similarity of numerical data or image data in the industrial desensitization data and corresponding original industrial data (restored industrial data) by adopting correlation analysis algorithms such as typical correlation analysis and cosine similarity.
For the text-type data in the industrial desensitization data, the validity detection submodule is further configured to calculate an information entropy of the text-type data in the industrial desensitization data, and record the information entropy as a first information entropy, and an information entropy of the text-type data in the industrial desensitization data and the corresponding restored industrial data as a second information entropy, if the second information entropy is greater than the first information entropy and a difference between the second information entropy and the first information entropy is greater than a second set threshold, the corresponding text-type data in the industrial desensitization data is invalid, and the corresponding text-type data in the industrial desensitization data is sent to the result handling layer 103.
For example, if text-type data uses equal amount of "+" instead of sensitive characters, the information entropy of desensitized data is low, and simultaneously desensitized data is difficult to restore to original data; if characters are selected to replace sensitive data based on a fixed offset value, the information entropy of the characters does not change significantly, and desensitized data is easy to restore to original data. Therefore, if the information entropy of the data before desensitization is higher than that of the data after desensitization, and the difference between the two is greater than the second set threshold, it can be considered that the desensitization effectiveness of the industrial desensitization data is stronger.
And the distortional detection sub-module is used for measuring whether the characteristics of the original data are retained in the industrial desensitization data. For industrial desensitization data which needs to be subjected to subsequent practical application or data analysis tasks, desensitization distortion of the industrial desensitization data needs to be analyzed. And performing feature extraction in the same mode on the original industrial data and desensitization data thereof according to features required in practical application of the original industrial data and the desensitization data thereof, and performing statistical analysis on the extracted features to further judge the distortibility of the desensitization data. The extracted features include mean, variance, frequency domain information, and information entropy.
For example, in an industrial fault diagnosis task, fault diagnosis of equipment may require critical industrial data such as vibration signals and temperature signals, which reflect performance parameters, operating states, and the like of the equipment, and therefore, desensitization is required. Since these industrial desensitization data are needed for fault diagnosis, the desensitization distortion thereof needs to be judged. In this example, the characteristics of the mean value, the variance, the frequency domain information, the information entropy and the like of the original industrial data and the industrial desensitization data which have significant guiding significance in the fault diagnosis task can be extracted, and whether the characteristics of the original data and the desensitization data are consistent or not can be analyzed.
The distortive detection sub-module is configured to perform feature extraction on the industrial desensitization data and the restored industrial data in the same manner, obtain first feature data and second feature data respectively, distort the industrial desensitization data if the first feature data and the second feature data are not consistent, and send the distorted industrial desensitization data to the result handling layer 103.
The data collection layer 101 includes a secure log collection module.
The safety log acquisition module is used for acquiring the log information related to industrial desensitization from the safety log records of the system to be detected, and the log information related to industrial desensitization comprises desensitization event logs and desensitization data transmission flow logs.
The desensitization detection layer 102 includes an industrial desensitization security environment detection module. Data analysis of the industrial desensitization security environment detection module is shown in fig. 4.
The industrial desensitization safety environment detection module comprises a desensitization data transmission abnormal flow detection submodule and a desensitization configuration unauthorized behavior detection submodule.
The desensitization data transmission abnormal flow detection submodule is used for detecting whether abnormal flow transmission of desensitization data occurs or not through a machine learning algorithm based on the desensitization data transmission flow log, and if the abnormal flow transmission of the desensitization data occurs, the desensitization data transmission flow log corresponding to the abnormal flow transmission is sent to the result handling layer 103. Desensitization data tampering behavior brought by network attacks that may occur is prevented.
The desensitization configuration unauthorized behavior detection sub-module is used for sending operation behaviors of modifying desensitization configuration parameters, modifying desensitization rules and viewing original industrial data of an unauthorized user to the result handling layer 103 based on a desensitization operation authority white list; the desensitization operation authority white list is used for storing authorized users.
The result handling layer 103 includes a detection logging module.
The detection log recording module stores the detection result output by the desensitization detection layer 102 in a log form, wherein the log comprises detection time, a detection object, a detection index and a detection result, and the detection index comprises the sensitive information removal degree, the effectiveness and the distortion.
The result handling layer 103 includes an anomaly desensitization alarm module.
The abnormal desensitization alarming module is used for alarming desensitization data with problems and an abnormal safety environment, the desensitization data with problems comprises the industrial desensitization data with sensitive information, invalid industrial desensitization data and distorted industrial desensitization data, and the abnormal safety environment comprises abnormal flow transmission of desensitization data, desensitization configuration parameter modification of unauthorized users, desensitization rule modification and operation behavior for viewing original industrial data.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other
The principles and embodiments of the present invention have been described herein using specific examples, which are presented only to assist in understanding the system and its core concepts of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (8)

1. An industrial data desensitization detection system, comprising: the device comprises a data acquisition layer, a desensitization detection layer and a result treatment layer;
the data acquisition layer is used for acquiring industrial desensitization data and a safety log related to the industrial desensitization data;
the desensitization detection layer is used for detecting the removal degree, effectiveness and distortion of sensitive information of the industrial desensitization data and outputting a detection result; the desensitization detection layer is also used for detecting abnormal flow transmission of industrial desensitization data based on the safety log;
the result processing layer is used for recording the detection result and giving an alarm for abnormal desensitization conditions and abnormal flow transmission of industrial desensitization data; the anomalous desensitization conditions include presence of sensitive data in the industrial desensitization data, invalidity of the industrial desensitization data, and distortion of the industrial desensitization data.
2. The industrial data desensitization detection system of claim 1, wherein said data acquisition layer comprises industrial desensitization data acquisition modules;
the industrial desensitization data acquisition module is used for acquiring industrial desensitization data from a desensitization database, wherein the industrial desensitization data comprises numerical data, text data and image data; the desensitization database is used for storing industrial desensitization data of the system to be detected.
3. The industrial data desensitization detection system of claim 2, wherein said desensitization database is Oracle, mysql, DB2, sybase, or SQL Server.
4. The industrial data desensitization detection system of claim 2, wherein said desensitization detection layer comprises industrial desensitization data detection modules;
the industrial desensitization data detection module comprises an industrial desensitization data reduction sub-module, a sensitive information removing degree detection sub-module, an effectiveness detection sub-module and a distortion detection sub-module;
the industrial desensitization data reduction submodule is used for reducing the industrial desensitization data acquired by the industrial desensitization data acquisition module according to a preset desensitization rule to obtain reduced industrial data;
the sensitive information removing degree detection submodule is used for judging whether the industrial desensitization data contain information in an industrial sensitive data semantic library or not, and if the industrial desensitization data contain the information in the industrial sensitive data semantic library, the sensitive information removing degree detection submodule sends the corresponding industrial desensitization data to the result processing layer; the industrial sensitive data semantic library is used for storing preset sensitive data;
for the numerical data and the image data in the industrial desensitization data, the validity detection submodule is configured to obtain similarities between the numerical data and the image data and the corresponding restored industrial data, respectively, and if the similarities are smaller than a first set threshold, the numerical data or the image data in the corresponding industrial desensitization data are invalid, and send the numerical data or the image data in the corresponding industrial desensitization data to the result handling layer;
for the text-type data in the industrial desensitization data, the validity detection submodule is further used for calculating the information entropy of the text-type data in the industrial desensitization data, and recording the information entropy as a first information entropy, and the information entropy of the text-type data in the industrial desensitization data and the corresponding restored industrial data as a second information entropy, if the second information entropy is larger than the first information entropy and the difference value between the second information entropy and the first information entropy is larger than a second set threshold value, the corresponding text-type data in the industrial desensitization data is invalid, and the corresponding text-type data in the industrial desensitization data is sent to the result disposal layer;
the distortive detection sub-module is used for performing feature extraction on the industrial desensitization data and the restored industrial data in the same mode to respectively obtain first feature data and second feature data, if the first feature data is inconsistent with the second feature data, the industrial desensitization data is distorted, and the distorted industrial desensitization data is sent to the result handling layer.
5. The industrial data desensitization detection system of claim 1, wherein said data acquisition layer comprises a security log acquisition module;
the safety log acquisition module is used for acquiring the log information related to industrial desensitization from the safety log records of the system to be detected, and the log information related to industrial desensitization comprises desensitization event logs and desensitization data transmission flow logs.
6. The industrial data desensitization detection system according to claim 1, wherein the desensitization detection layer comprises an industrial desensitization secure environment detection module;
the industrial desensitization safety environment detection module comprises a desensitization data transmission abnormal flow detection sub-module and a desensitization configuration unauthorized behavior detection sub-module;
the desensitization data transmission abnormal flow detection submodule is used for detecting whether abnormal flow transmission of desensitization data occurs or not through a machine learning algorithm based on the desensitization data transmission flow log, and if the abnormal flow transmission of the desensitization data occurs, the desensitization data transmission flow log corresponding to the abnormal flow transmission is sent to the result handling layer;
the desensitization configuration unauthorized behavior detection sub-module is used for sending operation behaviors of modifying desensitization configuration parameters, modifying desensitization rules and viewing original industrial data of an unauthorized user to the result handling layer based on a desensitization operation authority white list; the desensitization operation authority white list is used for storing authorized users.
7. The industrial data desensitization detection system according to claim 1, wherein said result handling layer includes a detection logging module;
the detection log recording module stores the detection result output by the desensitization detection layer in a log form, wherein the log comprises detection time, a detection object, a detection index and a detection result, and the detection index comprises the sensitive information removal degree, the effectiveness and the distortion.
8. The industrial data desensitization detection system according to claim 1, wherein said result handling layer includes an anomaly desensitization alarm module; the abnormal desensitization alarming module is used for alarming the industrial desensitization data with sensitive information, the invalid industrial desensitization data and the distorted industrial desensitization data.
CN202211387856.XA 2022-11-08 2022-11-08 Industrial data desensitization detecting system Active CN115604019B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211387856.XA CN115604019B (en) 2022-11-08 2022-11-08 Industrial data desensitization detecting system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211387856.XA CN115604019B (en) 2022-11-08 2022-11-08 Industrial data desensitization detecting system

Publications (2)

Publication Number Publication Date
CN115604019A true CN115604019A (en) 2023-01-13
CN115604019B CN115604019B (en) 2023-03-21

Family

ID=84852783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211387856.XA Active CN115604019B (en) 2022-11-08 2022-11-08 Industrial data desensitization detecting system

Country Status (1)

Country Link
CN (1) CN115604019B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090132419A1 (en) * 2007-11-15 2009-05-21 Garland Grammer Obfuscating sensitive data while preserving data usability
CN105653981A (en) * 2015-12-31 2016-06-08 中国电子科技网络信息安全有限公司 Sensitive data protection system and method of data circulation and transaction of big data platform
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
CN106599713A (en) * 2016-11-11 2017-04-26 中国电子科技网络信息安全有限公司 Database masking system and method based on big data
CN108073821A (en) * 2016-11-09 2018-05-25 中国移动通信有限公司研究院 Data safety processing method and device
CN113098892A (en) * 2021-04-19 2021-07-09 恒安嘉新(北京)科技股份公司 Data leakage prevention system and method based on industrial Internet

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090132419A1 (en) * 2007-11-15 2009-05-21 Garland Grammer Obfuscating sensitive data while preserving data usability
CN105653981A (en) * 2015-12-31 2016-06-08 中国电子科技网络信息安全有限公司 Sensitive data protection system and method of data circulation and transaction of big data platform
CN106529329A (en) * 2016-10-11 2017-03-22 中国电子科技网络信息安全有限公司 Desensitization system and desensitization method used for big data
CN108073821A (en) * 2016-11-09 2018-05-25 中国移动通信有限公司研究院 Data safety processing method and device
CN106599713A (en) * 2016-11-11 2017-04-26 中国电子科技网络信息安全有限公司 Database masking system and method based on big data
CN113098892A (en) * 2021-04-19 2021-07-09 恒安嘉新(北京)科技股份公司 Data leakage prevention system and method based on industrial Internet

Also Published As

Publication number Publication date
CN115604019B (en) 2023-03-21

Similar Documents

Publication Publication Date Title
CN113676464B (en) Network security log alarm processing method based on big data analysis technology
US8707431B2 (en) Insider threat detection
CN112560027A (en) Data safety monitoring system
US11436358B2 (en) Data based web application firewall
CN111159706A (en) Database security detection method, device, equipment and storage medium
Sindhu et al. Digital forensics and cyber crime datamining
Peisert et al. Computer forensics in forensis
CN110933115B (en) Analysis object behavior abnormity detection method and device based on dynamic session
Rochmadi et al. Live forensics for anti-forensics analysis on private portable web browser
CN108337269A (en) A kind of WebShell detection methods
CN114003903B (en) Network attack tracing method and device
CN114915479A (en) Web attack phase analysis method and system based on Web log
CN116226894B (en) Data security treatment system and method based on meta bin
Prasanthi et al. Cyber forensic science to diagnose digital crimes-a study
CN115604019B (en) Industrial data desensitization detecting system
CN113904838A (en) Sensor data detection method and device, electronic equipment and storage medium
Van Staden Protecting third party privacy in digital forensic investigations
CN115361182A (en) Botnet behavior analysis method and device, electronic equipment and medium
CN112788107A (en) Method and system for secure multi-party computing and data sharing
Du et al. A Multi-source Alarm Information Fusion Processing Method for Network Attack Situation
Brighi et al. Legal Issues in AI forensics: understanding the importance of humanware
CN117376030B (en) Flow anomaly detection method, device, computer equipment and readable storage medium
Janloy et al. The Comparison of Web History Forensic Tools with ISO and NIST Standards
Raffaella et al. Legal Issues in AI Forensics: Understanding the Importance of Humanware
Kuhaneswaran et al. Twitter as a Lens for Crime Analysis: A Comprehensive 4W Model for Identifying Crime Patterns and Insights

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant