CN116506217B - Analysis method, system, storage medium and terminal for security risk of service data stream - Google Patents
Analysis method, system, storage medium and terminal for security risk of service data stream Download PDFInfo
- Publication number
- CN116506217B CN116506217B CN202310732624.1A CN202310732624A CN116506217B CN 116506217 B CN116506217 B CN 116506217B CN 202310732624 A CN202310732624 A CN 202310732624A CN 116506217 B CN116506217 B CN 116506217B
- Authority
- CN
- China
- Prior art keywords
- risk
- target
- data
- sensitive data
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 56
- 238000000034 method Methods 0.000 claims abstract description 42
- 238000004445 quantitative analysis Methods 0.000 claims abstract description 32
- 238000011158 quantitative evaluation Methods 0.000 claims abstract description 22
- 238000012544 monitoring process Methods 0.000 claims abstract description 15
- 238000012216 screening Methods 0.000 claims abstract description 15
- 238000013475 authorization Methods 0.000 claims description 57
- 238000012502 risk assessment Methods 0.000 claims description 47
- 230000006870 function Effects 0.000 claims description 40
- 238000004364 calculation method Methods 0.000 claims description 21
- 239000011159 matrix material Substances 0.000 claims description 16
- 238000013507 mapping Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000013210 evaluation model Methods 0.000 claims description 4
- 238000010606 normalization Methods 0.000 claims description 4
- 238000011002 quantification Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 238000012106 screening analysis Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a method, a system, a storage medium and a terminal for analyzing security risk of service data flow, wherein the method comprises the following steps: monitoring and extracting service data streams existing in network traffic transmitted by an enterprise to be managed and controlled; analyzing and screening sensitive data existing in the service data stream; classifying and classifying the sensitive data to obtain sensitive data of each class of each stage; according to a pre-established multidimensional data risk quantitative evaluation model, carrying out multidimensional quantitative analysis on sensitive data to obtain an analysis result; and controlling and tracing the sensitive data with the safety risk according to the analysis result. The application carries out multidimensional quantitative analysis on the sensitive data through the multidimensional data risk quantitative evaluation model, the multidimensional quantitative analysis can give initiative to safety protection to the platform so as to supervise the business data flow in real time, and simultaneously control and trace the sensitive data with safety risk, thereby timely protecting the safety of the business data and improving the data safety of the system platform.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, a system, a storage medium, and a terminal for analyzing security risk of a service data flow.
Background
With the popularization of computers and networks, information security is becoming a concern, and for a company, if data of the company is leaked and client data is leaked, the company and clients are greatly affected, for example, client data of domestic medical companies is frequently leaked, so that the reputation of a hospital is greatly affected.
In the related technology, the existing user terminal data security protection focuses on protecting important materials on a user computer, and transparent encryption and decryption technologies are adopted to realize the security of folders or files of specified types and prevent illegal access and disclosure. The initiative of the security protection technology is completely controlled by the user, is completely separated from a service system, and cannot achieve the purpose of protecting the security of service data, so that the data security of a system platform is reduced.
Disclosure of Invention
The embodiment of the application provides a method, a system, a storage medium and a terminal for analyzing security risk of a service data stream. The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview and is intended to neither identify key/critical elements nor delineate the scope of such embodiments. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
In a first aspect, an embodiment of the present application provides a method for analyzing security risk of a service data flow, where the method includes:
monitoring and extracting service data streams existing in network traffic transmitted by an enterprise to be managed and controlled in real time;
analyzing and screening sensitive data existing in the service data stream;
classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
according to a pre-established multidimensional data risk quantitative evaluation model, carrying out multidimensional quantitative analysis on target sensitive data to obtain an analysis result;
judging whether the target sensitive data has safety risks or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
Optionally, the pre-established multidimensional data risk quantification evaluation model comprises a service circulation tracking module, a data importance level calculation module, an interface security detection module and a user validity determination module;
according to a pre-established multidimensional data risk quantitative evaluation model, carrying out multidimensional quantitative analysis on target sensitive data to obtain an analysis result, wherein the method comprises the following steps of:
the business circulation tracking module determines a target object to which the target sensitive data flows, and generates a first dimension risk value according to the risk type of the target object;
The data importance level calculation module acquires the target level and the target category of the target sensitive data, analyzes the target importance level corresponding to the target sensitive data according to the target level and the target category, and determines a second dimension risk value corresponding to the target importance level in a mapping relation between the pre-generated importance level and the risk value;
the interface security detection module determines operation interface information corresponding to the target sensitive data, analyzes the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface contained in the operation interface information, obtains an API asset list, and generates a third-dimensional risk value according to the API asset list;
when receiving an operation request, the user validity determining module acquires a terminal certificate, a source address and an operation time corresponding to the operation request, and generates a fourth-dimension risk value according to the terminal certificate, the source address and the operation time;
weighting and summing the first dimension risk value, the second dimension risk value, the third dimension risk value and the fourth dimension risk value to obtain a comprehensive risk value corresponding to the target sensitive data;
and taking the comprehensive risk value as an analysis result.
Optionally, determining the target object to which the target sensitive data flows, and generating the first dimension risk value according to the risk type of the target object includes:
grabbing a flow direction identifier of the target sensitive data;
extracting terminal keywords carried by the flow direction identifier and used for flowing to the target terminal, and taking the terminal keywords as target objects;
inquiring a plurality of risk types of the target object in a risk type table, and acquiring a risk factor of each risk type;
calculating a first dimension risk value according to the acquired risk factors of each risk type; wherein,
the first dimension risk value calculation formula is:
; wherein ,/>For the first dimension risk value, +.>For a number of risk types,for each risk type risk factor +.>Is a dynamic variable determined according to the historical occurrence times of the risk types.
Optionally, analyzing the target importance level corresponding to the target sensitive data according to the target grade and the target category includes:
determining a target sensitive score interval to which a target grade belongs according to a mapping relation between the pre-established grade and the sensitive score interval, and taking the intermediate value of the target sensitive score interval as a first score value;
Matching a service attribute set related to a target category; wherein the service attribute set at least comprises bandwidth requirements, reliability, response time and task level;
determining a plurality of attribute values of each service attribute in the service attribute set;
establishing a sensitive attribute decision matrix according to a plurality of attribute values of each service attribute; the sensitive attribute decision matrix represents a plurality of attribute values of N different service attributes under M preset decisions;
performing product operation on the sensitive attribute decision matrix and a preset weight matrix to obtain a second score;
and calculating the average value of the first score value and the second score value to obtain the target importance degree corresponding to the target sensitive data.
Optionally, generating a third dimension risk value according to the API asset inventory includes:
establishing a risk assessment model for determining a risk assessment value corresponding to the API asset inventory;
fitting equation coefficients of a risk assessment model according to historical supervision parameters calibrated for pre-collected business data streams;
according to equation coefficients of the risk assessment model, respectively determining risk assessment values corresponding to the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface;
The calculation formula of the third dimension risk value is as follows:
; wherein ,/>For the second dimension risk value,/>Risk assessment value for the name of the interface, +.>Risk assessment value for a source unit, +.>Risk assessment value for use scene, +.>Risk assessment value for service type, +.>Risk assessment value for protocol type, +.>Risk assessment value for request mode, +.>For risk assessment value of interface rights, +.>、/>、/>、/>、/>、/>、Is a weight parameter set in advance, and +.>、/>、/>、/>、/>、/>、/>Between the intervals (0, 1) and +.>、/>、/>、/>、/>、/>、/>The sum of the weights of (2) is 1.
Optionally, generating the fourth dimension risk value according to the terminal certificate, the source address and the operation time includes:
determining whether the current authorization range corresponding to the operation request is consistent with the actual authorization range according to the terminal certificate, and generating a first judgment result;
identifying whether the source address is legal or not according to a preset risk address library, and generating a second judgment result;
determining whether the operation request is within a preset legal operation period according to the operation time, and generating a third judgment result;
counting the operation times of the operation request in real time, judging whether the operation times are larger than a preset threshold value, and generating a fourth judgment result;
performing assignment according to the first judgment result, the second judgment result, the third judgment result and the result identifier of the fourth judgment result to obtain 4 judgment values;
And carrying out normalization calculation according to the 4 judgment values to obtain a fourth-dimension risk value.
Optionally, determining whether the current authorization range corresponding to the operation request is consistent with the actual authorization range according to the terminal certificate includes:
scanning an authorized operation function identifier in the terminal certificate;
determining a function set to be analyzed corresponding to the operation request according to the authorized operation function identifier;
obtaining function configuration of each function in a function set to be analyzed so as to obtain delegated function names;
calling an API interface of a preset identity authentication service platform according to the delegated function name to obtain operation authority information;
analyzing according to the operation authority information to obtain the current authorization range corresponding to the operation request;
inquiring an actual authorization policy corresponding to the source address in a preset authorization policy library, and determining an actual authorization range corresponding to the operation request based on the actual authorization policy;
and determining an intersection of the current authorization range and the actual authorization range, and determining that the current authorization range is consistent with the actual authorization range when the intersection range is larger than the preset authorization range.
In a second aspect, an embodiment of the present application provides a system for analyzing security risk of a service data flow, where the system includes:
The business data flow monitoring module is used for monitoring and extracting business data flows existing in network flow transmitted by an enterprise to be managed and controlled in real time;
the sensitive data screening analysis module is used for analyzing and screening sensitive data existing in the service data stream;
the sensitive data classification module is used for classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
the multidimensional quantitative analysis module is used for carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result;
the traceability control module is used for judging whether the security risk exists in the target sensitive data according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
In a third aspect, embodiments of the present application provide a computer storage medium having stored thereon a plurality of instructions adapted to be loaded by a processor and to perform the above-described method steps.
In a fourth aspect, an embodiment of the present application provides a terminal, which may include: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method steps described above.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the embodiment of the application, an analysis system of the security risk of the business data flow monitors and extracts the business data flow existing in the network flow transmitted by an enterprise to be managed and controlled in real time; then analyzing and screening sensitive data existing in the service data stream; secondly, classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage; then carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result; finally, judging whether the target sensitive data has safety risk or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk. The application carries out multidimensional quantitative analysis on the sensitive data through the multidimensional data risk quantitative evaluation model, the multidimensional quantitative analysis can give initiative to safety protection to the platform so as to supervise the business data flow in real time, and simultaneously control and trace the sensitive data with safety risk, thereby timely protecting the safety of the business data and improving the data safety of the system platform.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a flow chart of a method for analyzing security risk of a service data flow according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a system deployment scenario provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of another system deployment scenario provided by an embodiment of the present application;
FIG. 4 is a schematic block diagram of a multi-dimensional quantitative analysis process according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an analysis system for security risk of a service data flow according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
The following description and the drawings sufficiently illustrate specific embodiments of the application to enable those skilled in the art to practice them.
It should be understood that the described embodiments are merely some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of systems and methods that are consistent with aspects of the application as detailed in the accompanying claims.
In the description of the present application, it should be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art. Furthermore, in the description of the present application, unless otherwise indicated, "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The application provides a method, a system, a storage medium and a terminal for analyzing security risk of service data flow, which are used for solving the problems existing in the related technical problems. In the technical scheme provided by the application, the multidimensional quantitative analysis of the sensitive data can give initiative of safety protection to the platform through the multidimensional quantitative evaluation model of the risk of the sensitive data so as to supervise the business data flow in real time, control and trace the sensitive data with safety risk, timely protect the safety of the business data and improve the data safety of the system platform, and the following detailed description is given by adopting an exemplary embodiment.
The method for analyzing the security risk of the service data flow according to the embodiment of the present application will be described in detail with reference to fig. 1 to fig. 4. The method can be implemented by means of a computer program and can be run on an analysis system of the security risk of the service data flow based on the von neumann system. The computer program may be integrated in the application or may run as a stand-alone tool class application.
Referring to fig. 1, a flow chart of a method for analyzing security risk of a service data flow is provided in an embodiment of the present application. As shown in fig. 1, the method according to the embodiment of the present application may include the following steps:
s101, monitoring and extracting service data streams existing in network traffic transmitted by an enterprise to be managed and controlled in real time;
the enterprise to be managed and controlled is a target object for analyzing the security risk of the business data stream. For example, as shown in fig. 2, an analysis system for security risk of a service data stream can be deployed to a server of an enterprise to be managed and controlled for operation before security monitoring; or as shown in fig. 3, the analysis system of the security risk of the service data flow is accessed into each platform system of the enterprise to be managed in a third party mode, and the determination can be specifically performed based on the actual situation. The transmitted network traffic is the data flow generated by each platform system of the enterprise to be managed. The service data flow is dynamic data generated by triggering corresponding service functions in each platform system of the enterprise to be managed and controlled by a user.
In a possible implementation manner, each system platform of an enterprise to be managed and controlled is firstly accessed into an analysis system of the security risk of the service data stream in a third party mode, so that the analysis system of the security risk of the service data stream carries out real-time security monitoring on each system platform of the enterprise to be managed and controlled, when monitoring that a certain system platform of the enterprise to be managed and controlled generates network traffic through a monitor in the analysis process of the security risk of the service data stream, the network traffic is analyzed through a traffic probe to determine whether the traffic is the service data stream generated after a user triggers a relevant service function of a certain system platform, and if so, the service data stream existing in the network traffic is extracted.
S102, analyzing and screening sensitive data existing in a service data stream;
in one possible implementation manner, when analyzing and screening sensitive data existing in a service data stream, firstly, obtaining data fields of each service data in the service data stream one by one, then determining whether the data fields of each service data are sensitive fields according to a pre-configured sensitive field rule table, and extracting the service data of the sensitive fields to obtain final sensitive data.
In another possible implementation manner, when analyzing and screening sensitive data existing in the service data stream, a sliding window algorithm may be firstly adopted to establish a sliding window, then a preconfigured sensitive field rule table is configured on the established sliding window to obtain a target sliding window, and then the data stream is sequentially input into the target sliding window according to the time sequence so as to mark the service data belonging to the sensitive field, and after all the data streams are input into the target sliding window, final sensitive data is output.
S103, classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
in the embodiment of the application, when classifying and classifying sensitive data to obtain target sensitive data of each class, acquiring a preset data classification rule table, classifying the sensitive data according to a data storage format and a data structure in the data classification rule table to obtain data types of the sensitive data, wherein the data types can be structured data, unstructured data and structured and unstructured combined data; or, acquiring a pre-established data dictionary, performing word segmentation processing on the sensitive data through the data dictionary to obtain a plurality of words, performing encoding processing on each word segment by adopting a one-hot encoding mode to obtain vector representation of each word segment, calculating a word segment class value of each word segment according to the vector representation of each word segment, finally matching a class corresponding to the word segment class value of each word segment in a preset class-class value mapping table, and determining the class with the largest class matching frequency as the data class to which the sensitive data belongs.
Further, according to the pre-established mapping relation between the data category and the data level, determining the data level corresponding to the data category to which the sensitive data belongs, and associating the sensitive data with the data category corresponding to the sensitive data and the data level thereof to obtain the target sensitive data of each category.
S104, carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result;
the pre-established multidimensional data risk quantification evaluation model comprises a service flow tracking module, a data importance level calculation module, an interface safety detection module and a user validity determination module.
In the embodiment of the application, when multi-dimensional quantitative analysis is performed on target sensitive data according to a pre-established multi-dimensional data risk quantitative evaluation model to obtain an analysis result, for example, as shown in fig. 4, a service flow tracking module determines a target object to which the target sensitive data flows, and generates a first-dimension risk value according to a risk type of the target object; the data importance level calculation module acquires the target level and the target category of the target sensitive data, analyzes the target importance level corresponding to the target sensitive data according to the target level and the target category, and determines a second dimension risk value corresponding to the target importance level in a mapping relation between the pre-generated importance level and the risk value; the interface security detection module determines operation interface information corresponding to the target sensitive data, analyzes the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface contained in the operation interface information, obtains an API asset list, and generates a third-dimensional risk value according to the API asset list; when receiving an operation request, the user validity determining module acquires a terminal certificate, a source address and an operation time corresponding to the operation request, and generates a fourth-dimension risk value according to the terminal certificate, the source address and the operation time; weighting and summing the first dimension risk value, the second dimension risk value, the third dimension risk value and the fourth dimension risk value to obtain a comprehensive risk value corresponding to the target sensitive data; and taking the comprehensive risk value as an analysis result.
Specifically, when determining a target object to which target sensitive data flows and generating a first dimension risk value according to the risk type of the target object, firstly grabbing a flow direction identifier of the target sensitive data; then extracting terminal keywords carried by the flow direction identifier and used for flowing to the target terminal, and taking the terminal keywords as target objects; inquiring a plurality of risk types of the target object in a risk type table, and acquiring a risk factor of each risk type; finally, calculating a first dimension risk value according to the acquired risk factors of each risk type; the first dimension risk value calculation formula is as follows:; wherein ,/>For the first dimension risk value, +.>For a number of risk types,for each risk type risk factor +.>Is a dynamic variable determined according to the historical occurrence times of the risk types.
Specifically, when analyzing the target importance degree corresponding to the target sensitive data according to the target grade and the target category, firstly determining a target sensitive score interval to which the target grade belongs according to a mapping relation between the pre-established grade and the sensitive score interval, and taking the intermediate value of the target sensitive score interval as a first score value; matching the service attribute set related to the target category; wherein the service attribute set at least comprises bandwidth requirements, reliability, response time and task level; then determining a plurality of attribute values of each service attribute in the service attribute set; then, according to a plurality of attribute values of each service attribute, a sensitive attribute decision matrix is established; the sensitive attribute decision matrix represents a plurality of attribute values of N different service attributes under M preset decisions; secondly, carrying out product operation on the sensitive attribute decision matrix and a preset weight matrix to obtain a second score value; and finally, calculating the average value of the first score value and the second score value to obtain the target importance degree corresponding to the target sensitive data.
Specifically, when a third-dimensional risk value is generated according to the API asset list, a risk assessment model for determining a risk assessment value corresponding to the API asset list is firstly established; then fitting equation coefficients of a risk assessment model according to historical supervision parameters calibrated for the pre-collected business data streams; finally, according to equation coefficients of the risk assessment model, respectively determining risk assessment values corresponding to the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface; the calculation formula of the third dimension risk value is as follows:
;
wherein ,for the second dimension risk value,/>Risk assessment value for the name of the interface, +.>Risk assessment value for a source unit, +.>Risk assessment value for use scene, +.>Risk assessment value for service type, +.>Risk assessment value for protocol type, +.>Risk assessment value for request mode, +.>For risk assessment value of interface rights, +.>、、/>、/>、/>、/>、/>Is a weight parameter set in advance, and +.>、/>、/>、/>、/>、/>、/>Between the intervals (0, 1) and +.>、/>、/>、、/>、/>、/>The sum of the weights of (2) is 1.
Specifically, when a fourth dimension risk value is generated according to a terminal certificate, a source address and an operation time, firstly determining whether a current authorization range corresponding to an operation request is consistent with an actual authorization range according to the terminal certificate, and generating a first judgment result; identifying whether the source address is legal or not according to a preset risk address library, and generating a second judgment result; then determining whether the operation request is within a preset legal operation period according to the operation time, and generating a third judgment result; counting the operation times of the operation request in real time, judging whether the operation times are larger than a preset threshold value, and generating a fourth judgment result; secondly, assigning values according to the result identifiers of the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to obtain 4 judgment values; and finally, carrying out normalization calculation according to the 4 judgment values to obtain a fourth-dimension risk value.
Specifically, when determining whether the current authorization range corresponding to the operation request is consistent with the actual authorization range according to the terminal certificate, firstly scanning an authorization operation function identifier in the terminal certificate; determining a function set to be analyzed corresponding to the operation request according to the authorized operation function identifier; then, obtaining the function configuration of each function in the function set to be analyzed so as to obtain the entrusted function name; secondly, calling an API interface of a preset identity authentication service platform according to the entrusted function name to obtain operation authority information; then analyzing according to the operation authority information to obtain the current authorization range corresponding to the operation request; inquiring an actual authorization policy corresponding to the source address in a preset authorization policy library, and determining an actual authorization range corresponding to the operation request based on the actual authorization policy; and finally, determining an intersection of the current authorization range and the actual authorization range, and determining that the current authorization range is consistent with the actual authorization range when the intersection range is larger than the preset authorization range.
S105, judging whether the target sensitive data has safety risks or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
In the embodiment of the application, when the analysis result is in the preset security risk interval, determining that the security risk does not exist in the target sensitive data; or when the analysis result is larger than the upper limit value of the preset safety risk interval, determining that the safety risk exists in the target sensitive data.
Further, when the security risk exists in the target sensitive data, the control and the tracing are carried out on the target sensitive data with the security risk.
In the embodiment of the application, an analysis system of the security risk of the business data flow monitors and extracts the business data flow existing in the network flow transmitted by an enterprise to be managed and controlled in real time; then analyzing and screening sensitive data existing in the service data stream; secondly, classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage; then carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result; finally, judging whether the target sensitive data has safety risk or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk. The application carries out multidimensional quantitative analysis on the sensitive data through the multidimensional data risk quantitative evaluation model, the multidimensional quantitative analysis can give initiative to safety protection to the platform so as to supervise the business data flow in real time, and simultaneously control and trace the sensitive data with safety risk, thereby timely protecting the safety of the business data and improving the data safety of the system platform.
The following are system embodiments of the present invention that may be used to perform method embodiments of the present invention. For details not disclosed in the system embodiments of the present invention, please refer to the method embodiments of the present invention.
Referring to fig. 5, a schematic structural diagram of an analysis system for security risk of a service data flow according to an exemplary embodiment of the present invention is shown. The analysis system of the security risk of the service data flow can be realized into all or a part of the terminal through software, hardware or a combination of the software and the hardware. The system 1 comprises a business data flow monitoring module 10, a sensitive data screening and analyzing module 20, a sensitive data grading and classifying module 30, a multi-dimensional quantitative analyzing module 40 and a tracing control module 50.
The service data flow monitoring module 10 is used for monitoring and extracting service data flows existing in network flows transmitted by enterprises to be managed and controlled in real time;
the sensitive data screening analysis module 20 is used for analyzing and screening sensitive data existing in the service data stream;
the sensitive data classification module 30 is configured to classify and classify sensitive data to obtain target sensitive data of each class of each stage;
the multidimensional quantitative analysis module 40 is used for carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result;
The traceability control module 50 is configured to determine whether the security risk exists in the target sensitive data according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
It should be noted that, when the analysis system for the security risk of the service data flow provided in the foregoing embodiment performs the analysis method for the security risk of the service data flow, only the division of the foregoing functional modules is used for illustration, in practical application, the foregoing functional allocation may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the system for analyzing the security risk of the service data flow provided in the foregoing embodiment and the method embodiment for analyzing the security risk of the service data flow belong to the same concept, which embody the detailed implementation process in the method embodiment and are not described herein again.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the embodiment of the application, an analysis system of the security risk of the business data flow monitors and extracts the business data flow existing in the network flow transmitted by an enterprise to be managed and controlled in real time; then analyzing and screening sensitive data existing in the service data stream; secondly, classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage; then carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result; finally, judging whether the target sensitive data has safety risk or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk. The application carries out multidimensional quantitative analysis on the sensitive data through the multidimensional data risk quantitative evaluation model, the multidimensional quantitative analysis can give initiative to safety protection to the platform so as to supervise the business data flow in real time, and simultaneously control and trace the sensitive data with safety risk, thereby timely protecting the safety of the business data and improving the data safety of the system platform.
The application also provides a computer readable medium, on which program instructions are stored, which when executed by a processor implement the method for analyzing the security risk of the service data flow provided by the above method embodiments.
The application also provides a computer program product containing instructions which, when run on a computer, cause the computer to perform the method for analyzing the security risk of a service data stream according to the above-mentioned method embodiments.
Referring to fig. 6, a schematic structural diagram of a terminal is provided in an embodiment of the present application. As shown in fig. 6, terminal 1000 can include: at least one processor 1001, at least one network interface 1004, a user interface 1003, a memory 1005, at least one communication bus 1002.
Wherein the communication bus 1002 is used to enable connected communication between these components.
The user interface 1003 may include a Display screen (Display) and a Camera (Camera), and the optional user interface 1003 may further include a standard wired interface and a wireless interface.
The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.
Wherein the processor 1001 may include one or more processing cores. The processor 1001 connects various parts within the overall electronic device 1000 using various interfaces and lines, performs various functions of the electronic device 1000 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 1005, and invoking data stored in the memory 1005. Alternatively, the processor 1001 may be implemented in at least one hardware form of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 1001 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 1001 and may be implemented by a single chip.
The Memory 1005 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 1005 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). The memory 1005 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 1005 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described respective method embodiments, etc.; the storage data area may store data or the like referred to in the above respective method embodiments. The memory 1005 may also optionally be at least one storage system located remotely from the processor 1001. As shown in fig. 6, an operating system, a network communication module, a user interface module, and an analysis application for security risk of a service data stream may be included in a memory 1005, which is a type of computer storage medium.
In terminal 1000 shown in fig. 6, user interface 1003 is mainly used for providing an input interface for a user, and acquiring data input by the user; while the processor 1001 may be configured to invoke an analysis application of the traffic data flow security risk stored in the memory 1005, and specifically perform the following operations:
Monitoring and extracting service data streams existing in network traffic transmitted by an enterprise to be managed and controlled in real time;
analyzing and screening sensitive data existing in the service data stream;
classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
according to a pre-established multidimensional data risk quantitative evaluation model, carrying out multidimensional quantitative analysis on target sensitive data to obtain an analysis result;
judging whether the target sensitive data has safety risks or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
In one embodiment, the processor 1001 performs the following operations when performing the multidimensional quantitative analysis on the target sensitive data according to the multidimensional data risk quantitative assessment model established in advance to obtain an analysis result:
the business circulation tracking module determines a target object to which the target sensitive data flows, and generates a first dimension risk value according to the risk type of the target object;
the data importance level calculation module acquires the target level and the target category of the target sensitive data, analyzes the target importance level corresponding to the target sensitive data according to the target level and the target category, and determines a second dimension risk value corresponding to the target importance level in a mapping relation between the pre-generated importance level and the risk value;
The interface security detection module determines operation interface information corresponding to the target sensitive data, analyzes the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface contained in the operation interface information, obtains an API asset list, and generates a third-dimensional risk value according to the API asset list;
when receiving an operation request, the user validity determining module acquires a terminal certificate, a source address and an operation time corresponding to the operation request, and generates a fourth-dimension risk value according to the terminal certificate, the source address and the operation time;
weighting and summing the first dimension risk value, the second dimension risk value, the third dimension risk value and the fourth dimension risk value to obtain a comprehensive risk value corresponding to the target sensitive data;
and taking the comprehensive risk value as an analysis result.
In one embodiment, the processor 1001, when executing the determining the target object to which the target sensitive data flows, and generating the first dimension risk value according to the risk type of the target object, specifically executes the following operations:
grabbing a flow direction identifier of the target sensitive data;
extracting terminal keywords carried by the flow direction identifier and used for flowing to the target terminal, and taking the terminal keywords as target objects;
Inquiring a plurality of risk types of the target object in a risk type table, and acquiring a risk factor of each risk type;
calculating a first dimension risk value according to the acquired risk factors of each risk type; wherein,
the first dimension risk value calculation formula is:
; wherein ,/>For the first dimension risk value, +.>For a number of risk types,for each risk type risk factor +.>Is a dynamic variable determined according to the historical occurrence times of the risk types.
In one embodiment, the processor 1001, when executing the analysis of the target importance level corresponding to the target sensitive data according to the target level and the target category, specifically performs the following operations:
determining a target sensitive score interval to which a target grade belongs according to a mapping relation between the pre-established grade and the sensitive score interval, and taking the intermediate value of the target sensitive score interval as a first score value;
matching a service attribute set related to a target category; wherein the service attribute set at least comprises bandwidth requirements, reliability, response time and task level;
determining a plurality of attribute values of each service attribute in the service attribute set;
establishing a sensitive attribute decision matrix according to a plurality of attribute values of each service attribute; the sensitive attribute decision matrix represents a plurality of attribute values of N different service attributes under M preset decisions;
Performing product operation on the sensitive attribute decision matrix and a preset weight matrix to obtain a second score;
and calculating the average value of the first score value and the second score value to obtain the target importance degree corresponding to the target sensitive data.
In one embodiment, the processor 1001, when executing the generation of the third dimension risk value from the API asset inventory, specifically performs the following:
establishing a risk assessment model for determining a risk assessment value corresponding to the API asset inventory;
fitting equation coefficients of a risk assessment model according to historical supervision parameters calibrated for pre-collected business data streams;
according to equation coefficients of the risk assessment model, respectively determining risk assessment values corresponding to the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface;
the calculation formula of the third dimension risk value is as follows:
; wherein ,/>For the second dimension risk value,/>Risk assessment value for the name of the interface, +.>Risk assessment value for a source unit, +.>Risk assessment value for use scene, +.>Risk assessment value for service type, +.>Is a protocolRisk assessment value of type->Risk assessment value for request mode, +. >For risk assessment value of interface rights, +.>、/>、/>、/>、/>、/>、Is a weight parameter set in advance, and +.>、/>、/>、/>、/>、/>、/>Between the intervals (0, 1) and +.>、/>、/>、/>、/>、/>、/>The sum of the weights of (2) is 1.
In one embodiment, the processor 1001, when executing the generation of the fourth dimension risk value according to the terminal certificate, the source address, and the operation time, specifically performs the following operations:
determining whether the current authorization range corresponding to the operation request is consistent with the actual authorization range according to the terminal certificate, and generating a first judgment result;
identifying whether the source address is legal or not according to a preset risk address library, and generating a second judgment result;
determining whether the operation request is within a preset legal operation period according to the operation time, and generating a third judgment result;
counting the operation times of the operation request in real time, judging whether the operation times are larger than a preset threshold value, and generating a fourth judgment result;
performing assignment according to the first judgment result, the second judgment result, the third judgment result and the result identifier of the fourth judgment result to obtain 4 judgment values;
and carrying out normalization calculation according to the 4 judgment values to obtain a fourth-dimension risk value.
In one embodiment, the processor 1001, when executing the determination of whether the current authorization scope corresponding to the operation request is consistent with the actual authorization scope according to the terminal certificate, specifically executes the following operations:
Scanning an authorized operation function identifier in the terminal certificate;
determining a function set to be analyzed corresponding to the operation request according to the authorized operation function identifier;
obtaining function configuration of each function in a function set to be analyzed so as to obtain delegated function names;
calling an API interface of a preset identity authentication service platform according to the delegated function name to obtain operation authority information;
analyzing according to the operation authority information to obtain the current authorization range corresponding to the operation request;
inquiring an actual authorization policy corresponding to the source address in a preset authorization policy library, and determining an actual authorization range corresponding to the operation request based on the actual authorization policy;
and determining an intersection of the current authorization range and the actual authorization range, and determining that the current authorization range is consistent with the actual authorization range when the intersection range is larger than the preset authorization range.
In the embodiment of the application, an analysis system of the security risk of the business data flow monitors and extracts the business data flow existing in the network flow transmitted by an enterprise to be managed and controlled in real time; then analyzing and screening sensitive data existing in the service data stream; secondly, classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage; then carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result; finally, judging whether the target sensitive data has safety risk or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk. The application carries out multidimensional quantitative analysis on the sensitive data through the multidimensional data risk quantitative evaluation model, the multidimensional quantitative analysis can give initiative to safety protection to the platform so as to supervise the business data flow in real time, and simultaneously control and trace the sensitive data with safety risk, thereby timely protecting the safety of the business data and improving the data safety of the system platform.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiment methods may be accomplished by computer programs to instruct related hardware, and that the program for analyzing the security risk of the service data flow may be stored in a computer readable storage medium, where the program, when executed, may include the above-described embodiment methods. The storage medium may be a magnetic disk, an optical disk, a read-only memory, a random access memory, or the like.
The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.
Claims (9)
1. A method for analyzing security risk of a service data stream, the method comprising:
monitoring and extracting service data streams existing in network traffic transmitted by an enterprise to be managed and controlled in real time;
analyzing and screening sensitive data existing in the service data stream;
classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
according to a pre-established multidimensional data risk quantitative evaluation model, carrying out multidimensional quantitative analysis on the target sensitive data to obtain an analysis result; wherein,
The pre-established multidimensional data risk quantification evaluation model comprises a service flow tracking module, a data importance level calculation module, an interface safety detection module and a user validity determination module;
the step of carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result comprises the following steps:
the business circulation tracking module determines a target object to which the target sensitive data flows, and generates a first dimension risk value according to the risk type of the target object;
the data importance level calculation module acquires the target level and the target category of the target sensitive data, analyzes the target importance level corresponding to the target sensitive data according to the target level and the target category, and determines a second dimension risk value corresponding to the target importance level in a mapping relation between the pre-generated importance level and the risk value;
the interface security detection module determines operation interface information corresponding to the target sensitive data, analyzes the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of an interface contained in the operation interface information, obtains an API asset list, and generates a third dimension risk value according to the API asset list;
When receiving an operation request, a user validity determining module acquires a terminal certificate, a source address and an operation time corresponding to the operation request, and generates a fourth-dimension risk value according to the terminal certificate, the source address and the operation time;
weighting and summing the first dimension risk value, the second dimension risk value, the third dimension risk value and the fourth dimension risk value to obtain a comprehensive risk value corresponding to the target sensitive data;
taking the comprehensive risk value as an analysis result;
judging whether the target sensitive data has safety risk or not according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
2. The method of claim 1, wherein the determining the target object to which the target sensitive data flows and generating the first dimension risk value according to the risk type of the target object comprises:
grabbing a flow direction identifier of the target sensitive data;
extracting a terminal keyword carried by the flow direction identifier and used for flowing to a target terminal, and taking the terminal keyword as a target object;
inquiring a plurality of risk types of the target object in a risk type table, and acquiring a risk factor of each risk type;
Calculating a first dimension risk value according to the acquired risk factors of each risk type; wherein,
the first dimension risk value calculation formula is as follows:
; wherein ,/>For the first dimension risk value, +.>For the total number of multiple risk types, +.>Risk factor for the i-th risk type, < +.>Is a dynamic variable determined according to the historical occurrence times of the risk types.
3. The method according to claim 1, wherein analyzing the target importance level corresponding to the target sensitive data according to the target level and the target class comprises:
determining a target sensitive score interval to which the target grade belongs according to a mapping relation between the pre-established grade and the sensitive score interval, and taking the intermediate value of the target sensitive score interval as a first score value;
matching a service attribute set related to the target category; wherein the service attribute set at least comprises bandwidth requirements, reliability, response time and task level;
determining a plurality of attribute values for each business attribute in the set of business attributes;
establishing a sensitive attribute decision matrix according to the plurality of attribute values of each service attribute; the sensitive attribute decision matrix represents a plurality of attribute values of N different service attributes under M preset decisions;
Performing product operation on the sensitive attribute decision matrix and a preset weight matrix to obtain a second score;
and calculating the average value of the first score value and the second score value to obtain the target importance degree corresponding to the target sensitive data.
4. The method of claim 1, wherein generating a third dimension risk value from the API manifest comprises:
establishing a risk assessment model for determining a risk assessment value corresponding to the API asset inventory;
fitting equation coefficients of the risk assessment model according to historical supervision parameters calibrated for pre-collected business data streams;
according to equation coefficients of the risk assessment model, respectively determining risk assessment values corresponding to the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of the interface;
the calculation formula of the third dimension risk value is as follows:
;
wherein ,for the third dimension risk value, < >>Risk assessment value for the name of the interface, +.>Risk assessment for a source unitValue,/->Risk assessment value for use scene, +.>Risk assessment value for service type, +.>Risk assessment value for protocol type, +. >Risk assessment value for request mode, +.>For risk assessment value of interface rights, +.>、/>、/>、/>、/>、/>、/>Is a weight parameter set in advance, and +.>、/>、/>、/>、/>、/>、/>Between the intervals (0, 1) and +.>、/>、/>、/>、/>、、/>The sum of the weights of (2) is 1.
5. The method of claim 1, wherein generating a fourth dimension risk value from the terminal certificate, source address, and time of operation comprises:
determining whether the current authorization range corresponding to the operation request is consistent with the actual authorization range according to the terminal certificate, and generating a first judgment result;
identifying whether the source address is legal or not according to a preset risk address library, and generating a second judgment result;
determining whether the operation request is within a preset legal operation period according to the operation time, and generating a third judgment result;
counting the operation times of the operation request in real time, judging whether the operation times are larger than a preset threshold value, and generating a fourth judgment result;
performing assignment according to the result identifiers of the first judgment result, the second judgment result, the third judgment result and the fourth judgment result to obtain 4 judgment values;
and carrying out normalization calculation according to the 4 judgment values to obtain a fourth-dimension risk value.
6. The method of claim 5, wherein determining whether the current authorization scope corresponding to the operation request is consistent with the actual authorization scope based on the terminal certificate comprises:
Scanning an authorized operation function identifier in the terminal certificate;
determining a function set to be analyzed corresponding to the operation request according to the authorized operation function identifier;
obtaining function configuration of each function in the function set to be analyzed to obtain delegated function names;
calling an API interface of a preset identity authentication service platform according to the delegated function name to obtain operation authority information;
analyzing according to the operation authority information to obtain the current authorization range corresponding to the operation request;
inquiring an actual authorization policy corresponding to the source address in a preset authorization policy library, and determining an actual authorization range corresponding to the operation request based on the actual authorization policy;
and determining an intersection of the current authorization range and the actual authorization range, and determining that the current authorization range is consistent with the actual authorization range when the intersection range is larger than a preset authorization range.
7. A system for analyzing security risk of a traffic data stream, the system comprising:
the business data flow monitoring module is used for monitoring and extracting business data flows existing in network flow transmitted by an enterprise to be managed and controlled in real time;
the sensitive data screening analysis module is used for analyzing and screening sensitive data existing in the service data stream;
The sensitive data classification module is used for classifying and classifying the sensitive data to obtain target sensitive data of each class of each stage;
the multidimensional quantitative analysis module is used for carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result; wherein,
the pre-established multidimensional data risk quantification evaluation model comprises a service flow tracking module, a data importance level calculation module, an interface safety detection module and a user validity determination module;
the step of carrying out multidimensional quantitative analysis on the target sensitive data according to a pre-established multidimensional data risk quantitative evaluation model to obtain an analysis result comprises the following steps:
the business circulation tracking module determines a target object to which the target sensitive data flows, and generates a first dimension risk value according to the risk type of the target object;
the data importance level calculation module acquires the target level and the target category of the target sensitive data, analyzes the target importance level corresponding to the target sensitive data according to the target level and the target category, and determines a second dimension risk value corresponding to the target importance level in a mapping relation between the pre-generated importance level and the risk value;
The interface security detection module determines operation interface information corresponding to the target sensitive data, analyzes the name, the number source unit, the use scene, the service type, the protocol type, the request mode and the interface authority of an interface contained in the operation interface information, obtains an API asset list, and generates a third dimension risk value according to the API asset list;
when receiving an operation request, a user validity determining module acquires a terminal certificate, a source address and an operation time corresponding to the operation request, and generates a fourth-dimension risk value according to the terminal certificate, the source address and the operation time;
weighting and summing the first dimension risk value, the second dimension risk value, the third dimension risk value and the fourth dimension risk value to obtain a comprehensive risk value corresponding to the target sensitive data;
taking the comprehensive risk value as an analysis result;
the traceability control module is used for judging whether the security risk exists in the target sensitive data according to the analysis result; if yes, controlling and tracing the target sensitive data with the safety risk.
8. A computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method of any of claims 1-6.
9. A terminal, comprising: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310732624.1A CN116506217B (en) | 2023-06-20 | 2023-06-20 | Analysis method, system, storage medium and terminal for security risk of service data stream |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310732624.1A CN116506217B (en) | 2023-06-20 | 2023-06-20 | Analysis method, system, storage medium and terminal for security risk of service data stream |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116506217A CN116506217A (en) | 2023-07-28 |
| CN116506217B true CN116506217B (en) | 2023-09-12 |
Family
ID=87324998
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310732624.1A Active CN116506217B (en) | 2023-06-20 | 2023-06-20 | Analysis method, system, storage medium and terminal for security risk of service data stream |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116506217B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116663067B (en) * | 2023-07-31 | 2023-10-20 | 北京信通泰克科技有限公司 | Financial user information protection method, system, terminal equipment and storage medium |
| CN116776390A (en) * | 2023-08-15 | 2023-09-19 | 上海观安信息技术股份有限公司 | Method, device, storage medium and equipment for monitoring data leakage behavior |
| CN116760643B (en) * | 2023-08-21 | 2023-10-20 | 明阳时创(北京)科技有限公司 | IPv6 risk quantification method, system, medium and device based on artificial intelligence |
| CN117097578B (en) * | 2023-10-20 | 2024-01-05 | 杭州烛微智能科技有限责任公司 | Network traffic safety monitoring method, system, medium and electronic equipment |
| CN117201206B (en) * | 2023-11-08 | 2024-01-09 | 河北翎贺计算机信息技术有限公司 | Network safety supervision system for preventing network data leakage |
| CN117221315B (en) * | 2023-11-09 | 2024-02-09 | 深圳融安网络科技有限公司 | File transmission method, device, terminal equipment and storage medium |
| CN117574424A (en) * | 2023-11-09 | 2024-02-20 | 湖北清江水电开发有限责任公司 | Intelligent power data pushing management system and method based on big data |
| CN117291428B (en) * | 2023-11-17 | 2024-03-08 | 南京雅利恒互联科技有限公司 | Enterprise management APP-based data background management system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8311863B1 (en) * | 2009-02-24 | 2012-11-13 | Accenture Global Services Limited | Utility high performance capability assessment |
| CN111832017A (en) * | 2020-07-17 | 2020-10-27 | 中国移动通信集团广西有限公司 | Cloud-oriented database security situation sensing system |
| CN115935412A (en) * | 2022-11-18 | 2023-04-07 | 华信咨询设计研究院有限公司 | Automatic classification and classification method and system for unstructured data |
| CN115934202A (en) * | 2022-12-23 | 2023-04-07 | 星环信息科技(上海)股份有限公司 | Data management method, system, data service gateway and storage medium |
| CN116108393A (en) * | 2023-04-12 | 2023-05-12 | 国网智能电网研究院有限公司 | Power sensitive data classification and classification method and device, storage medium and electronic equipment |
-
2023
- 2023-06-20 CN CN202310732624.1A patent/CN116506217B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8311863B1 (en) * | 2009-02-24 | 2012-11-13 | Accenture Global Services Limited | Utility high performance capability assessment |
| CN111832017A (en) * | 2020-07-17 | 2020-10-27 | 中国移动通信集团广西有限公司 | Cloud-oriented database security situation sensing system |
| CN115935412A (en) * | 2022-11-18 | 2023-04-07 | 华信咨询设计研究院有限公司 | Automatic classification and classification method and system for unstructured data |
| CN115934202A (en) * | 2022-12-23 | 2023-04-07 | 星环信息科技(上海)股份有限公司 | Data management method, system, data service gateway and storage medium |
| CN116108393A (en) * | 2023-04-12 | 2023-05-12 | 国网智能电网研究院有限公司 | Power sensitive data classification and classification method and device, storage medium and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于数据特征的敏感数据识别方法;刘金;;信息通信(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116506217A (en) | 2023-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116506217B (en) | Analysis method, system, storage medium and terminal for security risk of service data stream | |
| Cvitić et al. | Boosting-based DDoS detection in internet of things systems | |
| CN110311902A (en) | A kind of recognition methods of abnormal behaviour, device and electronic equipment | |
| CN103679031B (en) | A kind of immune method and apparatus of file virus | |
| TWI461953B (en) | Computing environment security method and electronic computing system | |
| EP2942731A1 (en) | Identifying and securing sensitive data at its source | |
| CN103593609B (en) | Trustworthy behavior recognition method and device | |
| TWI734466B (en) | Risk assessment method and device for leakage of privacy data | |
| CN110366845A (en) | Based on content, activity and the safety of metadata and compliance alarm in cloud | |
| CN110855648B (en) | Early warning control method and device for network attack | |
| CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
| CN111488594B (en) | Permission checking method and device based on cloud server, storage medium and terminal | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN114398665A (en) | Data desensitization method, device, storage medium and terminal | |
| CN115630374B (en) | Testing method and device of credible numerical control system, computer equipment and storage medium | |
| CN113111951A (en) | Data processing method and device | |
| JP2023550974A (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| CN110233848B (en) | Asset situation analysis method and device | |
| CN116915442A (en) | Vulnerability testing method, device, equipment and medium | |
| JP7081695B2 (en) | Priority determination device, priority determination method, and control program | |
| WO2023031938A1 (en) | System and method for managing data access requests | |
| WO2020228564A1 (en) | Application service method and device | |
| JP2016105233A (en) | Threat analysis device and threat analysis method | |
| CN115809466B (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
| Gyamfi et al. | A Model-agnostic XAI Approach for Developing Low-cost IoT Intrusion Detection Dataset |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |