CN101894239A - Method and system for auditing and distributing sensitive data based on evolution strategy - Google Patents
Method and system for auditing and distributing sensitive data based on evolution strategy Download PDFInfo
- Publication number
- CN101894239A CN101894239A CN2010102519772A CN201010251977A CN101894239A CN 101894239 A CN101894239 A CN 101894239A CN 2010102519772 A CN2010102519772 A CN 2010102519772A CN 201010251977 A CN201010251977 A CN 201010251977A CN 101894239 A CN101894239 A CN 101894239A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- value
- distribution
- expression
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of information safety, particularly to a method and a system for auditing and distributing sensitive data based on an evolution strategy. The system of the invention comprises a risk evaluation module based on trust, an auditing and distributing module based on a strategy, a data leakage auditing module and a sensitive data management service module; the risk evaluation module calculates the trust level of the user behavior and investigates the intersection of a leakage set and an intersection of an acquired set of the user, so that the crime risk of the user is obtained; the distributing module determines a distribution policy under the guide of a crime factor and a judging sum formula according to user application and distribution records; and the auditing module records a distributing log, counts the information for analyzing the user behavior and the data leakage, and feeds back an auditing result to the risk evaluation module and the distributing module. The invention meets the requirements of the anti-leakage application of the sensitive data having high requirements for data completeness; the detection source is detected by the intersection of the acquired data set of the user and the leakage data set; and no watermark information needs to be imbedded, so that the invention meets the application requirements of the sensitive data having high requirements for the completeness and the privacy.
Description
Technical field
The present invention relates to field of information security technology, relate in particular to a kind of sensitive data audit distribution method and system based on evolutionary strategy.
Background technology
(Data Leakage Protection DLP) has the strategic position of the national data security of protection and the vital role that ensures information safety, and is the important component part of national security in the data leak protection.Current, information content safety mainly shows as the safety of document or data, it threatens and comprises that mainly hacker attacks, external spy personnel steal secret information or the inner document or the data leak of divulging a secret and causing, as the hacker by illegal means such as network attack obtain user file, computer virus is stolen documentation, the employee does not have the maloperation of confidential notions, the loss of movable storage device etc.In addition, developed country is by to the used computer chip of developing country and the monopolization of critical software technology, even embeds spyware in networking products, the safety that directly threatens important information by back door.Traditional safety information product such as fire wall, anti-virus, intrusion detection, vulnerability scanning belong to respectively with protection (Prevention), detect (Detection) and response (Response) be the PDR model of core and with strategy (Policy), protection (Protection), monitoring (Detection), react protection and detection link in the closed-loop control P2DR model that (Response) is core; they carry out security protection from network layer or application layer, lack the data of storage in the network and transmission are protected.So being subjected to the extreme of domestic and international industry, the data leak guard technology pays close attention to.
Data leak protection is by certain technological means, prevent the solution that specific data or information assets flow out internally with the form of breach of security strategy, thereby the leakage of the state secret of preventing and trade secret has the national strategy position and function.Digital watermark technology is as a kind of anti-leak gordian technique commonly used, be intended to make digital product in communication process not by unrestrictedly abuse, bootlegging and leakage etc., guarantee the copyright interest of responsive digital product, be widely used in picture, video, audio frequency etc. and have in the information products of high data redundancy.It is by embedding sign copyright holder watermark information in information such as image, image, to reach illegal copies or to follow the trail of the source of leaks target when leaking.As in the attribute of appointment, adding random noise, the value of specific bit is replaced by certain sequence, or the data bit of compression redundancy etc.Though watermark has disguise when track identification digital copyright and source of leaks, plurality of advantages such as security, but digital watermark technology has the following disadvantages too: 1) watermark can cause the change of raw information carrier content in the process that embeds, 2) digital watermark itself is relatively more fragile, in the process of data processing, be damaged easily, even may suffer distorting of malicious user, so that lose the effectiveness of confirming the raw data source, 3) be not suitable for the strict hypersensitivity data leak audit of integrality and use.So, how to solve that to leak audit be the important topic that the current information security fields need to be resolved hurrily having sensitive data under the requirement such as high integrality, will help protecting the information property safety of China enterprise.
Summary of the invention
At the technical matters of above-mentioned existence, the purpose of this invention is to provide a kind of sensitive data audit distribution method and system based on evolutionary strategy, to adapt to the application demand of the private sensitive data of high integrality and height, sensitive data is had tactfully protect.
For achieving the above object, the present invention adopts following technical scheme:
A kind of sensitive data audit dissemination system based on evolutionary strategy:
Based on the risk evaluation module of trusting, be used for the analysis user behavior, estimate user behavior, and evaluation result is converted into crime risk factor;
Based on the auditing and distributing module of strategy,, produce the data distribution strategy of an optimum according to user's gained data set occur simultaneously minimum principle and user's crime risk factor;
Data leak audit module detects source of leaks according to Distribution Log, leakage collection and user's crime risk;
The sensitive data management services module is used for user profile, sensitive data information, Distribution Results information and leak data management of information.
The degree of belief calculating sub module is used for regularly detecting user's positive act and act of omission, calculates the degree of belief increment of user in this time period according to testing result, and calculates new trust value in conjunction with the nearest degree of belief value of user; This submodule calculates the users to trust degree and adopts following formula to calculate:
Wherein,
Represent this time period end user
Degree of belief,
The degree of belief of representing a last time period user;
The degree of belief changing value of representing user in this time period,
Controlled
Change frequency, span is [0,1],
It is more little,
The Shaoxing opera of passage fluctuation in time is strong, when
Near 1 o'clock,
Change corresponding slow;
Crime probability calculation module is used to investigate the leak data collection of user's gained data set and unknown source of leakage, calculates any one new file in conjunction with the users to trust degree and provides to after this user, and it reveals the value-at-risk of this document; This submodule calculates user's crime probability and adopts following formula to calculate:
Wherein,
Represent leak data object;
The expression user
The gained data acquisition;
The leak data collection of source of leaks is not determined in expression;
Data are enjoyed in expression
User collection,
Data are enjoyed in expression
The user;
The expression user
Degree of belief,
The expression data
Guessed the probability that by unauthorized user.
The described data distribution strategy that produces an optimum based on the auditing and distributing module of strategy according to following formula:
Wherein,
The expression epicycle participates in the data object number of granting,
The expression data object
The sharing users number,
Expression can obtain object
User collection,
The expression user
Obtain the historical number of object,
This available number of objects of expression user,
Expression user's crime factor.
Initial scheme produces submodule, according to having or not distribution history, takes two kinds of strategies to produce an original allocation scheme;
The subscheme group produces submodule, is starting point with the original allocation scheme, utilizes climbing method, by EVOLUTIONARY COMPUTATION, produces one group of subscheme set to be selected;
Optimal case chooser module, according to each scheme in judge and the minimum principle investigation of the formula value subscheme group, and definite optimal case.
Submodule is safeguarded in daily record, statistics distribution object information, user's crime risk information, leak data information.
The interpretation of result submodule, according to Distribution Log, whether the comparison leak data belongs to user's gained data acquisition, detects user's crime risk and whether surpasses the source of leaks that threshold value is determined leak data.
A kind of sensitive data audit distribution method based on evolutionary strategy:
1. based on the risk assessment step of trusting, embody user's long-term accumulated behavior with crime risk factor.
2. the sensitive data distributing step is utilized standard and formula, formulates distribution approach based on evolutionary strategy.
3. the system audit step is compared user data set and leak data collection, with reference to user's crime risk, determines source of leakage.
Time period Mo is detected user behavior, calculates excitation value according to user's positive act, calculates penalty value according to user's malicious act;
Calculate according to user's excitation value and penalty value
Degree of belief changing value in time period;
Read one
Time period Mo the users to trust value, and, calculate this in conjunction with degree of belief changing value in this time period and change frequency controlling elements
Time period Mo user's degree of belief;
But according to epicycle distribution back residue distributing data collection and user's actual request data difference set, partition request class of subscriber;
Distribution of data objects is given the user that must obtain this object;
From can obtain this data user set, find out feasible (
) value maximum and crime risk
Minimum some users satisfy the condition that number of users that obtains this data object and the number of users sum that must obtain this data object equal the sharing users number of this object simultaneously;
After all objects are investigated and are finished, each the alternatives respective value in the following formula numerical procedure group of foundation:
Wherein,
The expression epicycle participates in the data object number of granting,
The expression data object
The sharing users number,
Expression can obtain object
User collection,
The expression user
Obtain the historical number of object,
This available number of objects of expression user,
Expression user's crime factor.
The value that compares all subscheme correspondences in the prescription case, selecting the subscheme of minimum value correspondence is the epicycle optimal case.
Extract user request information from database, the request msg classification of type is pressed in all user's requests;
Calculate each user every the corresponding constantly trust value of n T of T time interval, and on the basis of corresponding trust value, calculate each user's crime risk value;
The screening user, crime risk reaches threshold value, will concentrate from the epicycle requesting users and reject this user;
According to crime risk and this solicited status, develop and select optimum distribution policy;
Provide data according to optimal strategy and give the user;
Collect user behavior and write down the distributing information daily record, carry out follow-up audit.
The present invention has the following advantages and good effect:
1. the present invention is based on the minimum principle of user data distribution common factor, the distribution audit program is continued to optimize evolution;
2. the present invention only detects source of leaks by user's gained data set and leak data collection common factor, need not to embed any watermark letter
Cease, satisfy the application demand of integrality and private demanding sensitive data, wide accommodation;
3. the present invention distributes the dirigibility height, distributes according to user's crime risk, can reflect user's agenda more accurately, helps improving leakage prevention capability;
4. distribution policy of the present invention is distributed sensitive data according to data that the user the obtains minimum principle of occuring simultaneously for the request of data user, has realized obtaining the data differences maximization, has improved source of leaks and has followed the trail of efficient.
Description of drawings
Fig. 1 is the layer module structural drawing of the sensitive data audit dissemination system based on evolutionary strategy provided by the invention.
Fig. 2 is the workflow diagram of the sensitive data audit distribution method based on evolutionary strategy provided by the invention.
Fig. 3 is provided by the invention based on the risk assessment schematic diagram of trusting.
Fig. 4 is that audit distribution policy provided by the invention upgrades the optimization process flow diagram.
Embodiment
Sensitive data audit distribution method and system based on evolutionary strategy provided by the invention, can be applicable to the technical field of anti-leaks such as the classified papers application of enterprise's design drawing and concerning security matters mechanism, need not the sensitive data carrier is done any pre-service (as the embed watermark operation), and because distribution is with reference to the user property that receives data, thereby in case find data leak, system can arrive source of leaks with higher Probability Detection in the short period of time, thereby the subsequent application of refusal source of leaks, suppress its leakage behavior, prevent the leakage of sensitive data effectively.
The present invention needs to obtain one group of feasible distribution subscheme according to having or not distribution history to produce the original allocation scheme by initial scheme, and utilizes the criterion analysis of allocated scheme of passing judgment on; In addition, the needs assessment user behavior, and be translated into the parameter factors that guidance system is selected optimal distributing scheme; Distribution Results according to optimal distributing scheme need be charged to daily record, determines source of leaks by further detection user behavior and leak data, thereby reaches the purpose that prevents that sensitive data from leaking.
At first to the sensitive data audit dissemination system based on evolutionary strategy provided by the invention, describe in detail below:
As shown in Figure 1, native system comprises based on the risk evaluation module 10 of trusting, reveals audit module 12, sensitive data management services module 14, server database 15 based on auditing and distributing module 11, the data of strategy, and function of successively each module being finished and the submodule that comprises are described in detail below:
1, based on the risk evaluation module 10 of trusting, be used for the analysis user behavior, estimate user behavior, and evaluation result is converted into crime risk factor, specifically comprise following submodule:
Degree of belief calculating sub module 101 regularly detects user's positive act and act of omission, calculates the degree of belief increment of user in this time period according to testing result, and calculates new trust value in conjunction with the nearest degree of belief value of user.
This submodule adopts following formula to calculate the users to trust degree:
Wherein,
Represent this time period end user
Degree of belief,
The degree of belief of representing a last time period user;
The degree of belief changing value of representing user in this time period,
Controlled
Change frequency, span is [0,1],
It is more little,
The Shaoxing opera of passage fluctuation in time is strong, when
Near 1 o'clock,
Change corresponding slow;
Crime probability calculation module 102, the leak data collection of investigation user's gained data set and unknown source of leakage calculates any one new file in conjunction with the users to trust degree and provides to after this user, and it reveals the value-at-risk of this document.
This submodule adopts following formula to calculate user's crime probability:
Wherein,
Represent leak data object;
The expression user
The gained data acquisition;
The leak data collection of source of leaks is not determined in expression;
Data are enjoyed in expression
User collection,
Data are enjoyed in expression
The user;
The expression user
Degree of belief,
The expression data
Guessed the probability that by unauthorized user.
2,,, produce the data distribution strategy of an optimum according to user's gained data set occur simultaneously minimum principle and user's crime risk factor based on the auditing and distributing module 11 of strategy:
This module is according to the excellent more principle of sensitive data that the user obtains set (common factor) more little scheme, be translated into realization can the following formula of foundation after, standard becomes the value minimum of this formula.Auditing and distributing module is formulated distribution policy for the user who participates in application.Take all factors into consideration sensitive data ways of distribution that the user accumulates behavior and application situation from the source, prevent data leak effectively.
Wherein,
The expression epicycle participates in the data object number of granting,
The expression data object
The sharing users number,
Expression can obtain object
User collection,
The expression user
Obtain the historical number of object,
This available number of objects of expression user,
Expression user's crime factor.The value of formula is more little, shows overlapping more little between the user data set.This audit distribution adopts daily record to keep Distribution Results, and determines source of leaks according to leak data set, Distribution Log and the user property collected.This module further comprises following submodule:
Initial scheme produces submodule 111, according to having or not distribution history, takes two kinds of strategies to produce an original allocation scheme.
The subscheme group produces submodule 112, is starting point with the original allocation scheme, utilizes climbing method, by evolutionary strategy, produces the set of one group of subscheme to be selected.
Optimal case chooser module 113, according to each scheme in judge and the minimum principle investigation of the formula value subscheme group, and definite optimal case.
3, data leak audit module 12 detects source of leaks according to Distribution Log, leakage collection and user's crime risk, specifically comprises following submodule:
Interpretation of result submodule 122, according to Distribution Log, whether the comparison leak data belongs to user's gained data acquisition, detects user's crime risk and whether surpasses the source of leaks that threshold value is determined leak data.
4, the sensitive data management services module 14, are used for user profile, sensitive data information, Distribution Results information and leak data management of information, specifically comprise following submodule:
File information management submodule 141 is finished the interpolation of fileinfo, and deletion is searched for and checked.
Subscriber information management submodule 142 is finished the interpolation of user profile, and deletion is searched for and checked.
Distributing information management submodule 143 shows the distribution detailed results.
Reveal information management submodule 144 adds leak data information, confirms source of leaks information.
Degree of belief computing module 101 based on risk evaluation module 10 correspondences of trusting passes to crime probability calculation module 102 for the degree of belief that the user calculates, and the risks and assumptions that this module calculates passes to distribution module 11 as a guide parameters; The net result information module 12 of being audited of distribution is compiled; The related data information of server database module 15 all modules of storage system; Sensitive data management services module 14 is by subscriber information management module 141, file information management module 142, distributing information administration module 143 and the reveal information administration module 144 difference managed storage corresponding informance at database.
To the sensitive data audit distribution method based on evolutionary strategy provided by the invention, be described in detail below:
Be illustrated in figure 3 as based on the risk assessment schematic diagram of trusting, be described below:
Be made up of two parts based on the risk evaluation module of trusting, promptly degree of belief is calculated and Risk Calculation.Degree of belief is calculated basis and is had or not the leakage behavior that user behavior is defined, and calculates degree of belief variable quantity and total trust degree, and what its reflected is the characteristic of accumulation of user's long-term action; Risk Calculation comprises statistics user data that obtain and the common factor that does not find the leakage collection of source of leaks, calculates crime risk according to degree of belief at last.Execution in step is as follows:
2)
Last analysis user behavior S35 calculates the user originally according to user's positive act and act of omission constantly
Degree of belief increment S34 in time period, and according to increment and the new trust value S32 of last degree of belief value calculating.
3) the leak data collection S36 of system thinking source of leaks the unknown and user's gained sensitive data collection S37, and based on the up-to-date degree of belief calculating of user user crime risk S38.
4) will
The new degree of belief that moment foot couple is answered saves as the initial value that next round is calculated, system's sleep
Time, return step 0 circulation and carry out.
Be illustrated in figure 4 as the audit distribution policy and upgrade the optimization process flow diagram, be described below:
Distribution mainly comprises three constructor modules, is respectively that initial scheme generation module, subscheme group generation module and optimal case are selected module.Described optimal case selects module according to having or not distribution history to take different strategies to obtain an original allocation scheme; Subscheme group generation module utilizes climbing method to produce one group of subscheme on the basis of original allocation scheme; Optimal case selection module is screened with the minimum principle of formula value according to the scheme correspondence, carries out many wheel circulation selections from subscheme and initial scheme, obtain optimum allocative decision, and scheme is carried out the granting of sensitive data in view of the above.Concrete execution in step is as follows:
1) distribution beginning S40
2) obtain the relevant historical bitmap of distribution this time, user applies data array, user's crime risk array
3) but judge whether all validated users once obtained this and take turns distribution of document S41 in the distribution.If do not have, then utilize " not having historical original allocation algorithm " to produce initial allocative decision S43; Otherwise,, utilize " historied original allocation algorithm " to produce original allocation scheme S42 with reference to the historical distribution condition of historical bitmap.
4) the original allocation scheme that obtains with previous step is a seed, but by changing the sharing users number of distributing data, can obtain sub-allocative decision S set 44.
5) from all sub-allocative decisions that previous step obtains, by relatively they find out the allocative decision S46 of an optimum with the formula value.More little with formula, then scheme is excellent more.
6) locally optimal plan that previous step is obtained and initial scheme compare, if the locally optimal plan correspondence with the little S47 of formula than initial scheme, then preserving this locally optimal plan is initial scheme S45, repeats steps 3-6.
7) can not optimize when local optimum scheme, when promptly can not find than the little scheme of this allocative decision and Shi Geng in the subscheme that obtains as seed with this locally optimal plan, preserving the current locally optimal plan of output is final plan S48 again.
8) distribution finishes S49.
Based on above-mentioned thought, as follows based on the general steps of the sensitive data of evolutionary strategy audit distribution method, as shown in Figure 2:
The user:
1) user request for data S11, S13 or wait for S12, S14 at any time.
2) user then receives sensitive data if detecting server state is " transmission ", and checks whether the data of receiving meet the Shen
Please require S15.
Sensitive data Distributor S21:
2) be that all users that epicycle participates in applying for calculate degree of belief S23 according to auditing result S28.
3) be that all users that epicycle participates in applying for calculate crime risk S24 according to auditing result S28.
4) result who obtains according to previous step rejects the user S25 that crime risk is higher than threshold value.
5) formulate distribution policy S26 according to the distribution flow of described distribution module, and give user S27 data distribution.
6) record distributing information, the analysis user behavior, the detection of leaks data are finished the result S28 that audits.
1, based on the methods of risk assessment of trusting
Degree of belief is calculated according to the time division and is carried out.System detects at first whether validated user is arranged during beginning, and to keep the value of last time constant as there not being then this trust value; Otherwise continue to analyze the behavior of validated user.The calculating of degree of belief comprises following key step:
The first step:
Time period Mo is detected user behavior, calculates excitation value according to user's positive act, calculates penalty value according to user's malicious act;
Second step: calculate according to user's excitation value and penalty value
Degree of belief changing value in time period;
The 3rd step: read one
Time period Mo the users to trust value, and, calculate this in conjunction with degree of belief changing value in this time period and change frequency controlling elements
Time period Mo user's degree of belief;
The 4th step: system wait
Time, return first step circulation and carry out.
The calculating of crime risk is to have obtained data set and do not found that the leak data collection of source of leaks carries out according to users to trust degree, user.At first statistics does not find whether the leak data collection of source of leaks and this user's data collection common factor are empty.Occuring simultaneously is not under the situation of sky, and each data in occuring simultaneously are carried out leakage analyzing:
Add up the sharing users number of these data.If there is not user's degree of belief, the probability of leakage will be divided the user who enjoys these data to each; The users to trust degree has been arranged, and it is no longer average that probability will become, but different users is encouraged or suppress by degree of belief.The unequal division of leakage probability makes user behavior more tally with the actual situation.
After each data investigation finishes in occuring simultaneously, system will obtain the probability that the user is leaked each data in the common factor, and then obtain the user is not leaked any one file in behavior in the future risk.
2, sensitive data distribution method
Fig. 4 clearly reflects three main implementation processes of distribution module, and promptly initial scheme produces, the subscheme group produces, the optimal case selection course.
The precondition of this method distribution audit is that data object belongs to same type, and is separate and of equal value.Have or not distribution history record according to the initial scheme production process, produce initial scheme and can take two kinds of different measures, details are as follows:
Do not obtain any sensitive data if 1. participate in all validated users of distribution this time, and adopted the historical initial scheme production method of nothing to obtain initial scheme.The summation of promptly establishing these all user applies data numbers is
, total number of resources is
, allocative decision is
The specific implementation of this module is: the data object branch is equipped with the user to carry out for unit, for some users wherein, at first seek and belong to the epicycle application range and never provide and give this user's data object set, minimum with this data sharing number of users be that priority criteria is chosen data object and given and provide in this is gathered.Therefore the sharing users number of data object k specific descriptions are following (wherein
Expression
The sharing users number):
But once obtained the distributing data object if 2. participate in all validated users of distribution this time, and adopted historied initial scheme production method to obtain the original allocation scheme.It realizes in detail with not have historical initial scheme generation module identical, but when selecting the few data object of sharing users, must the historical bitmap corresponding historical assignment information of foundation carry out.
As shown in Figure 4, after producing, initial scheme needs to obtain one group of possible sub-allocative decision, described subscheme production process is keeping obtaining different subschemes by the sharing users number of adjusting data object in the original allocation scheme under the constant prerequisite of these all user applies data number summations.Each scheme shown each data by some users share a kind of may situation, promptly each data object can by
Individual user shares, also can by
Individual user shares.
In specific implementation process, how many systems is earlier with the arranging from big to small by the sharing users number of all data objects in the initial scheme, under the constant prerequisite of the summation that keeps all data object sharing users numbers, from the maximum data object of sharing users number, what the sharing users number was many adds one again, and promptly the sharing users number increases by one, chooses a data object in the remaining data object, its sharing users number is subtracted one, produce a sub-allocative decision thus.Need to prove that in the remaining data object, the data object that the sharing users number equates only considers that once this is because illustrate that all data objects are independent and of equal value in the prerequisite of distribution.
Described optimal case selection course is the core procedure of distribution.Each subscheme all is a feasible allocation strategy, and system need choose a scheme according to qualifications and carry out the granting of data.Distribution is that unit carries out with the data object, and for some data objects, the number of users of sharing these data in an allocative decision is certain.Distribution only is to select suitable user according to this scheme each distribution of data objects is gone down.This implementation process foundation and formula value minimum are chosen suitable user and are carried out the data granting.From with the formula expression formula as can be seen, the data object number that the user has (
) big more, crime risk
More little, then the value with formula is more little, and the user who therefore satisfies these conditions is when the preferential sensitive data that obtains.
According to above audit distribution policy, distributing step can be described below:
The first step: but according to epicycle distribution back residue distributing data collection and user's actual request data difference set, the partition request class of subscriber, promptly must obtain these data the user, can obtain this data user, can not obtain this data user;
Second step: distribution of data objects is given the user that must obtain this object;
The 3rd step: from can obtain this data user set, find out feasible (
) value maximum and crime risk
Minimum some users satisfy the condition that number of users that obtains this data object and the number of users sum that must obtain this data object equal the sharing users number of this object simultaneously;
The 4th step: after all objects are investigated and are finished, each the alternatives respective value in the following formula numerical procedure group of foundation:
The 5th step: compare the value of all subscheme correspondences in the prescription case, selecting the subscheme of minimum value correspondence is the epicycle optimal case.
3, system audit method
System audit comprises: distributing information statistics and daily record, user's historical behavior are collected, the leak data classification.
This method adopts and set up Distribution Results record and leakage information table in database, and realizes statistical study as a result by the leakage situation of identifying user and data, has stateless to classify according to the corresponding source of leaks of data with existing.In addition, at a T in the time cycle, the user can the continuous several times application, and the T time of server is provided with user transparent.Based on above-mentioned thinking and implementation method, sensitive data audit distributing step can be described below:
The first step: extract user request information from database, the request msg classification of type is pressed in all user's requests;
Second step: calculate each user every the corresponding constantly trust value of n T of T time interval, and on the basis of corresponding trust value, calculate each user's crime risk value;
The 3rd step: screening user.Crime risk reaches threshold value, will concentrate from the epicycle requesting users and reject this user;
The 4th step:, develop and select optimum distribution policy according to crime risk and this solicited status;
The 5th step: provide data according to optimal strategy and give the user;
The 6th step: collect user behavior and write down the distributing information daily record, carry out follow-up audit.
The present invention is an influence factor with user's crime risk, take all factors into consideration the leakage situation that the user has obtained data conditions and data, select an optimal distributing scheme, the gained data set that calls request between the user is occured simultaneously minimize, thereby can realize confirming its source of leaks with more accurate probability under the data leak situation.Secondly, this method by assessment based on the risk of user behavior degree of belief (promptly according to user's prestige and real data set and the common factor that leaks between collecting, calculate the risk of user's possibility leak data), carry out user's rewards and punishments mechanism in view of the above, strengthen the source of leaks detection efficiency, improved the practicality of native system software simultaneously.Moreover this method realizes audit distribution policy evolution upgrading in conjunction with user's historical behavior and current crime risk, has stoped the deterioration once more of the data leak and the behavior of leakage.At last, the technical method that native system adopted has overcome digital watermarking easily to be distorted and the application deficiency that can't adapt to the high integrality requirement, need not to change the sensitive data content format.
Above-mentioned example is used for the present invention that explains, rather than limits the invention, and in the protection domain of spirit of the present invention and claim, the present invention is made any modification and change, all falls into protection scope of the present invention.
Claims (9)
1. the sensitive data audit dissemination system based on evolutionary strategy is characterized in that, comprising:
Based on the risk evaluation module of trusting, be used for the analysis user behavior, estimate user behavior, and evaluation result is converted into crime risk factor;
Based on the auditing and distributing module of strategy,, produce the data distribution strategy of an optimum according to user's gained data set occur simultaneously minimum principle and user's crime risk factor;
Data leak audit module detects source of leaks according to Distribution Log, leakage collection and user's crime risk;
The sensitive data management services module is used for user profile, sensitive data information, Distribution Results information and leak data management of information.
2. the sensitive data audit dissemination system based on evolutionary strategy according to claim 1 is characterized in that described risk evaluation module based on trust comprises following submodule:
The degree of belief calculating sub module is used for regularly detecting user's positive act and act of omission, calculates the degree of belief increment of user in this time period according to testing result, and calculates new trust value in conjunction with the nearest degree of belief value of user; This submodule calculates the users to trust degree and adopts following formula to calculate:
Wherein,
Represent this time period end user
Degree of belief, represent a last time period user's degree of belief;
The degree of belief changing value of representing user in this time period,
Controlled
Change frequency, span is [0,1],
It is more little,
The Shaoxing opera of passage fluctuation in time is strong, when
Near 1 o'clock,
Change corresponding slow;
Crime probability calculation module is used to investigate the leak data collection of user's gained data set and unknown source of leakage, calculates any one new file in conjunction with the users to trust degree and provides to after this user, and it reveals the value-at-risk of this document; This submodule calculates user's crime probability and adopts following formula to calculate:
Wherein,
Represent leak data object;
The expression user
The gained data acquisition;
The leak data collection of source of leaks is not determined in expression;
Data are enjoyed in expression
User collection,
Data are enjoyed in expression
The user;
Expression user's degree of belief,
The expression data
Guessed the probability that by unauthorized user.
3. the sensitive data audit dissemination system based on evolutionary strategy according to claim 1 is characterized in that the described data distribution strategy that produces an optimum based on the auditing and distributing module of strategy according to following formula:
Wherein, the expression epicycle participates in the data object number of granting,
The expression data object
The sharing users number,
Expression can obtain object
User collection,
The expression user
Obtain the historical number of object,
This available number of objects of expression user,
Expression user's crime factor.
4. the sensitive data audit dissemination system based on evolutionary strategy according to claim 1 is characterized in that described auditing and distributing module based on strategy comprises following submodule:
Initial scheme produces submodule, according to having or not distribution history, takes two kinds of strategies to produce an original allocation scheme;
The subscheme group produces submodule, is starting point with the original allocation scheme, utilizes climbing method, by EVOLUTIONARY COMPUTATION, produces one group of subscheme set to be selected;
Optimal case chooser module, according to each scheme in judge and the minimum principle investigation of the formula value subscheme group, and definite optimal case.
5. the sensitive data audit dissemination system based on evolutionary strategy according to claim 1 is characterized in that described data leak audit module comprises following submodule:
Submodule is safeguarded in daily record, statistics distribution object information, user's crime risk information, leak data information.
The interpretation of result submodule, according to Distribution Log, whether the comparison leak data belongs to user's gained data acquisition, detects user's crime risk and whether surpasses the source of leaks that threshold value is determined leak data.
6. one kind based on the sensitive data of evolutionary strategy audit distribution method, it is characterized in that:
1. based on the risk assessment step of trusting, embody user's long-term accumulated behavior with crime risk factor.
2. the sensitive data distributing step is utilized standard and formula, formulates distribution approach based on evolutionary strategy.
3. the system audit step is compared user data set and leak data collection, with reference to user's crime risk, determines source of leakage.
7. the sensitive data audit distribution method based on evolutionary strategy according to claim 6 is characterized in that 1. described step comprises following substep:
Time period Mo is detected user behavior, calculates excitation value according to user's positive act, calculates penalty value according to user's malicious act;
According to degree of belief changing value in user's excitation value and penalty value section computing time;
Read one time period Mo the users to trust value, and, calculate this time period Mo user's degree of belief in conjunction with degree of belief changing value in this time period and change frequency controlling elements;
8. the sensitive data audit distribution method based on evolutionary strategy according to claim 6 is characterized in that 2. described step comprises following substep:
But according to epicycle distribution back residue distributing data collection and user's actual request data difference set, partition request class of subscriber;
Distribution of data objects is given the user that must obtain this object;
From can obtain this data user set, find out feasible (
) value maximum and crime risk
Minimum some users satisfy the condition that number of users that obtains this data object and the number of users sum that must obtain this data object equal the sharing users number of this object simultaneously;
After all objects are investigated and are finished, each the alternatives respective value in the following formula numerical procedure group of foundation:
Wherein, the expression epicycle participates in the data object number of granting,
The sharing users number of expression data object,
Expression can obtain object
User collection, the expression user
Obtain the historical number of object,
This available number of objects of expression user,
Expression user's crime factor.
The value that compares all subscheme correspondences in the prescription case, selecting the subscheme of minimum value correspondence is the epicycle optimal case.
9. the sensitive data audit distribution method based on evolutionary strategy according to claim 6 is characterized in that 3. described step comprises following substep:
Extract user request information from database, the request msg classification of type is pressed in all user's requests;
Calculate each user every the corresponding constantly trust value of n T of T time interval, and on the basis of corresponding trust value, calculate each user's crime risk value;
The screening user, crime risk reaches threshold value, will concentrate from the epicycle requesting users and reject this user;
According to crime risk and this solicited status, develop and select optimum distribution policy;
Provide data according to optimal strategy and give the user;
Collect user behavior and write down the distributing information daily record, carry out follow-up audit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102519772A CN101894239B (en) | 2010-08-12 | 2010-08-12 | Method and system for auditing and distributing sensitive data based on evolution strategy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010102519772A CN101894239B (en) | 2010-08-12 | 2010-08-12 | Method and system for auditing and distributing sensitive data based on evolution strategy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101894239A true CN101894239A (en) | 2010-11-24 |
CN101894239B CN101894239B (en) | 2013-07-10 |
Family
ID=43103429
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010102519772A Expired - Fee Related CN101894239B (en) | 2010-08-12 | 2010-08-12 | Method and system for auditing and distributing sensitive data based on evolution strategy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101894239B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107122669A (en) * | 2017-04-28 | 2017-09-01 | 北京北信源软件股份有限公司 | A kind of method and apparatus for assessing leaking data risk |
CN108427890A (en) * | 2018-03-02 | 2018-08-21 | 北京明朝万达科技股份有限公司 | A kind of sensitive data dynamic testing method and device |
CN108563931A (en) * | 2015-08-12 | 2018-09-21 | 深圳市联软科技股份有限公司 | A kind of data security protection method and system |
JP2019502957A (en) * | 2016-01-22 | 2019-01-31 | グーグル エルエルシー | System and method for detecting leakage of confidential information while maintaining confidentiality |
CN109446188A (en) * | 2018-10-17 | 2019-03-08 | 大国创新智能科技(东莞)有限公司 | Follow-up auditing method and robot system based on big data and deep learning |
CN110298178A (en) * | 2019-07-05 | 2019-10-01 | 北京可信华泰信息技术有限公司 | Credible policy learning method and device, credible and secure management platform |
CN112989413A (en) * | 2021-03-19 | 2021-06-18 | 北京思特奇信息技术股份有限公司 | Embedded data security protection method and system |
CN114070607A (en) * | 2021-11-12 | 2022-02-18 | 国网江苏省电力有限公司营销服务中心 | Electric power data distribution and data leakage risk control system |
CN115080921A (en) * | 2022-07-27 | 2022-09-20 | 南京审计大学 | Improved Top-k domining algorithm based on audit sensitivity |
CN116433051A (en) * | 2023-06-09 | 2023-07-14 | 中国人民公安大学 | Urban area police strategy dynamic adjustment method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200527873A (en) * | 2003-12-05 | 2005-08-16 | Buffalo Inc | Cipher key setting system, access point, wireless LAN terminal and cipher key setting method |
CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
US20080133531A1 (en) * | 2006-08-15 | 2008-06-05 | Richard Baskerville | Trusted Query Network Systems and Methods |
-
2010
- 2010-08-12 CN CN2010102519772A patent/CN101894239B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200527873A (en) * | 2003-12-05 | 2005-08-16 | Buffalo Inc | Cipher key setting system, access point, wireless LAN terminal and cipher key setting method |
US20080133531A1 (en) * | 2006-08-15 | 2008-06-05 | Richard Baskerville | Trusted Query Network Systems and Methods |
CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108563931A (en) * | 2015-08-12 | 2018-09-21 | 深圳市联软科技股份有限公司 | A kind of data security protection method and system |
JP2019502957A (en) * | 2016-01-22 | 2019-01-31 | グーグル エルエルシー | System and method for detecting leakage of confidential information while maintaining confidentiality |
CN107122669A (en) * | 2017-04-28 | 2017-09-01 | 北京北信源软件股份有限公司 | A kind of method and apparatus for assessing leaking data risk |
CN107122669B (en) * | 2017-04-28 | 2020-06-02 | 北京北信源软件股份有限公司 | Method and device for evaluating data leakage risk |
CN108427890B (en) * | 2018-03-02 | 2020-05-08 | 北京明朝万达科技股份有限公司 | Sensitive data dynamic detection method and device |
CN108427890A (en) * | 2018-03-02 | 2018-08-21 | 北京明朝万达科技股份有限公司 | A kind of sensitive data dynamic testing method and device |
CN109446188A (en) * | 2018-10-17 | 2019-03-08 | 大国创新智能科技(东莞)有限公司 | Follow-up auditing method and robot system based on big data and deep learning |
CN110298178A (en) * | 2019-07-05 | 2019-10-01 | 北京可信华泰信息技术有限公司 | Credible policy learning method and device, credible and secure management platform |
CN110298178B (en) * | 2019-07-05 | 2021-07-27 | 北京可信华泰信息技术有限公司 | Trusted policy learning method and device and trusted security management platform |
CN112989413A (en) * | 2021-03-19 | 2021-06-18 | 北京思特奇信息技术股份有限公司 | Embedded data security protection method and system |
CN112989413B (en) * | 2021-03-19 | 2024-01-30 | 北京思特奇信息技术股份有限公司 | Method and system for protecting embedded data security |
CN114070607A (en) * | 2021-11-12 | 2022-02-18 | 国网江苏省电力有限公司营销服务中心 | Electric power data distribution and data leakage risk control system |
CN115080921A (en) * | 2022-07-27 | 2022-09-20 | 南京审计大学 | Improved Top-k domining algorithm based on audit sensitivity |
CN116433051A (en) * | 2023-06-09 | 2023-07-14 | 中国人民公安大学 | Urban area police strategy dynamic adjustment method and system |
CN116433051B (en) * | 2023-06-09 | 2023-08-18 | 中国人民公安大学 | Urban area police strategy dynamic adjustment method and system |
Also Published As
Publication number | Publication date |
---|---|
CN101894239B (en) | 2013-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101894239B (en) | Method and system for auditing and distributing sensitive data based on evolution strategy | |
CN109034833B (en) | Product tracing information management system and method based on block chain | |
CN105653981A (en) | Sensitive data protection system and method of data circulation and transaction of big data platform | |
CN102999716B (en) | virtual machine monitoring system and method | |
CN104063756A (en) | Electric power utilization information remote control system | |
CN106790023A (en) | Network security Alliance Defense method and apparatus | |
CN102598021A (en) | Method and system for managing security objects | |
CN104836781A (en) | Method distinguishing identities of access users, and device | |
CN110505228B (en) | Edge cloud architecture-based big data processing method, system, medium and device | |
CN107403094A (en) | Distribution file is to perform the system and method for anti-virus scan between the virtual machine of distributed system is formed | |
CN111652732A (en) | Bit currency abnormal transaction entity identification method based on transaction graph matching | |
Edu et al. | Digital security vulnerabilities and threats implications for financial institutions deploying digital technology platforms and application: FMEA and FTOPSIS analysis | |
Verma et al. | A survey on data leakage detection and prevention | |
CN116962090B (en) | Industrial Internet security control method and system | |
CN111680282B (en) | Node management method, device, equipment and medium based on block chain network | |
Vidal et al. | Detecting Workload-based and Instantiation-based Economic Denial of Sustainability on 5G environments | |
CN115640581A (en) | Data security risk assessment method, device, medium and electronic equipment | |
CN115296936A (en) | Automatic method and system for assisting detection of anti-network crime | |
Prakoso et al. | Research Trends, Topics, and Insights on Network Security and the Internet of Things in Smart Cities | |
Benedik et al. | Digital citizens in a smart city: The impact and security challenges of IoT on citizen’s data privacy | |
CN110648048A (en) | Applet signing event processing method, device, server and readable storage medium | |
Polireddi et al. | Improved fuzzy-based MCDM–TOPSIS model to find and prevent the financial system vulnerability and hazards in real time | |
CN112800437B (en) | Information security risk evaluation system | |
JP7361997B1 (en) | Location selection device, location selection method, and location selection program | |
Wang et al. | Blockchain-Based Security Management Platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130710 Termination date: 20170812 |