CN103716287A - Information leak path analyzing method and information leak path analyzing device - Google Patents
Information leak path analyzing method and information leak path analyzing device Download PDFInfo
- Publication number
- CN103716287A CN103716287A CN201210376823.5A CN201210376823A CN103716287A CN 103716287 A CN103716287 A CN 103716287A CN 201210376823 A CN201210376823 A CN 201210376823A CN 103716287 A CN103716287 A CN 103716287A
- Authority
- CN
- China
- Prior art keywords
- network
- revealed
- leakage path
- node
- network element
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an information leak path analyzing method and an information leak path analyzing device. The analyzing method comprises the following steps: determining at least one to-be-detected network element in a network system and sequentially taking the at least one to-be-detected network element as the current to-be-detected network element; establishing a network element connection topology tree of the current to-be-detected network element with the current to-be-detected network element as a root node; respectively detecting nodes of various levels in branches of the network element connection topology tree by starting from the next-level node of the root node and according to at least one predetermined network information leak type corresponding to network leak paths, taking the node in the current to-be-detected branch as the current node of the current branch, analyzing whether a network leak path exists between the current node of the current branch and the preceding nodes of various levels, marking out a leak path when the network leak path exists between the current node of the current branch and the preceding nodes of various levels, and taking the next-level node as the current node of the current to-be-detected branch and detecting the node when a next-level node exists in the current branch; or ending the detection on the current branch. According to the technical scheme of the invention, a network information leak path can be detected and a leak source can be traced.
Description
Technical field
The invention belongs to information security of computer network field, particularly a kind of information leakage path analysis method and apparatus.Background technology
Along with the develop rapidly of computer application and Internet technology, it is more and more outstanding that information leakage problem also seems.The mechanisms such as annual each enterprise and tissue reach over ten billion Yuan because of the loss that security information leakage event causes.Meanwhile, millions of people are also just standing inconvenient and painful that leakage of personal information causes.Wherein, leakage of personal information can cause the variety of issues such as privacy infringement, identity personation, spam and financial swindling.
In order to tackle information leakage, also exist at present various information securities and guard system.As information leakage detects and prevention (ILDP, Information Leak Detection and Prevention), also claim loss of data prevention (DLP, Data Loss Prevention).This ILDP system utilization centralized management framework; data (as terminal behavior) in using by the identification of deep content detection, monitoring and protection, the data (as network behavior) in motion and static data (as the data of storage), and detection and prevent unauthorized use and the transmission of confidential information.ILDP system can be divided into network ILDP, Host Based ILDP and data identification.
And for example, personal information management (PIM, Personal Information Management) application and leakage of personal information prevention method.Wherein, PIM application is mainly used in the personal information of convenient record, the certain type of tracing and managing, as address book, and great calendar date, the file of Email and instant message etc.PIM application can also provide more fully information management function, comprises synthetic and shared information.The leakage of personal information mainly occurs in the personal information of registration in Web website or fishing (phishing) website and spyware (spyware).The basic thought that prevents the method for this class leakage of personal information is: personal information is not sent to dangerous recipient.Can be detected based on the predefined control strategy of user to each network packet of server through Internet Transmission from user terminal, once the personal information that this network packet comprises user be detected, this network packet will be dropped.
Above-mentioned various information security and guard system are all the preventions that the direct information based on single equipment is revealed.But assailant is the long-range data of stealing likely, the information leakage by network mode is also difficult to analysis and control at present.
Summary of the invention
In view of this, one aspect of the present invention has proposed a kind of information leakage path analysis method, has proposed on the other hand a kind of information leakage path analysis device, to realize the information leakage of multihop network element device, detects.
A kind of information leakage path analysis method proposed by the invention, comprising:
Determine at least one network element to be measured in network system, and successively using described at least one network element to be measured as current network element to be measured;
The current network element to be measured of take is root node, and the network element of setting up described current network element to be measured connects topological tree;
From the next stage node of described root node, according at least one network information of predetermined map network leakage path, reveal type, detect respectively described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, analyze between the present node of current branch and its previous stages node and whether have network leakage path, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, present node using described next stage node in current branch to be detected detects, otherwise, finish the detection to current branch.Said method of the present invention adopts Fault Tree Analysis, take result as guiding, all with the relevant network element of sensitive information from the network element traversal that may occur to reveal, and can trace back to the source that causes sensitive information leakage.
In an embodiment of the invention, at least one network information of described predetermined map network leakage path is revealed type and is comprised that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on TFTP trivial file transport protocol is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed and the network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
In an embodiment of the invention, the method further comprises: according at least one essential information of the direct leakage path of predetermined correspondence, reveal type, detect described root node and whether have direct leakage path, and mark detected direct leakage path.
In an embodiment of the invention, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type and is comprised that following essential information reveals any one or the combination in any in type: computer interface is revealed, copy is revealed and print and reveal.
At least one essential information of the direct leakage path of described predetermined correspondence is revealed type and is comprised when computer interface is revealed, described at least one essential information according to the direct leakage path of predetermined correspondence is revealed type, whether exist direct leakage path comprise: according to described computer interface, reveal at least one in infrared interface leakage, USB interface leakage, 1394 interfaces leakages and the blue tooth interface leakage comprising, detect described root node and whether have direct leakage path if detecting described root node.
At least one essential information of the direct leakage path of described predetermined correspondence is revealed type and is comprised when copy is revealed, described at least one essential information according to the direct leakage path of predetermined correspondence is revealed type, whether exist direct leakage path comprise: according to described copy, reveal the portable hard drive copy comprising and reveal if detecting described root node, USB flash disk copy is revealed, MP3 copies leakage, MP4 copies leakage, the numeral leakage of taking pictures, floppy disk copy is revealed, ZIP dish copy is revealed, Jazz dish copy reveals and Flash equipment copies at least one in revealing, detect described root node and whether have direct leakage path.
In an embodiment of the invention, the nodes at different levels in described each branch of detecting step by step in described network element connection topological tree are: utilize Fault Tree Analysis method to detect step by step described network element and connect the nodes at different levels in each branch in topological tree.
A kind of information leakage path analysis device that the present invention proposes, comprising:
Current network element determining unit to be measured, for using at least one network element to be measured of predetermined network system successively as current network element to be measured;
Topological tree is set up unit, for take current network element to be measured, is root node, and the network element of setting up described current network element to be measured connects topological tree;
Network leakage path is searched unit, from the next stage node of described root node, according at least one network information of predetermined map network leakage path, reveal type, detect respectively described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, analyze between the present node of current branch and its previous stages node and whether have network leakage path, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, present node using described next stage node in current branch to be detected detects, otherwise, finish the detection to current branch.
In an embodiment of the invention, this device further comprises: directly leakage path is searched unit, for at least one essential information according to the direct leakage path of predetermined correspondence, reveal type, detect described root node and whether have direct leakage path, and mark detected direct leakage path.
In an embodiment of the invention, described network leakage path is searched unit and is comprised: the network information is revealed type specification module, for defining at least one network information of predetermined map network leakage path, reveal type, the described network information is revealed type and is comprised that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on TFTP trivial file transport protocol is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
Another information leakage path analysis device that the present invention proposes, comprising:
Memory, for stores executable instructions; And
Processor, for according to the executable instruction of described memory stores, carries out the step that the method for above-mentioned arbitrary specific implementation comprises.
In addition, the invention allows for a kind of machine-readable recording medium, stored machine-executable instruction, wherein, when described machine-executable instruction is performed, the step that the method that makes machine implement above-mentioned arbitrary specific implementation comprises.
From such scheme, can find out, owing in the present invention, at least one network element to be measured in network system having been set up and take the network element that this network element to be measured is root node and connect topological tree, and connect topological tree based on this network element, from root node, start to detect successively each node that this network element connects topological tree, search a network leakage path that skips to multi-hop that should network element to be measured.Therefore the information leakage that has realized multihop network element device detects.
Further, by further searching the direct leakage path of this root node, can also further realize the direct information leak detection on single equipment.
Utilize the method and apparatus in embodiment of the present invention can realize all relevant network elements of sensitive information of following of traversal, so not only can determine the network path of information leakage, and can trace back to the source that causes information leakage.Method and apparatus by information leakage analysis of the present invention can obtain the fault tree isoboles that minimum path sets represents, as long as controlling minimum path sets does not occur, just can prevent that information leakage event from occurring, thereby can select to control the preferred plan of sensitive information leakage event.
Accompanying drawing explanation
To the person of ordinary skill in the art is more clear that above-mentioned and other feature and advantage of the present invention by describing the preferred embodiments of the present invention in detail with reference to accompanying drawing below, in accompanying drawing:
Fig. 1 is the exemplary block diagram of information leakage path analysis method in the embodiment of the present invention.
Fig. 2 is a network element link topology in network system.
Fig. 3 take the network element that preposition manager is root node to connect topological tree in the embodiment of the present invention.
Fig. 4 is for connecting based on network element shown in Fig. 3 the leakage path parsing tree that topological tree obtains.
Fig. 5 is the exemplary block diagram of a kind of information leakage path analysis device in the embodiment of the present invention.
Fig. 6 is the exemplary block diagram of another information leakage path analysis device in the embodiment of the present invention.
Wherein, Reference numeral is as follows:
101-determines that network element that current network element 102-to be measured sets up current network element to be measured connects topological tree 103-and detects direct leakage path 104-Sampling network leakage path
201-operation maintenance terminal (OM, Operation & Maintenance) 202-the first fire compartment wall 203-nms subsystem (NMS, Network Mgt.Subsystem) 204-WAP gateway (WAPGW, WAP Gateway) preposition manager (PM, Prepositive Manager) 205-WAP gateway 206-mobile device (MD, MobileDevice) 207-the second fire compartment wall 208-Internet user equipment (UE, Internet User Equipment)
The current network element determining unit 502-topological tree to be measured of 501-is set up unit 503-network leakage path and searches the direct leakage path of unit 504-and search unit
601-processor 602-memory
The current network element to be measured of 6021-determines that instruction 6022-topological tree sets up the look-up command of the direct leakage path look-up command of instruction 6023-6024-network leakage path
Embodiment
In the embodiment of the present invention, in order to study the information leakage based on multi-hop equipment, take result as guiding, by leakage result, being derived, it reveals reason/path.First suppose that all sensitive informations are stored in network element, the sensitive informations such as personal information or confidential information can be stored in network element, can in network, transmit, or also can in network element, process, and latter two situation can be considered the interim storage in network element.Secondly, suppose that these sensitive informations are to reveal by certain network element, also realize by intermediate NE (as router) even if wiretap.
For making the object, technical solutions and advantages of the present invention clearer, the present invention is described in more detail by the following examples.
Fig. 1 is the exemplary block diagram of information leakage path analysis method in the embodiment of the present invention.As shown in Figure 1, the method comprises the steps:
In the embodiment of the present invention, can determine each network element to be measured according to actual conditions, as can be stored the network element of sensitive information, the network element that has sensitive information to flow through, and the network element that information leakage may occur is defined as each network element to be measured.
For example, for a network element link topological diagram in the network system shown in Fig. 2, wherein, operation maintenance (OM, Operation & Maintenance) terminal 201 is by the first fire compartment wall 202 and nms subsystem (NMS, Network Mgt.Subsystem) 203 are connected, NMS203 and WAP gateway (WAPGW, WAP Gateway) preposition manager (PM, Prepositive Manager) 204 are connected, this preposition manager 204 is connected with WAP gateway 205, WAP gateway 205 is on the one hand by mobile network and mobile device (MD, Mobile Device) 206 are connected, on the other hand by the second fire compartment wall 207 and Internet user's equipment (UE, Internet User Equipment) 208 are connected.
Wherein, suppose in preposition manager 204 and store some sensitive informations, using this preposition manager 204 as a network element to be measured.
The topological diagram of network element link shown in Fig. 2 of still take is example, and take this preposition manager 204 is root node, and the network element that can obtain as shown in Figure 3 connects topological tree.Wherein, the preposition manager 204 of root node is positioned at the top that this network element connects topological tree, the next stage node of this preposition manager 204 is respectively NMS203 and WAP gateway 205, and the next stage node of NMS203 is OM terminal 201, the next stage node of WAP gateway 205 is respectively mobile device 206 and Internet user's equipment 208.
In the embodiment of the present invention, can determine according to practical situations at least one essential information leakage type of corresponding directly leakage path.
For example, at least one essential information of the direct leakage path of predetermined correspondence is revealed type and can be comprised that following essential information reveals any one or the combination in any in type: computer interface is revealed, copy is revealed and print and reveal.
Wherein, when essential information leakage type comprises that computer interface is revealed, in this step, can reveal at least one in included infrared interface leakage, USB interface leakage, 1394 interfaces leakages and blue tooth interface leakage according to computer interface, detect described root node and whether have direct leakage path.
When essential information leakage type comprises that copy is revealed, in this step, can according to copy reveal that included portable hard drive copy is revealed, USB flash disk copy is revealed, MP3 copy is revealed, MP4 copy is revealed, numeral is taken pictures leakages, floppy disk copy is revealed, ZIP dish copy is revealed, Jazz dish copy is revealed and the leakage of Flash equipment copy at least one, detect described root node and whether have direct leakage path.
It is example that the network element shown in Fig. 3 of take connects topological tree, this root node, and the preposition manager 204 of WAP gateway can exist computer interface to reveal and copy the directapath leakages such as leakage.
During specific implementation, can determine according to practical situations at least one network information leakage type of map network leakage path.For example, at least one network information of predetermined map network leakage path is revealed type can comprise that following network reveals any one or the combination in any in type: based on file transfer protocol (FTP) (FTP, File Transfer Protocol) network is revealed, based on trivial file transport protocol (TFTP, Trivial File Transfer Protocol) network is revealed, network based on TELNET agreement is revealed, based on HTML (Hypertext Markup Language) (HTTP, Hypertext Transfer Protocol) network is revealed, based on Simple Network Management Protocol (SNMP, Simple Network Management Protocol) network is revealed, based on hypertext transmission security agreement (HTTPS, Hypertext Transfer Protocol Secure) network is revealed, based on Simple Mail Transfer protocol (SMTP, Simple Mail Transfer Protocol) network is revealed.
It is example that the network element shown in Fig. 3 of take connects topological tree, first detect a jumping network path of the Yi Ge branch of preposition manager 204, it is the network path between NMS203 and preposition manager 204, owing to there being administrative relationships between the two, be that NMS203 manages preposition manager 204 by snmp protocol, therefore the information in preposition manager 204 can be leaked in NMS203, can mark for one of preposition manager 204 and jump network leakage path.And the next stage node OM terminal 201 that continues to search NMS 203, because OM terminal 201 can be passed through remote access protocol remote access NMS 203, and the fire compartment wall between the two 202 can not stop the information transmission that network management is relevant conventionally, therefore exist the information exchange in preposition manager 204 to cross the possibility that management interface is further revealed, can mark this two jumpings network leakage path for preposition manager 204.Owing to may communicating by letter by certain procotol between OM terminal 201 and preposition manager 204, therefore also need to search the network leakage path that whether has a jumping between OM terminal 201 and preposition manager 204 simultaneously.If determine between OM terminal 201 and preposition manager 204 and can not communicate by letter by procotol, owing to there not being next stage node after OM terminal 201, so finish the detection of current branch.
Detect again a jumping network path of another branch of preposition manager 204, it is the network path between in WAP gateway 205 and this preposition manager 204, because WAP gateway 205 can directly be accessed preposition manager 204, therefore the information leakage of preposition manager 204 may be there is, and then this jumping network leakage path for preposition manager 204 can be marked.Afterwards, continue to search the next stage node of WAP gateway 205, owing to there is Liang Ge branch in the next stage node of WAP gateway 205, therefore first detect the node in Yi Ge branch, mobile device 206, because WAP gateway 205 is under normal circumstances opened HTTPS agent functionality, mobile device 206 may be take WAP gateway as agency, adopt the preposition manager 204 of HTTPS protocol access, may have information leakage, therefore can mark this two jumpings network leakage path for preposition manager 204.Because mobile device 206 is afterwards without next stage node, therefore finish the detection of this branch, and continuation detects the node in another branch under WAP gateway 205, be Internet user 208, owing to having fire compartment wall 207 between Internet user 208 and WAP gateway 205, and fire compartment wall 207 has intercepted all possible port and IP address except business interface, so can not there is information leakage between Internet user 208 and preposition manager 204.
By above-mentioned detection, can obtain leakage path analysis of failure tree as shown in Figure 4.
During specific implementation, in some applications, also can omit step 103, utilize the step 101 in method, step 102 and step 104 shown in Fig. 1, realize searching of network leakage path, be i.e. the information leakage path searching of a jumping or multi-hop mode.And can carry out also can not carrying out to searching of direct leakage path, it can be searched by existing in prior art or other newly-increased direct leakage path lookup methods.
Fig. 5 is the exemplary block diagram of an information leakage path analysis device in the embodiment of the present invention.As shown in Figure 5, this device comprises: current network element determining unit 501 to be measured, topological tree sets up unit 502 and network leakage path is searched unit 503.
Wherein, current network element determining unit 501 to be measured for using at least one network element to be measured of predetermined network system successively as current network element to be measured.
It is root node for take current network element to be measured that topological tree is set up unit 502, and the network element of setting up described current network element to be measured connects topological tree.
Network leakage path is searched unit 503 for the next stage node from described root node, according at least one network information of predetermined map network leakage path, reveal type, detect step by step described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, node using described next stage node in current branch to be detected, otherwise, finish the detection of current branch.
During specific implementation, network leakage path is searched unit 503 also can comprise that the network information is revealed type specification module and leakage path is searched Executive Module (not shown).Wherein, the network information is revealed type specification module and is revealed type for defining at least one network information of described predetermined map network leakage path, the described network information is revealed type and is comprised that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on TFTP trivial file transport protocol is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.Leakage path is searched Executive Module for the next stage node from described root node, according to the network information, reveal at least one network information of the map network leakage path defining in type specification module and reveal type, detect step by step described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, analyze between the present node of current branch and its previous stages node and have network leakage path, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, node using described next stage node in current branch to be detected, otherwise, finish the detection of current branch.
Further, corresponding with method shown in Fig. 1, device in the present embodiment also can be used to search direct leakage path, can be as shown in the dotted portion in Fig. 5, comprise that direct leakage path searches unit 504, for at least one essential information according to the direct leakage path of predetermined correspondence, reveal type, detect described root node and whether have direct leakage path, and mark detected direct leakage path.
Consistent with method shown in Fig. 1, during specific implementation, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type can comprise that following essential information reveals any one or the combination in any in type: computer interface is revealed, copy is revealed and print and reveal.
Wherein, described computer interface is revealed any one or the combination in any that can comprise in can following leakage: infrared interface is revealed, USB interface is revealed, 1394 interfaces are revealed and blue tooth interface is revealed.
Described copy is revealed any one or the combination in any that can comprise in following leakage: portable hard drive copy is revealed, USB flash disk copy is revealed, MP3 copy is revealed, MP4 copy is revealed, numeral is taken pictures leakages, floppy disk copy is revealed, ZIP dish copy is revealed, Jazz dish copy is revealed and the leakage of Flash equipment copy.
In addition, during specific implementation, at least one network information of predetermined map network leakage path is revealed type can comprise that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on trivial file transport protocol TFTP is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
In addition, the present invention also provides a kind of computer program, when described computer program runs in a machine, can make described machine carry out information leakage path analysis method as described herein.
The present invention also provides a kind of machine-readable storage medium, and storage is for making a machine carry out the instruction of information leakage path analysis method as described herein, i.e. above-mentioned computer program.Particularly, system or the device of being furnished with storage medium can be provided, on this storage medium, storing the computer program code of the function of arbitrary embodiment in realizing above-described embodiment, and making the computer (or CPU or MPU) of this system or device read and carry out the program code being stored in storage medium.
In this case, itself can realize the function of any one embodiment above-described embodiment the program code reading from storage medium, so program code and program code stored storage medium have formed a part of the present invention.
For providing the storage medium embodiment of program code to comprise floppy disk, hard disk, magneto optical disk, CD (as CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), tape, Nonvolatile memory card and ROM.Selectively, can be by communication network download program code from server computer.
In addition, be noted that, the program code that not only can read by object computer, and the operating system that can make by the instruction based on program code to calculate hands-operation etc. completes practical operation partly or completely, thereby realize the function of any one embodiment in above-described embodiment.
In addition, be understandable that, the program code of being read by storage medium write in memory set in the expansion board of inserting in computer or write in the memory arranging in the expanding element being connected with computer, instruction based on program code subsequently makes to be arranged on the CPU on expansion board or expanding element etc. and comes operating part and all practical operations, thereby realizes the function of arbitrary embodiment in above-described embodiment.
For example, the exemplary block diagram of another information leakage path analysis device in the embodiment of the present invention has been shown in Fig. 6.As shown in Figure 6, this device comprises: processor 601 and memory 602.
Described processor 601, for communicating with described memory 602, according to the machine-executable instruction in described memory 602, makes machine implement information leakage path analysis method as herein described.
Described memory 602 is for storing machine-executable instruction.Particularly, described machine-executable instruction can comprise:
Current network element to be measured is determined instruction 6021, for when being performed, successively using each network element to be measured in predetermined network system as current network element to be measured;
Topological tree is set up instruction 6022, and for when being performed, the current network element to be measured of take is root node, and the network element of setting up described current network element to be measured connects topological tree;
Directly leakage path look-up command 6023, for when being performed, according at least one essential information of the direct leakage path of predetermined correspondence, reveal type, whether the root node detecting in described network element connection topological tree there is direct leakage path, and marks detected direct leakage path; During specific implementation, this direct leakage path look-up command 6023 also can be omitted.
Network leakage path look-up command 6024, for when being performed, from the next stage node of described root node, according at least one network information of predetermined map network leakage path, reveal type, detect step by step described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, node using described next stage node in current branch to be detected, otherwise, finish the detection of current branch.
Equally, during specific implementation, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type can comprise that following essential information reveals any one or the combination in any in type: computer interface is revealed, copy is revealed and print and reveal.
Wherein, described computer interface is revealed any one or the combination in any that can comprise in following leakage: infrared interface is revealed, USB interface is revealed, 1394 interfaces are revealed and blue tooth interface is revealed.
Described copy is revealed any one or the combination in any that can comprise in following leakage: portable hard drive copy is revealed, USB flash disk copy is revealed, MP3 copy is revealed, MP4 copy is revealed, numeral is taken pictures leakages, floppy disk copy is revealed, ZIP dish copy is revealed, Jazz dish copy is revealed and the leakage of Flash equipment copy.
In addition, during specific implementation, at least one network information of described predetermined map network leakage path is revealed type can comprise that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on trivial file transport protocol TFTP is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (12)
1. the analytical method in information leakage path, comprising:
Determine at least one network element to be measured in network system, and successively using described at least one network element to be measured as current network element to be measured;
The current network element to be measured of take is root node, and the network element of setting up described current network element to be measured connects topological tree;
From the next stage node of described root node, according at least one network information of predetermined map network leakage path, reveal type, detect respectively described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, analyze between the present node of current branch and its previous stages node and whether have network leakage path, and mark the network leakage path analyzing, and while there is next stage node in current branch, present node using described next stage node in current branch to be detected detects, otherwise, finish the detection to current branch.
2. method according to claim 1, it is characterized in that, at least one network information of described predetermined map network leakage path is revealed type and is comprised that following network reveals any one or the multiple combination in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on TFTP trivial file transport protocol is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
3. method according to claim 1, it is characterized in that, the method further comprises: according at least one essential information of the direct leakage path of predetermined correspondence, reveal type, detect described root node and whether have direct leakage path, and mark detected direct leakage path.
4. method according to claim 3, it is characterized in that, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type and is comprised that following essential information reveals any one or the combination in any in type: computer interface is revealed, copy is revealed and print and reveal.
5. method according to claim 4, is characterized in that, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type and comprised computer interface leakage;
Described at least one essential information according to the direct leakage path of predetermined correspondence is revealed type, whether exist direct leakage path comprise: according to described computer interface, reveal at least one in infrared interface leakage, USB interface leakage, 1394 interfaces leakages and the blue tooth interface leakage comprising, detect described root node and whether have direct leakage path if detecting described root node.
6. according to claim
4described method, is characterized in that, at least one essential information of the direct leakage path of described predetermined correspondence is revealed type and comprised copy leakage;
Described at least one essential information according to the direct leakage path of predetermined correspondence is revealed type, whether detect described root node exists direct leakage path to comprise: according to described copy reveal that the portable hard drive copy comprising is revealed, USB flash disk copy is revealed, MP3 copy is revealed, MP4 copy is revealed, numeral is taken pictures leakages, floppy disk copy is revealed, ZIP dish copy is revealed, Jazz dish copy is revealed and the leakage of Flash equipment copy at least one, detect described root node and whether have direct leakage path.
7. according to the method described in any one in claim 1 to 6, it is characterized in that, the nodes at different levels in described each branch of detecting respectively in described network element connection topological tree are: utilize Fault Tree Analysis method to detect step by step described network element and connect the nodes at different levels in each branch in topological tree.
8. an information leakage path analysis device, comprising:
Current network element determining unit to be measured, for using at least one network element to be measured of predetermined network system successively as current network element to be measured;
Topological tree is set up unit, for take current network element to be measured, is root node, and the network element of setting up described current network element to be measured connects topological tree;
Network leakage path is searched unit, from the next stage node of described root node, according at least one network information of predetermined map network leakage path, reveal type, detect respectively described network element and connect the nodes at different levels in each branch in topological tree, present node using the node in current branch to be detected as current branch, analyze between the present node of current branch and its previous stages node and whether have network leakage path, while there is network leakage path between the present node of current branch and its previous stages node, mark described leakage path, and while there is next stage node in current branch, present node using described next stage node in current branch to be detected detects, otherwise, finish the detection to current branch.
9. device according to claim 8, it is characterized in that, this device further comprises: directly leakage path is searched unit, for at least one essential information according to the direct leakage path of predetermined correspondence, reveal type, detect described root node and whether have direct leakage path, and mark detected direct leakage path.
10. device according to claim 8 or claim 9, it is characterized in that, described network leakage path is searched unit and is comprised network information leakage type specification module, for defining at least one network information of described predetermined map network leakage path, reveal type, the described network information is revealed type and is comprised that following network reveals any one or the combination in any in type: the network based on file transfer protocol (FTP) FTP is revealed, network based on TFTP trivial file transport protocol is revealed, network based on TELNET agreement is revealed, network based on HTML (Hypertext Markup Language) HTTP is revealed, network based on Simple Network Management Protocol SNMP is revealed, network based on hypertext transmission security agreement HTTPS is revealed, network based on Simple Mail Transfer protocol SMTP is revealed.
11. 1 kinds of information leakage path analysis devices, comprising:
Memory, for stores executable instructions; And
Processor, for according to the executable instruction of described memory stores, executes claims the included step of any one in 1 to 7.
12. 1 kinds of machine-readable recording mediums, have stored machine-executable instruction, wherein, when described machine-executable instruction is performed, make machine implement the claims the included step of any one in 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210376823.5A CN103716287A (en) | 2012-09-29 | 2012-09-29 | Information leak path analyzing method and information leak path analyzing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210376823.5A CN103716287A (en) | 2012-09-29 | 2012-09-29 | Information leak path analyzing method and information leak path analyzing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103716287A true CN103716287A (en) | 2014-04-09 |
Family
ID=50408874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210376823.5A Pending CN103716287A (en) | 2012-09-29 | 2012-09-29 | Information leak path analyzing method and information leak path analyzing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103716287A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156647A (en) * | 2015-04-03 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Information leakage path following method and equipment |
| CN106685966A (en) * | 2016-12-29 | 2017-05-17 | 北京奇虎科技有限公司 | Divulged information detection method, divulged information detection device and divulged information detection system |
| CN108322351A (en) * | 2018-03-05 | 2018-07-24 | 北京奇艺世纪科技有限公司 | Generate method and apparatus, fault determination method and the device of topological diagram |
| CN111027096A (en) * | 2019-12-11 | 2020-04-17 | 支付宝(杭州)信息技术有限公司 | Method and device for detecting leakage channel for private data |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101107614A (en) * | 2005-01-28 | 2008-01-16 | 日本电气株式会社 | Information leak analysis system |
-
2012
- 2012-09-29 CN CN201210376823.5A patent/CN103716287A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101107614A (en) * | 2005-01-28 | 2008-01-16 | 日本电气株式会社 | Information leak analysis system |
| CN101625717A (en) * | 2005-01-28 | 2010-01-13 | 日本电气株式会社 | Information leak analysis system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156647A (en) * | 2015-04-03 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Information leakage path following method and equipment |
| CN106685966A (en) * | 2016-12-29 | 2017-05-17 | 北京奇虎科技有限公司 | Divulged information detection method, divulged information detection device and divulged information detection system |
| CN106685966B (en) * | 2016-12-29 | 2020-08-04 | 北京奇虎科技有限公司 | Method, device and system for detecting leakage information |
| CN108322351A (en) * | 2018-03-05 | 2018-07-24 | 北京奇艺世纪科技有限公司 | Generate method and apparatus, fault determination method and the device of topological diagram |
| CN108322351B (en) * | 2018-03-05 | 2021-09-10 | 北京奇艺世纪科技有限公司 | Method and device for generating topological graph and method and device for determining faults |
| CN111027096A (en) * | 2019-12-11 | 2020-04-17 | 支付宝(杭州)信息技术有限公司 | Method and device for detecting leakage channel for private data |
| CN111027096B (en) * | 2019-12-11 | 2022-03-11 | 杭州蚂蚁聚慧网络技术有限公司 | Method and device for detecting leakage channel for private data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hamza et al. | Verifying and monitoring iots network behavior using mud profiles | |
| CN103209174B (en) | A kind of data prevention method, Apparatus and system | |
| Muniz et al. | Security operations center: Building, operating, and maintaining your SOC | |
| KR101889761B1 (en) | Network apparatus based contents name and method for protecting contents | |
| US20220086083A1 (en) | System and method of providing policy selection in a network | |
| TWI625641B (en) | Methods for preventing computer attacks in two-phase filtering and apparatuses using the same | |
| Pan et al. | I do not know what you visited last summer: Protecting users from third-party web tracking with trackingfree browser | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| CN106656577B (en) | The user behavior statistical method and intelligent router of a kind of APP and browser | |
| CN106778260A (en) | Attack detection method and device | |
| US8868754B1 (en) | Dynamically populating an identity-correlation data store | |
| CN110012005A (en) | Identify method, apparatus, electronic equipment and the storage medium of abnormal data | |
| CN108965296A (en) | A kind of leak detection method and detection device for smart home device | |
| CN103716287A (en) | Information leak path analyzing method and information leak path analyzing device | |
| EP4196896A1 (en) | Opentelemetry security extensions | |
| CN102007751A (en) | Device and method for sharing files | |
| WO2021174870A1 (en) | Network security risk inspection method and system, computer device, and storage medium | |
| CN113645253A (en) | Attack information acquisition method, device, equipment and storage medium | |
| CN107948199A (en) | A kind of method and device being used for quickly detecting to terminal shared access | |
| CN108900554A (en) | Http protocol asset detecting method, system, equipment and computer media | |
| CN110581780B (en) | Automatic identification method for WEB server assets | |
| US11743105B2 (en) | Extracting and tagging text about networking entities from human readable textual data sources and using tagged text to build graph of nodes including networking entities | |
| KR101910788B1 (en) | Method for attacker profiling in graph database corresponding incident | |
| CN112152854B (en) | Information processing method and device | |
| KR20130049336A (en) | Method and system for tracking attack source and attack spreading site |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140409 |